2 Replies
      Latest reply on Feb 14, 2019 7:20 AM by SuperLinkMan
      houmie Level 1 Level 1 (0 points)

        I have been investigating ifit's possible to achieve the following. I have both an IKEv2 VPN server and have a Swift iOS client. On the client side I have enabled the isOnDemandEnabled on the NEVPNManager and have set the rules to match anything.

         

        var vpnManager : NEVPNManager
        var protcol: NEVPNProtocol
        let ikev2 = NEVPNProtocolIKEv2()
        ikev2.useExtendedAuthentication = true
        ...
        protcol = ikev2
        protcol.disconnectOnSleep = false
        let connectRule = NEOnDemandRuleConnect()
        connectRule.interfaceTypeMatch = .any
        vpnManager.onDemandRules = [connectRule]
        vpnManager.isOnDemandEnabled = true

         

        This should mean that any attempt to access the internet should match this rule and should only go over the VPN. (This is my understanding of it, I hope that's right).

         

        The Killswitch in VPN terminology is a feature that stops all internet traffic to go to and from the device, as soon as the VPN becomes unavailable. This is so to prevent any leakage in case the VPN tunnel becomes inaccessible. This could be as simple as monitoring if the current IP address fluctuates as a trigger to do this.

         

        What I couldn't find out is if iOS 10.3+ already does this in the background as long as the OnDemand feature is enabled?

        Or is it just a way to reconnect to the VPN as soon as the VPN drops, but the traffic could still leak to the existing 4G without the VPN server present? I couldn't find any information yet this regarding. Any advice please?  Hopefully Eskimo can see this, please. :-)