Disconnect from VPN if OnDemand Search Domain rules matches

First, for testing, make sure that your manager.isOnDemandEnabled = true is enabled and then try a straight forward rule just to test that your rules are working. One that I use is an interface match because that is straight forward to trigger.

Code Block swift
var rules = [NEOnDemandRule]()
let rule = NEOnDemandRuleConnect()
rule.interfaceTypeMatch = .any
rules.append(rule)
manager.onDemandRules = rules
manager.isOnDemandEnabled = true

Next, configure your tunnel but do not connect it. Perform an interface match and see if the tunnel connects. If that works then you now can try with your disconnect rule. Connect your tunnel, make sure the tunnel is claiming traffic for the hostname, navigate to that hostname. Does your tunnel disconnect?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Thanks Matt for your reply. I tried the mentioned connection and disconnection rules and on demand rules works perfectly fine with interface match.

Below code works perfectly fine:

Code Block 
var rules = [NEOnDemandRule]()
let rule = NEOnDemandRuleConnect() or let rule = NEOnDemandRuleDisconnect()
rule.interfaceTypeMatch = .anyrules.append(rule)
manager.onDemandRules = rules
manager.isOnDemandEnabled = true

But the functionality which i am looking is to disconnect from the tunnel when user browse/navigates to hostname like netflix, primevideo and that is not working.

Code not working:

Code Block Swift
var rules = [NEOnDemandRule]()
let rule = NEOnDemandRuleConnect()
rule.interfaceTypeMatch = .any
rule.dnsSearchDomainMatch = ["*.hotstar.com", "*.netflix.com", "*.primevideo.com"]  
rule.probeURL = NSURL(string: "url.accessible.from.internal") as URL?
rules.append(rule)
manager.onDemandRules = rules
manager.isOnDemandEnabled = true