@@ -366,9 +366,11 @@ Repository Metadata shall have an expiry date included in the signed portion of
From the moment the user activates the VPN connection until the user knowingly deactivates the VPN connection, no network traffic intended for the VPN connection shall exit the endpoint via anything other than the VPN connection, whether or not it is functioning.
Out of scope for the following requirements are other software on the user's endpoint with elevated privileges, users with administrator privileges, as well as the opperating system itself that could change relevant network configuration (network interfaces, routes, DNS) or circumvent the VPN tunnel due to elevated privileges.
#### 5.2.5.2 MI-ROUT-1 VPN routing stays in effect until VPN connection deactivated
The product shall only report that the VPN connection is established after it has configured the system in such a way that all traffic intended to be routed through the VPN connection will only exit through the VPN connection until the user or administrator knowingly deactivates the VPN connection. This assumes no other software on the user's endpoint changes relevant network configuration (network interfaces, routes, DNS).
The product shall only report that the VPN connection is established after it has configured the system in such a way that all traffic intended to be routed through the VPN connection will only exit through the VPN connection until the user or administrator knowingly deactivates the VPN connection.
