I am tunnelling my traffic through a server. In some cases it has to block determinate websites, e.g. gambling sites. The tunnel works without a problem if I start the tunnel with WiFi or Cellular. When I change the network to the opposite the VPN reconnects automatically as I am using on demand VPN but the VPN doesn't block the websites it did before. My main supposition is that after changing the interface, WiFi to Cellular or vice versa, the outgoing traffic from the device it is not routed through the tunnel interface (utun) but the VPN is still up.
How could I check or "force" the outgoing traffic through my tunnel interface?
I can detect when the interface changes and I could force restart the tunnel but I shouldn't do it. That should be the tunnel's task and I prefer not to force the tunnel's state.
As I see in Session 717 from 2015 WWDC the VPN connnection is stablished and then goes down level by level in the Internet stack until the interface level. When the VPN has been stablished it uses the utun0 interface. My fear is when I stablish, for example, a tunnel using Wi-Fi connection it correctly routes the traffic out using the utun0 interface but when I change to the Cellular connection it uses another interface therefore my tunnel is still up but it doesn't apply the content blocking because the packets are not routed using the utun0 interface.
EDIT, I've just discovered defaultPath. Using KVO I am able to monitor interface changes. When I detect a interface change I try to reconnect the tunnel. In some cases I am able to solve the issues I had before and the blocking is applied but in other cases it does not. I'm trying to monitor the cases in which the interface changes and if the connection is established but I cannot wrap my head around all the possible cases.
