Split tunnel using Personal VPN

Question

Created 4d

Replies 3

Boosts 0

Participants 2

Our app uses NEVPNManager with IPsec to create VPN. Full tunnel is working fine both with NEVPNManager API and profile created using Apple Configurator.

Now, we are trying to create split tunnel using the same. Apple Configurator created profile is working when DNS Supplemental Match domains is set to empty string. But we couldn't find the equivalent to the DNS Supplemental Match domains in the NEVPNManager API. In NEVPNManager config, all DNS is routing to the default route instead of VPN.

Can you please help us on this?

Answered by DTS Engineer in 792438022

OK, thanks for confirming.

Given that, I don’t think there’s a way forward in the Personal VPN space:

Personal VPN doesn’t let you configure DNS settings; they have to come from the VPN server.
The Personal VPN protocols, IPsec and IKEv2, don’t support anything like supplemental match domains.

You could do this by creating your own packet tunnel provider, but that’s a lot of additional work.

Another possibility would be to apply custom DNS settings using NEDNSSettingsManager, but for that to work your DNS server would have to be on the public Internet (so that iOS can use it even when the VPN interface is down).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

3d

So, to clarify:

Your VPN server is returning specific routes to the client.
And the iOS device is forward traffic to those networks to the VPN.
Your VPN server is also returning a DNS server to the client.
You want iOS to use that DNS server for all resolution on the system.
But that’s not happening.

Is that right?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

Dimple14 OP

17h

Yes, everything you mentioned is correct. The same config tested with Apple Configurator profile is working fine. But NEVPNManager pushed Personal VPN config is not working. Because all the DNS traffic is going to the default DNS instead of our VPN.

0

Answer 3

DTS Engineer OP

Apple

11h

Recommended

OK, thanks for confirming.

Given that, I don’t think there’s a way forward in the Personal VPN space:

Personal VPN doesn’t let you configure DNS settings; they have to come from the VPN server.
The Personal VPN protocols, IPsec and IKEv2, don’t support anything like supplemental match domains.

You could do this by creating your own packet tunnel provider, but that’s a lot of additional work.

Another possibility would be to apply custom DNS settings using NEDNSSettingsManager, but for that to work your DNS server would have to be on the public Internet (so that iOS can use it even when the VPN interface is down).

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1