I accidentally redacted out tunnelNetworkSettings.dnsSettings = dns from below the dns.matchDomains line in the previous code snippet. Realised after submitting and can't edit the reply.

[quote='792423022, DTS Engineer, /thread/757674?answerId=792423022#792423022'] Please post some details about how your packet tunnel provider is configuring the tunnel. That is, the relevant settings your pass to setTunnelNetworkSettings(_:completionHandler:). [/quote] override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { ... let tunnelNetworkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: configuration.host) let proxySettings = NEProxySettings() proxySettings.httpEnabled = true proxySettings.httpServer = NEProxyServer(address: configuration.host, port: configuration.port) proxySettings.httpsEnabled = true proxySettings.httpsServer = NEProxyServer(address: configuration.host, port: configuration.port) tunnelNetworkSettings.proxySettings = proxySettings let ipv4Settings = NEIPv4Settings(addresses: ["192.169.89.1"], subnetMasks: ["255.255.255.0"]) ipv4Settings.includedRoutes = [NEIPv4Route.default()] tunnelNetworkSettings.ipv4Settings = ipv4Settings let ipv6 = NEIPv6Settings(addresses: ["FD00::9999:9999"], networkPrefixLengths: [64]) ipv6.includedRoutes = [NEIPv6Route.default()] tunnelNetworkSettings.ipv6Settings = ipv6 let dns = NEDNSSettings(servers: ["192.168.1.1"]) dns.matchDomains = ["", "onion"] // https://developer.apple.com/forums/thread/116033 setTunnelNetworkSettings(tunnelNetworkSettings) { [weak self] error in guard let self = self else { return } if let error = error { completionHandler(error) return } // Code that starts the proxy server on the `configuration.host` and `configuration.port` completionHandler(nil) } } Configuration Host: 127.0.0.1 Configuration Port: 9494 For the DNS I have as previously mentioned used 8.8.8.8 and 8.8.4.4. The current setting is my home router that also resolves DNS. Neither work. Separate to this; I am also finding that applications such as the iOS Mail app don't work with this configuration and requests aren't directed. My gut feeling is that I need to handle the SMTP and IMAP protocols, although unsure because of the proxy or IPv4/6 settings. Could also be the routes in the settings. Happy to create a separate thread if you think this is appropriate.

At present it is as its tightly coupled to the Packet Tunnel Provider due to only needing to be ran when the VPN link is active and for its lifecycle to be linked to that - enables it to run when the app is closed but VPN active and not get garbage collected. Is this a quirk with it running within the same process? I presume the first suggestion is to spin out the server into its own process (using this?) and just maintain a reference in the Packet Tunnel Provider?