diff --git a/aura-gui/src-tauri/src/lib.rs b/aura-gui/src-tauri/src/lib.rs
index 08e49b3..21c234e 100644
--- a/aura-gui/src-tauri/src/lib.rs
+++ b/aura-gui/src-tauri/src/lib.rs
@@ -125,8 +125,19 @@ fn connect(
     }
     let bin = state.aura_binary.lock().clone();
     let mut guard = state.running.lock();
-    if guard.is_some() {
-        return Err("a client is already running — disconnect first".into());
+    // v3.4.1: previously we refused with "already running" whenever the handle Option was Some,
+    // even when the child had since died (e.g. it survived the 1.5 s spawn check, then crashed
+    // a few seconds later). The dead handle wedged the UI — Connect was permanently blocked
+    // until the user restarted the GUI. Now we check `is_alive` first and clear stale handles
+    // so a reconnect just works.
+    if let Some(prev) = guard.as_ref() {
+        if prev.is_alive() {
+            return Err("a client is already running — disconnect first".into());
+        }
+        // Dead handle: reap it (drop its kill code path) before installing the new one.
+        if let Some(dead) = guard.take() {
+            let _ = dead.kill();
+        }
     }
     let handle =
         cli_proc::spawn_client(&bin, &profile_dir, &profile_id).map_err(|e| e.to_string())?;
diff --git a/crates/aura-cli/src/client.rs b/crates/aura-cli/src/client.rs
index ac97a26..2fb0acd 100644
--- a/crates/aura-cli/src/client.rs
+++ b/crates/aura-cli/src/client.rs
@@ -356,7 +356,34 @@ pub async fn run(config_path: &Path, admin_socket: &str) -> anyhow::Result<()> {
         .clone()
         .unwrap_or_else(crate::config::OsRoutesSection::default);
     let _os_routes_guard: Option<OsRouteGuard> = if os_routes_cfg.enabled {
-        let split = SplitRoutes::from_config(&cfg.tunnel.split, &resolved_domains);
+        let mut split = SplitRoutes::from_config(&cfg.tunnel.split, &resolved_domains);
+        // v3.4.1: when `default = "VPN"` on macOS, os_routes installs two half-Internet routes
+        // (`0.0.0.0/1` + `128.0.0.0/1` via the TUN) that beat the kernel's pre-existing default.
+        // Those wildcards also capture the SERVER's outer endpoint (e.g. 187.77.67.17:443),
+        // which would route Aura's own ciphertext packets back into Aura — an infinite tunnel
+        // loop that kills the data plane in a couple of seconds. Inject the server IP (and any
+        // configured bridge IPs) into `direct_hosts` so they egress through the host's original
+        // default route, exempting them from the VPN. Linux is fine without this — `metric 50`
+        // on the default-via-TUN doesn't override more-specific routes — but on macOS the
+        // half-Internet routes inherently match the server IP, so the bypass is required.
+        if matches!(split.default, crate::os_routes::DefaultAction::Vpn) {
+            let mut bypass_ips: Vec<std::net::IpAddr> = Vec::new();
+            if let Ok(addr) = cfg.server_socket_addr() {
+                bypass_ips.push(addr.ip());
+            }
+            for raw in &cfg.client.bridges {
+                if let Ok(sa) = raw.parse::<std::net::SocketAddr>() {
+                    bypass_ips.push(sa.ip());
+                } else if let Ok(ip) = raw.parse::<std::net::IpAddr>() {
+                    bypass_ips.push(ip);
+                }
+            }
+            for ip in bypass_ips {
+                if !split.direct_hosts.contains(&ip) {
+                    split.direct_hosts.push(ip);
+                }
+            }
+        }
         let guard = OsRouteGuard::install(
             &actual_tun_name,
             &split,