Any update on this one?

Update: I just found this issue reported a year ago: https://developer.apple.com/forums/thread/107283?answerId=359856022#359856022

@a2zit That's great! I'm also using C code (also for a common code for iOS and Android), but I'm just passing the packets from the packetFlow. I though that using this trick might not work well at the future, so on my side only Android uses FDs. Because of that I don't know the answer to your question, and I'm guessing I'll have to deal with it soon for parts in my code. This, and a similar issue where I want lib curl to send traffic via the tunnel from the extension.

Hi @a2zit  Can I ask in which APIs did you use? I asked the same question ~2 years ago, and the suggestion was to use createTCPConnectionThroughTunnelToEndpoint:enableTLS:TLSParameters:delegate: createUDPSessionThroughTunnelToEndpoint:fromEndpoint: But I didn't test it yet. Any chance you are already using those functions? P.S: My question from 2 years back: https://developer.apple.com/forums/thread/94430?answerId=288108022#288108022

If you are not working in a managed environment what about NEDNSSettingsManager? I wasn't familiar with that one! It sounds great, but sadly it's only from the recent OS versions, so I'll check if this can help us here. Thanks for the suggestion!

What is the release distribution method, Developer ID? Since it's a beta for two specific customers, the list method doesn't matter, as long as it's going to work on their Macs.

Because at the moment the app is a Network Extension, I didn't convert it yet. It's on the road map, but it might take some time.

Feedback FB8774971

I submitted feedback - FB8774831

I also want to point out Eskimo's answer from 4 years ago - https://developer.apple.com/forums/thread/35027?answerId=122209022#122209022 So, you normally set up a VPN in one of three ways: full tunnel — The VPN is the primary interface and its DNS server is used by default. split tunnel, match domains — The VPN is not the primary interface and the system consults its VPN server for just the specified match domains. split tunnel, wildcard match domains — The VPN is not the primary interface and the system consults its DNS server for all domains first. The third option is what I want, but it seems very buggy. I'm not sure that NEDNSProxyProvider is the answer, because of several reasons: It's another extension that the customers would have to approve "do this in the context of managed devices" - I want the tunnel's DNS server for all devices, not only for managed devices

And just to clarify - the settings for my VPN is to use the default route (all traffic should go via my VPN, and the VPN tunnels should answer all queries). If this is not possible I'll look at the DNS provider extension.

Thanks for your answer, but I have 2 small questions: Just to be sure - even if the tunnel is for the default route (capture all traffic), the tunnel's DNS servers are not suppose to answer all queries? 2. Even with what you said, I'm pretty sure there's a bug on your side here (and not an edge case). Please see those 2 lines of code: let searchDomains = ["myComp.net", "myComp.com", "com", "atlassian.net", "Kings.dev", "Kings", "MyABC.com", "ABC.com", "Kings.com", "myComp"] newSettings.dnsSettings?.searchDomains = searchDomains Now run 'ping google' at the terminal and it would work great ('google' will get the 'com' from the searchDomains). However, moving "com" to the fourth location at the array (instead of at the first three): let searchDomains = ["myComp.net", "myComp.com", "atlassian.net", "com", "Kings.dev", "Kings", "MyABC.com", "ABC.com", "Kings.com", "myComp"] And 'ping google' doesn't work anymore. It seems that searchDomains has only "room" for 3 domains. Isn't it a bug (and not an edge case)?

P.S - the tag should be Network Extension

Bumping this after a year, there's no update for the feedback I submitted. Do you happen to know if the above behaviour for tunnel's DNS servers + split tunnel (include-routes) is a bug or by design?

A question regarding "use NEDNSSettings to capture only specific domains that your VPN is interested in and point them at a specific DNS server of your choice. Do not try and capture everyone else DNS traffic as well." Why? What about this description "If the VPN tunnel becomes the network’s default route, the servers listed earlier by NEDNSSettings become the default resolver and the matchDomains list is ignored." from https://developer.apple.com/documentation/networkextension/nednssettings/1406537-matchdomains? On full tunnel I want that all the queries will reach to the DNS servers I configured, is that a problem?