I've coded an iOS VPN App based on PacketTunnelProvider mimicking SimpleTunnel sample. It works on iphone. Traffic from containing app, and other apps such as browsers is routed through the VPN Tunnel as expected.
Recently I found that HTTPS and DNS queries inside the app extension are not going through the tunnel. In Wireshark I can see that DNS queries initiated from app extension are targeting the old DNS server such as my home router IP address 192.168.0.1 instead of the VPN server. Similar DNS queries from the containing app goes through the VPN server correctly as expected.
When an HTTPS JSON API is initiated from within the app extension, the JSON server side log shows that the IP address of of the requester isn't the VPN server IP, instead it's the external facing IP address of my home network.
Did Apple design it this way on purpose: VPN tunnel is only meant for other apps, but NOT the app extension?
Are there any settings or tricks I can leverage to make both the App extension and the containing app route traffic through the established VPN tunnel?
I use some complicated shared code with 2 threads with one handling moving data between the iOS network interface and remote VPN server and the other handling business logic through JSON API and other HTTPS requests, and they communicate with each other. W/o a good solution, I'll have to divide the shared code between the App Extension and the containing app and manage the synchronization between them which is a daunting task and I'd prefer to avoid at any cost.
I'd very much appreciate any ideas from the folks with similar experience, and the experts at Apple support.
FYI on the related settings:
newSettings.ipv4Settings?.includedRoutes is set to NEIPv4Route.default()
I've also tried these and they didn't help: added our JSON web server IP/mask into includedRoutes
Instead of the default, added 0.0.0.0/0.0.0.0 - same as the default.
tried these tricks found on this forum such in setting searchDomains and matchDomains to things like [], [""], nil
I've also tried to add a gatewayAddress for the default route
let defaultRoute = NEIPv4Route.default()
		 defaultRoute.gatewayAddress = vpnDnsServerIp // such as 10.0.0.1
includedRoutes.append(defaultRoute)
		newSettings.ipv4Settings?.includedRoutes = includedRoutes
a2zit
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution