Apologies for talking to myself there ðĪŠ but I made interesting discovery. If I use the includeAllNetworks configuration - https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks, then this finally seems to rein in Messenger and does not let is around the tunnel.
That is great but it has the side-effect of once again breaking Signal, WhatsApp and probably other similar apps. I checked Signal debug logs and found that I cannot find a server by hostname. Which suggested DNS issue. So I re-added DNS configuration, added these IPs to the excludedRoutes and now Signal works but only one way. I can send messages, they are delivered but I cannot receive messages.
I still think that the fact that Messenger can just go around the tunnel is the main issue.
Post
Replies
Boosts
Views
Activity
Found the enforceRules configuration property. - https://developer.apple.com/documentation/networkextension/nevpnprotocol/3689459-enforceroutes
A Boolean value that indicates whether route rules for this tunnel take precendence over any locally defined routes.
Which kind of sounds like something I need, but setting it to true does nothing regarding Messenger.
Yes, but I tried it with the cellular data turned off. So even if Messenger were to bind to this interface, it should not go through?
RE: my recent post. So actually the reason for Messenger to circumvent the tunnel is that it somehow fallbacks to cellular data. It did not occur to me to investigate this option
So in the end I managed to make some progress. Getting all the IP4 routes and setting them manually seems to help.
But I discovered that Facebook Messenger is somehow bypassing my VPN. This is the only app that seems to do this. But even if I completely stop the traffic going through (just for the test), then nothing obviously works, but sending messages with Messenger works fine.
How is this possible?
Another point I discovered is that if I include the NEIPv4Route.default() then this alone causes Signal and WhatsApp to not work. ðĪ
Thanks! Just tried the loadFileRepresentation method but in the completionHandler I am getting the following error:
Error copying file type com.apple.quicktime-movie. Error: Error Domain=NSItemProviderErrorDomain Code=-1000 "Cannot load representation of type com.apple.quicktime-movie" UserInfo={NSLocalizedDescription=Cannot load representation of type com.apple.quicktime-movie, NSUnderlyingError=0x600002153450 {Error Domain=NSItemProviderErrorDomain Code=-1 "Cannot copy file at URL file:///Users/filip/Library/Developer/CoreSimulator/Devices/7197B12A-3B5C-467E-99DD-B9A5C8DC7211/data/Containers/Shared/AppGroup/44298F88-8E9E-49E8-BCA3-E68877DC0BFC/File%20Provider%20Storage/3C2BCCBC-4474-491B-90C2-93DF848AADF5.mov." UserInfo={NSLocalizedDescription=Cannot copy file at URL file:///Users/filip/Library/Developer/CoreSimulator/Devices/7197B12A-3B5C-467E-99DD-B9A5C8DC7211/data/Containers/Shared/AppGroup/44298F88-8E9E-49E8-BCA3-E68877DC0BFC/File%20Provider%20Storage/3C2BCCBC-4474-491B-90C2-93DF848AADF5.mov., NSUnderlyingError=0x6000021534e0 {Error Domain=NSItemProviderErrorDomain Code=-1 "Cannot create a temporary file. Error: Undefined error: 0" UserInfo={NSLocalizedDescription=Cannot create a temporary file. Error: Undefined error: 0}}}}} Looks like it is indeed a bug?
Wonderful! Thanks this works great.