Recently I met with a weird VPN bypassing problem which seems related to the mobile data network.
I wrote an application that created a personal VPN with protocol IPsec(IKEv2) and it connected to a VPN server. On the VPN server side do some traffic filter job.
With packet capture on the iOS mobile phone could see
- When there was only a Wi-Fi network connected all packets were in the IPsec VPN tunnel(could tell it by the packets' source IP and destination IP). Block the WhatsApp traffic on the VPN server-side and it worked well. WhatsApp showed connecting and after on messages were blocked;
- Switched on mobile data and ran WhatsApp could see WhatsApp traffic was in the VPN tunnel which was connected under the Wi-Fi network. But after a few seconds(around 30 secs) could see WhatsApp traffic was sent out via mobile data network which was 4G network there;
- If only mobile data network is switched on and Wi-Fi network switched off then could see after trying connecting for a few seconds(around 30 secs) the WhatsApp traffic bypassed VPN and it was not blocked.
In summary, I was trying to block the WhatsApp traffic on the VPN server side, but somehow once mobile data was enabled on the iOS device then there will be VPN bypassing issue and WhatsApp can not be blocked.
And with more tests ( on iOS 12.4.5 / 13.4.1 / 13.5.1 ), I found that
- With or without WLAN Assist the results are the same;
- Enterprise VPN written with Network Extension has the same problem;
- I also tried similar software like Slack but didn't found the same issue.
I have no idea how WhatsApp bypass VPN when its traffic was blocked. Is it a bug of the iOS VPN?
