Thank you, Eskimo!
Actually, I am working on something like split tunnel, but route based forwarding to different tunnel is not scalable for my application. What I am trying to do is all the traffic using utun IP as src-ip, will be sent to tunnel or regular physical interface based on predefined policy/rule. The traffic being forwarded to physical interface directly would have the utun interface IP as src-ip also, which is "private" IP, the uplink gateway won't know how to route it once the return traffic coming in. So before sending out, the src_ip has to be changed from utun IP to physical interface IP.
May I know pf/iptable is supported in iOS? or any recommendations? Thanks!