Hey there,
I have set up an IKEv2 server (strongSwan, for those interested), that I've been able to successfully connect my iOS client to using the NEVPNManager framework.
The issue is, I'd like to define a set of domains (or a set of IP subnets) for which my device does not route to the VPN and instead just routes through the iPhone's default networking interface. This, from what I understand, is called a split-exclude tunnel.
strongSwan does implement a plugin that supposedly enables this functionality, but iOS does not respect these blacklists. What I've read in the documentation is the only way to express a blacklist is to create a list of subnets that are the inverse of the blacklist, which is a bit onerous.
Ideally, I'd like a way to just route all traffic to the VPN, with the exception of a small handful of domains. Is there a way to do this using iOS' built-in IPSec or IKEv2 clients, or will I need to implement an NEPacketTunnelProvider in order to do this?
If the latter, would I lterally need to implement the entire IKEv2 protocol in order to do this?