Get Tunna

On-Demand Rules

Prepare Tunna On-Demand wake rules with eligible Proxy domain or GeoSite material, and avoid triggers Apple cannot use.

348 words 2 min
Routing Rules, On-Demand, Wake

Use this page when Connect is set to On-Demand or when a tunnel starts unexpectedly. On-Demand is configured in Tunnel settings, but useful wake material comes from eligible Proxy routing rules.

Only some Proxy rules can wake On-Demand

For On-Demand, use unpaused rules whose outbound is Proxy or a specific proxy node, with ordinary domain entries or GeoSite records. Those rules give Apple domain material it can evaluate before the tunnel is already running. Direct, Blackhole, paused, GeoIP-only, IP, port, TCP, UDP, and application-protocol rules are useful for routing after traffic enters Tunna, but they are not reliable wake triggers.

On-Demand routing use cases

Set Connect to On-Demand in Tunnel settings only after the relevant routing rules are saved and unpaused.

Use caseGood routing materialAvoid relying on
Wake Tunna for a work siteA Proxy or specific-node rule with Base or Full domain entries for the work domains.Default Route alone, because it is only the fallback after the tunnel has traffic.
Wake Tunna for a site categoryA Proxy or specific-node rule with non-RegEx GeoSite records from installed assets.GeoIP records, ports, TCP, UDP, HTTP, TLS, or BT toggles.
Keep trusted networks quietEligible Proxy domain rules plus Trusted Networks in Tunnel settings for networks where Tunna should stay off.Paused rules or direct/block rules, because they should not be treated as startup requests.