We are working on developing a custom packet tunnel provider to selectively route unencrypted HTTP traffic through an SSH tunnel, while letting encrypted traffic route directly.
Unfortunately, we are running into problems when the device is trying to switch from a cellular network to a captive network. The login websheet stays blank indefinitely (while attempting to connect to 1.1.1.1). What's worse is that we have instrumented the call to readPacketsWithCompletionHandler:, and we don't see any connection attempts destined for either our proxy server or for the captive portal address. Am I missing something here? Is there perhaps a compatibility issue?
If we modify the NEPacketTunnelNetworkSettings to include "1.1.1.1" in the exceptionList of the proxy settings, then the portal loads, but this is not a feasible solution for public distribution across all possible captive networks.