Comment by Disparallel
4 days ago
The help section article lists
# Data that isn’t protected by the VPN
Not all network data from your device is protected by the VPN. Examples of data that aren’t protected by the VPN include:
- Tethering traffic
- This includes USB and Wi-Fi hotspot.
- Push notifications
- Wi-Fi calling and other IMS services
- Work profile app traffic
- This applies if a work profile is configured on your device.
- Data traffic from an app that routes traffic directly over the Wi-Fi or a cellular connection
All of which make sense to me except push notifications. My guess is they might mean syncing notifications to e.g. a watch.
I think it might be because push notifications use long-lived connections that are already open when the VPN is turned on.
I wonder why tethering traffic doesn't go through the VPN. I could be wrong, but I think it works the same way with iPhones.
I might test that later, but this (old) SE question seems to confirm my memory: https://apple.stackexchange.com/questions/266871/is-there-a-...
FWIW, all tethered traffic in GrapheneOS goes through a VPN.