Thanks for the quick responses so far! Yes, the product basically provides an IP-Layer VPN to a remote server. PF is indeed used to enforce all outgoing traffic complies with the configured split tunnel rules and traffic isn't leaked. These leaks would mainly be due to: connections that ignore the routing table and enforce an interface (e.g. curl --interface en0 https://apple.com) be able to block any traffic while the tunnel is not yet connected