Network Extension: broken behavior on iOS 16.4+ when setting NEVPNProtocol's `includeAllNetworks` flag.

I am seeing an interesting behavior on iOS 16.4+ when I set NEVPNProtocol includeAllNetworks flag to TRUE as part of my tunnels's saved preferences.

After my packet tunnel provider starts up and goes through the usual setup of adding routes, where let's say we just just add NEIPv4Route.default() to route everything and eventually setting via: setTunnelNetworkSettings. Any subsequent calls to cancelTunnelWithError will cause the phone to get into a state where the tunnel provider goes away but it appears that my routes did not properly clean up, essentially causing a device to get into a state where all network traffic is now dead. The only way to recover is to go into OS Settings -> VPN and change selected profile to some other one, or just remove ours and go through installation again.

It appears to only be happening on iOS 16.4+ devices, any previous versions clean up just fine. Curious if anyone has seen such behavior? Thanks in advance.

That sounds eminently bugworthy to me. If you do decide to file a bug, follow the VPN (Network Extension) for iOS instructions from on Bug Reporting > Profiles and Logs.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@smisiewicz Did you find a solution for this. We are also facing similar issue on iOS 16 and iOS 17.

Network Extension: broken behavior on iOS 16.4+ when setting NEVPNProtocol's `includeAllNetworks` flag.
 
 
Q