I got this response from Apple: The behavior seen is expected with includeAllNetworks enabled. Once the VPN config is enabled, default drop is enabled, meaning traffic will be dropped unless they are tunneled. This is to prevent data leak across tunnel flaps. This sounds like exactly what is happening in your use case. If you leave the config enabled, and from your extension, you try to cancel the tunnel. This will leave the default drop enabled without tunnel, traffic will get dropped until tunnel comes back up. Query: But Now Which API to use to disconnect the VPN on NE side so that it doesn't causes any internet connectivity issue?

Bug I have created for this: https://feedbackassistant.apple.com/feedback/13812251

I have created a bug for this: https://feedbackassistant.apple.com/feedback/13812251 Even I created a DTS ticket but its returned and asked to create a bug for this.

Hi @eskimo , My concern is the compatibility of low-level socket APIs with IPv4-mapped IPv6 addresses. Specifically, I'm interested in whether functions like bind, accept, and connect can seamlessly work with a mapped IPv6 address like 64:ff9b::103.135.122.10. I've consulted the following thread for reference and it is stated: We do not support under-the-sockets bump-in-API (RFC 3338) and we do not support 464XLAT... https://developer.apple.com/forums/thread/5643.

@eskimo Than you for your detailed response. When we say "** Apple’s naïve DNS APIs, like CFHost, return the addresses from most to least preferred **" what does it mean? My queries: When both IPV6 and IPV4 addresses are present for a host, does the CFHostGetAddressing function return the addresses array with IPV6 at the 0th index and IPV4 following it? If a mapped IPv6 address is present along with an IPV4 address, does the function prioritize placing the mapped IPv6 address first(0th index) in the addresses array, followed by the IPV4 address(1st index)?