iOS 9 tethering and the use of VPNs

There are many reasons why people use VPNs on their devices; privacy concerns and corporate access requirements are common. For better or worse [1], the mainstream popularity of VPNs has grown in recent years. This is especially topical in Australia, as the Federal Government's mandatory data retention laws came into effect on October 13, 2015.

If you use a VPN on an iOS-based mobile device, there's a high likelihood you also tether other devices to your personal hotspot to share internet access. You might assume that traffic from those other devices transiting through your mobile device also routes via your active VPN connection. This is not the case.

A tethered device, whether it's via Wi-Fi, Bluetooth or USB, using your personal hotspot will exit via the default pre-VPN connection route. It will not be encapsulated or protected by the VPN connection. A simple "What is my IP address?" search on Google from your mobile device and your tethered laptop can confirm this.

There's a number of reasons why this could be the case: technical constraints, incorrect routing of the personal hotspot, tracking metrics for telco carrier billing of data used via tethered devices, etc. are some that have been mentioned.

So, if you're a VPN user, and you want traffic from your tethered laptop to traverse a VPN connection, you will need to initiate a separate connection from the laptop itself. Spread the word, as this is not widely known.


[1] Public and commercial VPNs will consolidate traffic of those that want to stay hidden to a single point on the internet. In many countries, for example those of the Five Eyes intelligence alliance, these VPN endpoints will be well known, their traffic is likely captured, and their users may face further scrutiny.