Some questions on NEPacketTunnelProvider on iOS 15

Recently I tested my VPN application on iOS 15 beta 8 / Xcode 13 beta 5. It looks like that the precedence is IPSec VPN > iCloud private relay > NEPacketTunnelProvider VPN.

When the iCloud private relay is switched on if use IPSec VPN(I think it's using the IPSec interface) the browser's network traffic is still being routed to the IPSec tunnel. But for the implementation with NEPacetTunnelProvider VPN(UTUN interface) the browser's traffic is being routed to the private relay. I don't see any doc describing this but it seems this is the design.

And another question is the IncludeAllNetworks setting for the VPN. If set the IncludeAllNetworks to be 1 then the device global traffic would be routed to the VPN, but the excludedRoutes settings in the VPN would be unavailable, no routes would be excluded.

Is the above understanding correct?

Up vote post of jeffreyc Down vote post of jeffreyc
621 views
Posted by
jeffreyc
Reply
Add a Comment

Accepted Reply

I close this thread myself. What I observed is not correct.

Posted by
jeffreyc
Up vote reply of jeffreyc Down vote reply of jeffreyc
Post marked as solved
Add a Comment

Replies

I noticed that on https://developer.apple.com/documentation/networkextension/packet_tunnel_provider

Note

When a VPN configuration is active, connections use the VPN instead of iCloud Private Relay. Network Extension providers also don’t use iCloud Private Relay.

and this post https://developer.apple.com/forums/thread/682274.

it seems that the Private Relay should have the lowest precedence, but my test shows that the traffic from the browser still being routed to the Private Relay.

Posted by
jeffreyc
Up vote reply of jeffreyc Down vote reply of jeffreyc
Add a Comment

I close this thread myself. What I observed is not correct.

Posted by
jeffreyc
Up vote reply of jeffreyc Down vote reply of jeffreyc
Post marked as solved
Add a Comment