Captive Network Breaks with Packet Tunnel Provider Extension

We are working on developing a custom packet tunnel provider to selectively route unencrypted HTTP traffic through an SSH tunnel, while letting encrypted traffic route directly.


Unfortunately, we are running into problems when the device is trying to switch from a cellular network to a captive network. The login websheet stays blank indefinitely (while attempting to connect to 1.1.1.1). What's worse is that we have instrumented the call to readPacketsWithCompletionHandler:, and we don't see any connection attempts destined for either our proxy server or for the captive portal address. Am I missing something here? Is there perhaps a compatibility issue?


If we modify the NEPacketTunnelNetworkSettings to include "1.1.1.1" in the exceptionList of the proxy settings, then the portal loads, but this is not a feasible solution for public distribution across all possible captive networks.

Replies

Did you ever find a solution?


I just ran into the same issue and have been unable discover why the login websheet hangs if the HTTP proxy is enabled. I don't see any relevant HTTP traffic sent when login websheet is loaded when the HTTP proxy is enabled or disabled.

It's seems impossible -

https://forums.developer.apple.com/thread/69679