Hi,
We've built a VPN using NEPacketTunnelProviderExtension for our enterprise users, and our VPN setup requires a proxy which is set via NEPacketTunnelNetworkSettings's proxySettings. Unfortunately our users discovered that the system's Captive Portal Assistant (which triggers when the device connects to a portaled network) doesn't load the portal pages when our VPN is enabled. I've discovered that when the VPN has proxy settings enabled, the device is unable to load the Wi-Fi portal pages; however when I remove the proxy settings, the portal pages load properly.
I traced the traffic using WireShark to see the difference between no VPN and a VPN with the proxy. When the VPN and proxy are enabled, it appears that the system's portal pop-up bypasses the VPN (which is good) but then tries to make some HTTP and HTTPS calls using the VPN's proxy server address, which doesn't exist on the portalled network, leading to a failed TCP connection. This use of the VPN's proxy server on a non-VPN'd network seems like a bug in the Captive Portal Assistant. Has anyone else encountered this problem, or is there something wrong with our setup that is causing this? I see one example of someone else encountering this issue (https://forums.developer.apple.com/thread/62259), but there doesn't appear to be a answer for that thread.
Does anyone have a suggestion for a work around? This is not an issue during a Wi-Fi to Wi-Fi transtion as that transition will trigger a network change (a change in NEPacketTunnelProvider's defaultPath) and thus allow us to disable the VPN before the system attempts to connect to the portalled Wi-Fi. However the transition from cellular to Wi-Fi does not appear to signal a network change until after the portal login has completed.
Thanks!