Improving the VPN Experience on iPhone/iOS
Or apple could just allow split tunnelling. I mean I don’t want vpn on my Gpay or PhonePe, but I want on Netflix. I’ll just select that specific app data to go through vpn.
Well written and accurate depiction of the current needs for VPN.
I’ve been using AdGuard DNS on my iPhone with their profile and the actual app on iPad. While the VPN is not always on, it helps with privacy since it blocks ads.
VPN, location, shortcuts etc. So much potential wasted in control center. All I hope is that with the new redesign in iOS 15, we also get so better functionality and toggles.
I think improvements would be good but these features are probably one of the less important ones Apple should consider.
For iOS you can use Shortcuts App and the Passepartout App to turn on and off a VPN and even connect with home or another VPN.
So what’s the point of a separate control panel selection?
I use Passepartout to make a VPN connection with my home Router automatically when going outside.
Try Quantumult X or Shadowrocket. It works as a form of vpn and you can set routing based on IP ranges or domain suffix. It uses socks5 and is the best vpn tool inside China
Control Center is still well behind what Android does. I feel like they know though and we will hopefully get a big update come iOS 15.
Just let us turn off and not merely disconnect Bluetooth and Wifi from Control Center.
Android allows this. One thing I find awesome about it.
Split tunnelling is possible with a VPN profile. Cant set it up on app level though, only domains.
I have an iPhone 12 Pro and I’m doing split tunneling just fine? Using Wireguard, tho.
–edit: Oh you mean per-app.
I’m tunneling DNS requests to my Pi Hole at home (as well as accessing the rest of my home network) while all remaining data access goes directly.
What is Split tunnelling ?
Just run all your local network traffic through your personal VPN on a VPN-capable router (ASUS makes great ones), and in addition, to improve security, you can use NextDNS on your Apple TV simply by changing the DNS to that of your personal NextDNS setup. It works beautifully. 
This is the first time I have shared this and I am the author. You are right about the second part though.
Yeah it’s a shame apple hasn’t “invented” this yet.
Make it so only specific traffic goes over the VPN, and traffic you don’t wan’t to go over VPN doesn’t.
iOS has always supported this.
It’s controlled by the VPN provider, which is enforced by some companies.
I luckily don’t have to use my employer’s VPN, and run my own server at work. So when I use VPN, I route specific networks over the connection, only.
Shouldn’t have to do that. You might not want all your Internet traffic to siphon through some remote IP address; geolocation services rely on a reasonably-proximate estimation of your position to (for example) find local inventory of a product you’re shopping for, and so on. And many routers (like mine) don’t support it anyway.
iOS supports VPNs, macOS supports VPNs; competitive media-appliance products like Google’s awkwardly-named $50 “ChromeCast with Google TV” support VPNs; in fact there are dozens of well-respected VPN apps on the Play Store that are compatible with the CCwGTV (and many of its VPN options do the DNS-cloaking trick automatically, such as VyprVPN, which I use). The ARM processors in even the original Apple TV hardware are entirely capable of supporting the functionality, too.
So what’s the hangup? Apple is all about privacy, so shielding your media consumption choices from your curious ISP and others on your network should be right in line with their marketing message.
I suspect, however, that Apple is suffering the same internal conflict-of-interest that Sony did when it chose to become a media company, purchasing Columbia pictures and so on. This prompted Sony to close up their hardware and software, support favored media types, enshrine DRM in everything, and so on. In Apple’s case, supporting VPNs in their media appliance would mean viewers could evade geolocation, torrenters could cloak their IP addresses, and so on. If Apple weren’t a media company too, all that would be a don’t-care. But they are, and that is the likeliest reason why they block VPNs on tvOS.
(By the way, if you dig into your Apple TV system menus, you’ll find it does support a VPN… but only for Apple technicians performing field diagnostics.)
iTunnel, 3,99 a month also avaible in Apple One
I know you shouldn’t have to do that, but I was just saying it’s “one” solution to the problem of Apple not allowing users to use a VPN natively on the AppleTV. If your router supports it then it’s not a bad idea at all. And configuring the AppleTV to use NextDNS via a configuration profile OR by simply changing the DNS settings to that of your personal NextDNS profile can do a lot for the system, too. Just options for those who wanted a solution when there really aren’t any available. The only actual way a user can use a VON on the AppleTV is by configuring your router to use a trusted, no-log personal VPN (Using an OpenVPN profile. NordVPN is also a very good choice for a VPN provider)
Edit: I also have dug around via ssh on my older AppleTV when it was jailbroken and found references to VPN-support, but that’s it— just references. Nothing that looked like even a jailbreak could enable for users to configure an on-device VPN. It’s pretty interesting.
And nice post, btw. Pretty informative, especially to those who don’t know much on the subject. 