Since upgrading to iOS 16, I've been having issues with mobile data when using an L3 VPN with Network Extension APIs. The remote address provided by my carrier is a mapped IPv6 IP (64:ff9b::e61:6f0), but we've had problems with mapped IPs in the past and have been using the next available IPv4 IP from the DNS response instead. This has been working fine until now. However, with iOS 16, any TCP connection going to the gateway fails once the VPN is up. After analyzing a TCP dump, I noticed that the client is sending the initial SYN packet, and the server responds with SYN+ACK, but the client is not sending the final ACK in the 3-way handshake and instead sends an RST packet. I've found that using the mapped IP to connect with the server resolves the issue, but I'm concerned about the possibility of reintroducing previous bugs. My question is: what is the best way to handle mapped (WKP) IPs in this situation? Note: I've tried excluding the gateway IP's explicitly in the network setting, problem persists.

Hi, Network extension crashes when we set network settings with 2048 IPv6 routes. We have been using 1024 IPv4 and IPv6 routes without any problem however when we try to increase the size to 2048 routes, Network extension crashes saying "memory limit exceeded". Is it not possible to configure 2048 routes on iOS? Is there any workaround? Thanks in advance. Meera Mohideen

If we set default IPV6 includedRoutes and configure IPV4 with some valid routes, now all the IPV4 traffics are tunnelled.Sample NETunnelNetworkSettings Info:{ tunnelRemoteAddress = 14.143.66.7 DNSSettings = { server = ( 10.209.112.2, ) searchDomains = ( ) matchDomains = ( ) matchDomainsNoSearch = NO } IPv4Settings = { configMethod = PPP addresses = ( 10.209.125.38, ) subnetMasks = ( 255.255.255.255, ) includedRoutes = ( { destinationAddress = 10.209.116.143 destinationSubnetMask = 255.255.255.255 }, { destinationAddress = 10.209.125.82 destinationSubnetMask = 255.255.255.255 }, ) overridePrimary = NO } IPv6Settings = { configMethod = automatic addresses = ( fc00:1111:5678:5678::2101, ) networkPrefixLengths = ( 64, ) includedRoutes = ( { destinationAddress = :: destinationNetworkPrefixLength = 0 }, ) } MTU = 1300}Steps to Reproduce:1. Configure split tunnel resource, set default includedRoutes for IPV6 (i.e ::) and valid includedRoutes for IPV4 (i.e 10.209.116.143).2. Connect VPN .3. Try access the any non defined IPV4 split tunnel resource and observe the traffic is tunnelled.Expected Results:Only defined IPV4 includedRoutes should be tunnelled.Actual Results:All IPV4 traffics are tunnelled.Is this the expected behaviour? If so any workaround for this?