I have been investigating ifit's possible to achieve the following. I have both an IKEv2 VPN server and have a Swift iOS client. On the client side I have enabled the
isOnDemandEnabled
on the NEVPNManager
and have set the rules to match anything.var vpnManager : NEVPNManager
var protcol: NEVPNProtocol
let ikev2 = NEVPNProtocolIKEv2()
ikev2.useExtendedAuthentication = true
...
protcol = ikev2
protcol.disconnectOnSleep = false
let connectRule = NEOnDemandRuleConnect()
connectRule.interfaceTypeMatch = .any
vpnManager.onDemandRules = [connectRule]
vpnManager.isOnDemandEnabled = true
This should mean that any attempt to access the internet should match this rule and should only go over the VPN. (This is my understanding of it, I hope that's right).
The Killswitch in VPN terminology is a feature that stops all internet traffic to go to and from the device, as soon as the VPN becomes unavailable. This is so to prevent any leakage in case the VPN tunnel becomes inaccessible. This could be as simple as monitoring if the current IP address fluctuates as a trigger to do this.
What I couldn't find out is if iOS 10.3+ already does this in the background as long as the
OnDemand
feature is enabled?Or is it just a way to reconnect to the VPN as soon as the VPN drops, but the traffic could still leak to the existing 4G without the VPN server present? I couldn't find any information yet this regarding. Any advice please? Hopefully Eskimo can see this, please. :-)
Thanks,