User Profile

Hello !We did check with built in IPSEC profiles also. No any customizations whatever.Behaviour was similar, that Facebook Messenger was able to send out packets using IP address of underlying Wifi interface (and 4G). Even created .mobileconfig profile, which included ` OverridePrimary=1`.Still same behaviour on 12.3.1.Will try your suggestion with `includeAllNetworks` on iOS 13 beta. Btw. do you have deeper documentation on behaviour than onhttps://developer.apple.com/documentation/networkextension/nevpnprotocol/3143658-excludelocalnetworks?language=objcbest regards,taavi

Probably something like:... fileprivate extension ExampleHotspotHelper { static let hotspotHandler: NEHotspotHelperHandler = { command in switch command.commandType { case .filterScanList: let networkList = command.networkList NSLog("FilterScanList:\n\(networkList.map { String(describing: $0) }.joined(separator: "\n"))") .... } } } ...NB! this is executed only when end user goes to Settings->Wifi and phone updates list of nearby networks.

Did some mory study of this issue. Studied more tcpdumps etc.Actually Facebook Messanger sends traffic to all active interfaces in iOS. It even sends tarffic out trough Cellular, when mobile data is disabled from settings.Hypotesis is, that Facebook Messenger actually searches for all active interfaces/addresses in iOS system, then binds socket to all addresses/interfaces. And then sends data out through all those interfaces. Thus using scoped routing it is able to bypass VPN and/or default route.Like described in https://forums.developer.apple.com/thread/76711#226101Is there any way at all to change this behavour? Without supervision/MDM?Or are applications really capable bypassing VPN/routing table at will?Or I am doing something seriously wrong way?