Routing Network Data to the VPN

Routing Network Data to the VPN

There are two ways or methods by which network data is routed to the VPN:

  • By destination IP address
  • By source application (Per-App VPN)


My question is: Can use the two ways simultaneously?

For instance: For A app, only the destination IP(192.168.1.10) use VPN, other destination IP use Physical network


Replies

By the way, per-app-VPN(by MDM) using private protocol VPN gateway.

For A app, only the destination IP (192.168.1.10) use VPN, other destination IP use physical network

You definitely can’t do this via IP address. You may be able to do it via DNS name (consider the

matchDomains
property of the NEAppRule class) but I don’t see how you can actually configure that via the
com.apple.vpn.managed.applayer
payload in a configuration profile.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

According to Configuration Profile Reference


Under Per-App VPN Payload section, "The Per-App VPN payload supports all of the keys described in VPN Payload plus the following additional keys:". That implys to the developer that per-app VPN does support on-demand VPN keys, which include DNS.


Under DNS Dictionary Keys of VPN payload section, "If VPNType is IKEv2, the following DNS keys may be provided:" it seems say DNS will not work for VPN type of VPN (Custom SSL VPN), but actually for device on-demand packet tunnel provider, this DNS configuration (via NETunnelNetworkSettings.DNSSettings in API) does work, include "matchdomains".


How should developer to understand iOS/MacOS DNS resolving for the app associated with per-app packet tunnel?