Can a VPN Killswitch be configured/programmed in iOS?

I have been investigating ifit's possible to achieve the following. I have both an IKEv2 VPN server and have a Swift iOS client. On the client side I have enabled the

isOnDemandEnabled
on the
NEVPNManager
and have set the rules to match anything.


var vpnManager : NEVPNManager
var protcol: NEVPNProtocol
let ikev2 = NEVPNProtocolIKEv2()
ikev2.useExtendedAuthentication = true
...
protcol = ikev2
protcol.disconnectOnSleep = false
let connectRule = NEOnDemandRuleConnect()
connectRule.interfaceTypeMatch = .any
vpnManager.onDemandRules = [connectRule]
vpnManager.isOnDemandEnabled = true


This should mean that any attempt to access the internet should match this rule and should only go over the VPN. (This is my understanding of it, I hope that's right).


The Killswitch in VPN terminology is a feature that stops all internet traffic to go to and from the device, as soon as the VPN becomes unavailable. This is so to prevent any leakage in case the VPN tunnel becomes inaccessible. This could be as simple as monitoring if the current IP address fluctuates as a trigger to do this.


What I couldn't find out is if iOS 10.3+ already does this in the background as long as the

OnDemand
feature is enabled?

Or is it just a way to reconnect to the VPN as soon as the VPN drops, but the traffic could still leak to the existing 4G without the VPN server present? I couldn't find any information yet this regarding. Any advice please? Hopefully Eskimo can see this, please. :-)


Thanks,

Can a VPN Killswitch be configured/programmed in iOS?

Check out this thread.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Unfortunately VPN Killswitch is NOT currently supported on iOS. While isOnDemandEnabled is reestablishing a VPN connection, Internet traffic is inhibited to some degree but not entirely, so does not protect against IP leaks.


Perhaps consider raising an enhancement request to help Apple gauge its importance to the VPN community.

still no changes ?

Can a VPN Killswitch be configured/programmed in iOS?
 
 
Q