I've implemented a VPN app with Packet Tunnel Provider for iOS.
My question is about the onDemandRules:
I want the device connect automatically to the VPN when a network is available and when the network become available after the reboot of iOS. For this, I use the following code and it works :
let onDemandRule = NEOnDemandRuleConnect()
onDemandRule.interfaceTypeMatch = .any
newManager.isOnDemandEnabled = true
newManager.onDemandRules = [onDemandRule]
I also want some websites not to go through the VPN For this, I have tested this onDemand configuration and it seem to work:
let onDemandRuleEvaluate = NEOnDemandRuleEvaluateConnection()
let evaluateRule = NEEvaluateConnectionRule(matchDomains: ["site.example.com"], andAction: .neverConnect)
onDemandRuleEvaluate.connectionRules = [evaluateRule]
newManager.isOnDemandEnabled = true
newManager.onDemandRules = [onDemandRuleEvaluate]
But if I add these 2 rules as is : newManager.onDemandRules = [onDemandRule, onDemandRuleEvaluate], only the first rule work. Why? How can I do to have these 2 rules in my onDemand configuration?
.any is the default value for onDemandRule.interfaceTypeMatch so even if I not initialize it’s value, the result is the same.
This does not sound correct. You are right that .any is the default value, but if you do not include the rule for interfaceTypeMatch, this functionality will not take affect.
Regarding:
So how can we do to have a VPN which connect automatically and some websites which not to go through the VPN in same time?
If you want to use an OnDemandRules you could use a combination of NEOnDemandRuleDisconnect and NEOnDemandRuleConnect rules for the identified websites. Alternatively, you could also configure your tunnel's network settings to claim the destination addresses if you have a single site you are looking to claim access to with your tunnel. Then, everything else would go outside the tunnel naturally.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com