diff options
| author | Emīls <emils@mullvad.net> | 2021-12-08 14:33:24 +0000 |
|---|---|---|
| committer | Emīls <emils@mullvad.net> | 2021-12-10 09:58:51 +0000 |
| commit | 6379411b0dbf36075b7ea5f005ed671ae97b2c86 (patch) | |
| tree | a281bab6632cd509050f8e381c607b37d2b8febd /docs/security.md | |
| parent | 02aa9d2426e913d320a8f78fe165c1061843172e (diff) | |
| download | mullvadvpn-6379411b0dbf36075b7ea5f005ed671ae97b2c86.tar.xz mullvadvpn-6379411b0dbf36075b7ea5f005ed671ae97b2c86.zip | |
Update docs
Diffstat (limited to 'docs/security.md')
| -rw-r--r-- | docs/security.md | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/docs/security.md b/docs/security.md index b21f60f8f8..8f1986642c 100644 --- a/docs/security.md +++ b/docs/security.md @@ -240,12 +240,13 @@ connectivity at all and using VPN. With this setting active, the device can neve with the internet outside of a VPN tunnel. ### macOS network-check + macOS needs to do a connectivity check before the daemon is able to connect to a tunnel, but the connectivity check will fail in the blocked state imposing a hefty timeout before a tunnel can be connected. The connectivity check requires a working DNS resolver and access to `captive.apple.com`. The feature is discussed in detail [here](allow-macos-network-check.md). -The app has a option to allow the network check to leak in the error state and during the +The app has an option to allow the network check to leak in the error state and during the disconnected state if _Always require VPN_ is enabled. When the option is enabled, the firewall will allow all DNS traffic coming from a mullvad specific unix group, and it will allow all traffic to a set of resolved IP addresses coming from root (as identified by a unix user ID of `0`). |