By the way, per-app-VPN(by MDM) using private protocol VPN gateway.
For A app, only the destination IP (192.168.1.10) use VPN, other destination IP use physical network
You definitely can’t do this via IP address. You may be able to do it via DNS name (consider the
matchDomainsproperty of the NEAppRule class) but I don’t see how you can actually configure that via the
com.apple.vpn.managed.applayerpayload in a configuration profile.
Share and Enjoy
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
According to Configuration Profile Reference
Under Per-App VPN Payload section, "The Per-App VPN payload supports all of the keys described in VPN Payload plus the following additional keys:". That implys to the developer that per-app VPN does support on-demand VPN keys, which include DNS.
Under DNS Dictionary Keys of VPN payload section, "If VPNType is IKEv2, the following DNS keys may be provided:" it seems say DNS will not work for VPN type of VPN (Custom SSL VPN), but actually for device on-demand packet tunnel provider, this DNS configuration (via NETunnelNetworkSettings.DNSSettings in API) does work, include "matchdomains".
How should developer to understand iOS/MacOS DNS resolving for the app associated with per-app packet tunnel?