Since upgrading to iOS 16, I've been having issues with mobile data when using an L3 VPN with Network Extension APIs. The remote address provided by my carrier is a mapped IPv6 IP (64:ff9b::e61:6f0), but we've had problems with mapped IPs in the past and have been using the next available IPv4 IP from the DNS response instead. This has been working fine until now.
However, with iOS 16, any TCP connection going to the gateway fails once the VPN is up. After analyzing a TCP dump, I noticed that the client is sending the initial SYN packet, and the server responds with SYN+ACK, but the client is not sending the final ACK in the 3-way handshake and instead sends an RST packet. I've found that using the mapped IP to connect with the server resolves the issue, but I'm concerned about the possibility of reintroducing previous bugs. My question is: what is the best way to handle mapped (WKP) IPs in this situation?
Note: I've tried excluding the gateway IP's explicitly in the network setting, problem persists.