Workspace ONE Tunnel 25.08 - Windows Release
With the long-awaited update of the Windows Tunnel to 25.08 for WorkspaceOne, interesting new changes have been implemented. I've been struggling with massive performance and stability issues in recent WorkspaceOne projects, including blue screens and freezes on Windows Devices with Tunnel. Omnissa has addressed and fixed precisely this issue and has been able to test a beta version with customers in recent weeks, which has resolved the issues. I think the switch to the new Tun interface, which integrates with the Windows routing table, has particularly driven these improvements. The legacy filter mode can be reactivated via KVP. Furthermore, the rapid device traffic rules are now standard. Also interesting in the new mode is that by default the tunnel connects when the user logs in. At a later version, the on-demand procedure will be possible again in the new tun mode.Tunnel now uses Enhanced Domain Resolution by default (instead of Windows NRPT), making DNS faster and more consistent. Split DNS respects Device Traffic Rules, and the old KVPs are replaced by use_internal_dns_for_domains for internal lookups and ExcludeFQDN for default DNS resolution.
- Tunnel now defaults to TUN mode (replacing legacy Filter mode, still available via VpnMode=Filter) with separate Windows services for TUN and Filter, and uses Enhanced Domain Resolution (replacing Windows NRPT) so Split DNS follows Device Traffic Rules; new KVPs use_internal_dns_for_domains and ExcludeFQDN simplify internal/external domain handling.
- Rapid DTR Sync: Tunnel now syncs Device Traffic Rules with Workspace ONE APIs by default, removing the need for profile republish or certificate regeneration (only required at enrollment or certificate renewal); checks occur at app launch and every 4 hours.
- Connection availability: Tunnel now auto-connects at user login and stays connected unless disabled via ToggleTunnelFeature (default: false); On Demand mode for TUN will return in a future release..
- Simplified DNS & DTR: Tunnel now uses Enhanced Domain Resolution (replacing Windows NRPT), ensures Split DNS follows Device Traffic Rules, and replaces legacy KVPs with use_internal_dns_for_domains for preferred internal domains and ExcludeFQDN for default DNS resolution.
The Full Release Notes can be found here:
