In-tunnel networking when `includeAllNetworks` is set.

When setting up a packet tunnel with a profile that has includeAllNetworks set to true, we seemingly cannot send any traffic inside the tunnel using any kind of an API. We've tried using BSD sockets, as we ping a host only reachable within the tunnel to establish whether we have connectivity - this does not work. When using NWConnection from the Network framework and specifying the required interface via virtualInterface from the packet tunnel, the connection state never reaches ready. Our interim solution is to, as ridiculous as it sounds, include a whole userspace networking stack so we can produce valid TCP packets just to send into our own tunnel. We require a TCP connection within our own tunnel to do some configuration during tunnel setup. Is there no better solution?

Hmmm, I would expect this to work.

Just for testing purposes, do the legacy in-provider networking APIs work?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

The legacy in-provider networking APIs did not work either, with the same symptoms.

This is still iOS, right?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

This is still iOS, and this has been the case since, I believe, iOS 15. It is certainly the case on iOS 16, 17 and 18, as those are the devices we have tested this behavior recently.

Hmmm, interesting. I suspect that this is tied to the implementation of includeAllNetworks, itself introduced in iOS 14.

Anyway, I don’t see any code-level workaround here (other than to not set includeAllNetworks but I presume that you’re setting that for a good reason). My advice is that you file a bug about this. Enable additional logging per the VPN (Network Extension) for iOS/iPadOS instructions on our Bug Reporting > Profiles and Logs.

Once you’re done, please post the bug number here. I wanna do a little more digging on this issue, but I need you bug number to start that process.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

In-tunnel networking when `includeAllNetworks` is set.
 
 
Q