Hi Team, Any update on this?

Hi Matt, Thanks for your reply. To answer to your question: When there is an available network and the user is interacting with their device doesn't the VPN become active again? VPN will be automatically triggered and connected[Based on configuration] only in case of VOD(VPN On Demand) when network is available. Our application also supports Manual VPN connection(User has to manually connect to VPN). In case of manual VPN connection, since VPN is moved to disconnected state after being in reasserting state for 5 mins when no network, end user has to connect back to VPN manually when network is back(Only from iOS 17 and later). This requires extra effort from end users to connect to VPN again. This is going against our application feature. So, Is there a way to keep VPN tunnel in reasserting state even after 5 mins when no network from iOS 17 and later ? (To get the same behaviour as iOS 16 and below) Is there any document related to this timeout change added from iOS 17 and later ?

Hi Matt, As per your suggestion, I have configured the automatic proxy PAC file URL in WIFI Settings and Split Tunnel rules in my VPN server. In this case, the traffic y.y.y.y is going to the PROXY even before entering into the tunnel i.e., traffic y.y.y.y is not coming inside tunnel and thus ignoring the tunnelling rule. Though I achieve proxying the traffic y.y.y.y, this approach is not applicable for my use case where I want traffic y.y.y.y to reach tunnel first and then get proxied from within the tunnel. How can I achieve this behaviour?

Hi Matt, To reply to your above question, I would recommend that you take a look at your remote addresses or hostnames on your IP packets and then see how this aligns with your proxy settings. Next, see if you are reaching your proxy server. If you are reaching your server, and your proxy settings are setup to route your traffic appropriately, look at the next hop in the network. When Proxy server is down, Manual proxy: The packets destination IP is Proxy server IP and I can see that packets are reaching proxy server and its been dropped at server end. This is making some-resource.com inaccessible. Automatic proxy: Here, when packets destination IP is Proxy server IP, I can see that packets are reaching proxy server and its been dropped at server end. But I see that packets are somehow recreated with destination IP which is certainly not Proxy IP. This is actually causing some-resource.com accessible.

Hi, Any update on the above?

Hi Matt, Thanks for your reply. My resource some-resource.com is accessible from public internet (I have taken public resource just to check the behaviour of proxy when configured in Wi-Fi Settings). I want all my traffic to go through the proxy server and if it’s not reachable, no resource should be accessible. When I configure Manual proxy and the proxy server is down, some-resource.com is inaccessible (No websites are accessible when tried to reach from Safari). But,  When I configure an Automatic proxy the resource some-resource.com is accessible though the proxy server is down (Websites are accessible when tried to reach from Safari). From the above, I can see there is a difference in behaviour between automatic and manual proxy configured using the same proxy server. I have tried all the above scenarios in NetworkExtension proxy configuration and the behaviour is same. So, Is Manual and Automatic proxy designed to behave differently when proxy server is down? Is it expected that Automatic proxy would be bypassed when proxy server is down?

Hi Matt, Thanks for your quick response. I think I have not been very clear with my question. Let me try to rephrase it with more details: Given that: I have a resource some-resource.com which is accessible with or without proxy. I have a proxy pac file at my-file-server.com/some-proxy.pac I have a simple proxy server my-proxy.com:8080 configured/returned inside the pac file. All my traffic should go through this proxy server and if it’s not reachable, no resource should be accessible. Now, when proxy server my-proxy.com:8080 is configured manually: If proxy server is up, my resource some-resource.com is accessible via proxy. If proxy server is down, my resource some-resource.com is no more accessible. This is as expected. When proxy is configured automatic by providing pac file URL: If proxy server my-proxy.com:8080 is up, my resource some-resource.com is accessible via proxy. If proxy server my-proxy.com:8080 is down, my resource some-resource.com is still accessible, bypassing the proxy. This is what is not expected. Please note, in case of automatic configuration, pac file located at my-file-server.com/some-proxy.pac is always accessible. As you can see, there is a difference in behaviour of automatic proxy configuration using pac file and manually configuring the same proxy server. I have tried all the above scenarios in NetworkExtension proxy configuration as well WiFi proxy configuration and the result is same for both. So, is it expected that automatic proxy would be bypassed when proxy server is not reachable?