Some questions on NEPacketTunnelProvider on iOS 15

App & System Services General
jeffreyc OP
Created Sep ’21
Replies 2
Boosts 0
Views 775
Participants 1

Recently I tested my VPN application on iOS 15 beta 8 / Xcode 13 beta 5. It looks like that the precedence is IPSec VPN > iCloud private relay > NEPacketTunnelProvider VPN.

When the iCloud private relay is switched on if use IPSec VPN(I think it's using the IPSec interface) the browser's network traffic is still being routed to the IPSec tunnel. But for the implementation with NEPacetTunnelProvider VPN(UTUN interface) the browser's traffic is being routed to the private relay. I don't see any doc describing this but it seems this is the design.

And another question is the IncludeAllNetworks setting for the VPN. If set the IncludeAllNetworks to be 1 then the device global traffic would be routed to the VPN, but the excludedRoutes settings in the VPN would be unavailable, no routes would be excluded.

Is the above understanding correct?

Answered by jeffreyc in 688501022

I close this thread myself. What I observed is not correct.

Replies  2
Boosts  0
Views  775
Participants  1
jeffreyc OP
Sep ’21

I noticed that on https://developer.apple.com/documentation/networkextension/packet_tunnel_provider

Note

When a VPN configuration is active, connections use the VPN instead of iCloud Private Relay. Network Extension providers also don’t use iCloud Private Relay.

and this post https://developer.apple.com/forums/thread/682274.

it seems that the Private Relay should have the lowest precedence, but my test shows that the traffic from the browser still being routed to the Private Relay.

0
jeffreyc OP
Sep ’21
Accepted Answer

I close this thread myself. What I observed is not correct.

1
Some questions on NEPacketTunnelProvider on iOS 15
First post date Last post date
 
 
Q