Are there any plans to enable the app to use the IOS connect on demand feature, as it stands when a device enters the same WiFi network that the destination service is on the traffic appears to route via the connector and thus is reliant on external connectivity being available.
Ideally the app would follow the path of WARP, ZeroTier etc and drop the ‘VPN’ connection when on predefined networks, allowing traffic to traverse by the standard network route and not pushing it all via a proxy.
Really enjoying testing with Twingate but this seems a bit of a show stopper in some circumstances.
Really grateful for the feedback and pleased to hear you’re enjoying your testing. With respect to the routing, we believe that a Zero Trust solution should not make assumptions about the network a device is on and consequently we don’t treat a private WiFi network any different to a public one. With this belief, all connections should face the same security checks. Separately, due to the split-tunnel nature of our offering we don’t get many requests for a connect-on-demand feature.
It is worth pointing out also that if NAT hairpinning is enabled on your internal router then traffic from the client should route directly to the connector thanks to Direct Connect (i.e. without the need to go out over the Internet). That gives us a nice compromise where we get most of the performance benefits without having to risk compromising the security position when routing connections from an internal network.
After some further tests I would agree than NAT looping does indeed cover this off nicely, good call, thank you.
One other request would be for a current connected status for users on the API, I can find when they last connected, bit would be good to see if they are currently connected, or at least when last disconnected.
Hi, thanks for the update and I’m pleased the NAT hairpinning has worked for you. We did have the connected status previously for each device and will be adding it back in the near future once we’ve adjusted a few technical things. I’ll log a Feature Request internally to have this exposed via the API.