VPN: Denied Resouces are getting tunneled [VA]

We are trying to configure split tunnel with tunnel routes with the below Tunnel Provider configuration

tunnelProvider.protocolConfiguration.includeAllNetworks = NO; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = YES;

We are adding some IPs in the excludeRoutes[10.168.10.182 and 192.168.10.65]. Please refer the below network settings for VPN

    IPv4Settings = {
        configMethod = manual
        addresses = (
            10.168.10.68,
        )
        subnetMasks = (
            255.255.255.255,
        )
        includedRoutes = (
            {
                destinationAddress = 0.0.0.0
                destinationSubnetMask = 0.0.0.0
            },
        )
        excludedRoutes = (
            {
                destinationAddress = 192.168.10.65
                destinationSubnetMask = 255.255.255.255
            },
            {
                destinationAddress = 10.168.10.182
                destinationSubnetMask = 255.255.255.255
            },
        )
        overridePrimary = NO
    }

Issue: when we are trying to access excludedRoute's IP [10.168.10.182 and 192.168.10.65] , it's getting tunneled.

Expected Results : excludedRoutes IPs should go via physical interface.

This is a regression in a recent iOS release, right? If so, I recommend that you file a bug about it.

Please post your bug number, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo , We could see this issue with older iOS version too whenever the below Tunnel provider configuration is saved to NETunnelProviderManager preferences before calling startTunnelWithOptions

 tunnelProvider.protocolConfiguration.includeAllNetworks = NO;
 tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO;
 tunnelProvider.protocolConfiguration.enforceRoutes = YES;

Issue: when we are trying to access excludedRoute's IP [10.168.10.182 and 192.168.10.65] , it's getting tunnelled because of that few of our APIs are sending failure and we are unable to connect to VPN.

Expected Results : excludedRoutes IPs should go via physical interface.

STEPS TO REPRODUCE

  1. Configure VPN packet tunnel provider config as mentioned above and add some IPs in excludeRoutes
  2. Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler”
  3. Try to connect to VPN
  4. Denied resources are tunneled via VA

NOTE: This behavior is not seen with split tunnel endpoint routes where the tunnel provider configuration is

tunnelProvider.protocolConfiguration.includeAllNetworks = NO;
tunnelProvider.protocolConfiguration.excludeLocalNetworks = YES;
tunnelProvider.protocolConfiguration.enforceRoutes = NO;

Hope this clarifies the issue @eskimo

@eskimo , any updates on this?

Did you file a bug about it? What was the bug number?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

@eskimo , I have already filed a bug with bug number: FB13678215 But I am not hearing back anything there. Please suggest the next steps

I’ve nothing new to share here (other than what you can already see in Feedback Assistant).

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

VPN: Denied Resouces are getting tunneled [VA]
 
 
Q