VPN: Denied Resouces are getting tunneled [VA]

Question

We are trying to configure split tunnel with tunnel routes with the below Tunnel Provider configuration

tunnelProvider.protocolConfiguration.includeAllNetworks = NO; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = YES;

We are adding some IPs in the excludeRoutes[10.168.10.182 and 192.168.10.65]. Please refer the below network settings for VPN

    IPv4Settings = {
        configMethod = manual
        addresses = (
            10.168.10.68,
        )
        subnetMasks = (
            255.255.255.255,
        )
        includedRoutes = (
            {
                destinationAddress = 0.0.0.0
                destinationSubnetMask = 0.0.0.0
            },
        )
        excludedRoutes = (
            {
                destinationAddress = 192.168.10.65
                destinationSubnetMask = 255.255.255.255
            },
            {
                destinationAddress = 10.168.10.182
                destinationSubnetMask = 255.255.255.255
            },
        )
        overridePrimary = NO
    }

Issue: when we are trying to access excludedRoute's IP [10.168.10.182 and 192.168.10.65] , it's getting tunneled.

Expected Results : excludedRoutes IPs should go via physical interface.

421

Posted by

Shweta-mittal19

Reply

Add a Comment

Answer 1

This is a regression in a recent iOS release, right? If so, I recommend that you file a bug about it.

Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

Add a Comment

Answer 2

@eskimo , We could see this issue with older iOS version too whenever the below Tunnel provider configuration is saved to NETunnelProviderManager preferences before calling startTunnelWithOptions

 tunnelProvider.protocolConfiguration.includeAllNetworks = NO;
 tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO;
 tunnelProvider.protocolConfiguration.enforceRoutes = YES;

Issue: when we are trying to access excludedRoute's IP [10.168.10.182 and 192.168.10.65] , it's getting tunnelled because of that few of our APIs are sending failure and we are unable to connect to VPN.

Expected Results : excludedRoutes IPs should go via physical interface.

STEPS TO REPRODUCE

Configure VPN packet tunnel provider config as mentioned above and add some IPs in excludeRoutes
Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler”
Try to connect to VPN
Denied resources are tunneled via VA

NOTE: This behavior is not seen with split tunnel endpoint routes where the tunnel provider configuration is

tunnelProvider.protocolConfiguration.includeAllNetworks = NO;
tunnelProvider.protocolConfiguration.excludeLocalNetworks = YES;
tunnelProvider.protocolConfiguration.enforceRoutes = NO;

Hope this clarifies the issue @eskimo

Posted by

Shweta-mittal19

@eskimo Also please note IPV4 network settings are same for endpoint routes and tunnel routes as shared above.

—
Shweta-mittal19

Add a Comment

Answer 3

@eskimo , any updates on this?

Posted by

Shweta-mittal19

Add a Comment

Answer 4

Did you file a bug about it? What was the bug number?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

Add a Comment

Answer 5

@eskimo , I have already filed a bug with bug number: FB13678215 But I am not hearing back anything there. Please suggest the next steps

Posted by

Shweta-mittal19

Add a Comment

Answer 6

I’ve nothing new to share here (other than what you can already see in Feedback Assistant).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by

eskimo

Add a Comment

VPN: Denied Resouces are getting tunneled [VA]

Replies