The "New" ExpressVPN

[jasonX]

ExpressVPN Split tunneling returns to all Windows users

Split tunneling is once again available to Windows users, thanks to some dedicated bug fixing by ExpressVPN’s engineers.

ExpressVPN has temporarily disabled its split-tunneling feature for a certain set of users to fix a bug that's been exposing its users' DNS requests.

After being tipped off by CNET's Attila Tomaschek, ExpressVPN released an emergency update to disable split tunneling while it worked on a fix.

"Although the issue is believed to involve less than 1% of users on a single app platform, Version 12 for Windows, ExpressVPN rolled out an update that disabled split tunneling on that platform entirely, to minimize the potential ongoing risk to customers," ExpressVPN says. "The feature will remain deactivated while engineers investigate and fix the problem."

 

What is VPN split tunneling?

ExpressVPN has just released new versions of both Version 10 and Version 12 of the ExpressVPN app for Windows, to introduce new filter logic and eliminate any potential for unexpected DNS request behavior when split tunneling is activated.

We recently rolled out an update that removed split tunneling on Version 12 of our Windows app after an expert VPN reviewer reported unexpected DNS request behavior when using split tunneling. No other VPN protections, such as encryption, were affected. Although we estimated this issue to affect less than 1% of Windows users, we immediately disabled split tunneling on Version 12 while we worked on finding a solution.

The newest Windows releases (Version 12.74.0 and Version 10.51.0) are now available, and we recommend that all Windows users update their apps today.

How did we track down and eliminate the bugs?
The first step in any bug-fix process is to consistently reproduce the issue. This means not only investigating the impacted code but also ruling out any external factors that may have contributed to the bug to ensure that the full extent of the issue and its root cause are properly understood.

The issues around split tunneling were challenging to consistently reproduce. We were eventually able to pinpoint that there was not a single bug with a simple fix creating the issue, but a complex situation where specific issues and use cases converged to create a set of scenarios where DNS leaks could occur (but would not always occur).

In total, we diagnosed two separate bugs with two distinct root causes.

The first issue was introduced when we built our split-tunneling feature for Version 12 of the ExpressVPN Windows app (this issue was never present in Version 10). In every instance, the DNS cache service should have been automatically directed to use the VPN. However, when split tunneling was activated in “Only allow selected apps to use the VPN” mode, the DNS cache service was allowed to operate outside the VPN, which meant that some DNS requests might be misdirected. This has been corrected on Version 12 of the Windows app.

The second issue was caused by the presence of other VPN apps on a Windows device. When other VPN apps were installed, even if they were not in active use, it was possible for their filtering rules to affect the performance of our app. This cross-contamination only occurred when split tunneling was turned on. We improved the filtering logic to eliminate potential DNS leaks with split tunneling. This second issue had the potential to affect Version 10 and Version 12 of the ExpressVPN app for Windows, and so the fix was pushed on both versions of the Windows app.

However, this second issue only impacts Windows users who have the ExpressVPN app, have split tunneling turned on, and also have other competing VPN apps installed. All three conditions would need to be met in order for a potential leak to happen. We also know from the difficulty reproducing the issue that it only happens in some situations, even if all three conditions were met. We estimate that far less than 1% of Windows users could have been affected by the second bug.

Once the issues were properly identified and diagnosed, our engineers were able to build and merge a fix, add automatic tests, and test the new code to ensure the fix was complete.

After rigorous checking by our in-house team, we also offered the original bug reporter a chance to beta-test the fix before we released it to our users. Attila Tomaschek, the VPN expert and staff writer at tech publication CNET who reported the bug, confirmed through independent testing that our build was bug-free and ready for our Windows users.

 

PERTINENT LINKS

 

More Info HERE

ExpressVPN Removes Split-Tunneling Feature for Leaking DNS Requests

After a tip, ExpressVPN acts swiftly to protect customers

How to use the split tunneling feature

vpnmentor_What Is VPN Tunneling — The Ultimate Guide For 2024

Content lifted/derived from ExpressVPN Site