I’m developing my own VPN app. I use OpenVPN and Wireguard. As far as I know, all the traffic on a device will be transferred through VPN when it is connected.
The problem is that my application communicates with backend via an API and If my VPN server goes down or somehow its internet is interrupted, my application can’t communicate with the API to get a new credential of another VPN server to connect to. So is there anyway that I can add my API domain to an exception list so that my application will never communicate with the API through VPN traffic?
I would think a VPN implementation would involve routing and that should provide you with a way to split up the routing as you wish. I think most VPN setups just set the VPN route as the default gateway. Local traffic shouldn’t be affected. You could add as many routes as you require.
Just a guess.
Probably your api should be periodically queried for a list of alternative endpoints and the results cached.
Here’s the source code for a VPN (Packet Tunnel Provider) that works on iOS and macOS: GitHub - openziti/ziti-tunnel-apple: Ziti mobile and desktop edge clients for Apple devices. You can find a packaged version of it in the app store under “Ziti Mobile Edge”.
It’s built to use the OpenZiti Swift SDK to route only configured traffic over an OpenZiti network. So,as long as the VPN isn’t explicitly configured to route your API calls over the VPN they won’t be picked up (the analogy in OpenZiti is that we make sure connections to a Ziti Controller or Ziti Router are never sent over the VPN connection).
There is both an app (with UI) and appex (the packet tunnel provider), and you can communicate between the two (there is a method provided by Apple to send messages from the app to the appex). In your case, you would probably use the app to collect the credentials needed to start the appex.
There’s a fair amount of code in the repo. ziti-apple-tunnel/Network/PacketTunnelProvider.swift is the main “VPN” (appex) entry point, and ziti-apple-tunnel/ZitiMobilePacketTunnel/ is the mobile app. If you end up looking and have questions you can shoot me a note (or use the Discourse site mentioned in the READMEs)
Wow very helpful Thanks guys
Why do you think you need a VPN? Serious question, what are you trying to solve for?
I believe VPN split tunneling is only supported on iOS utilizing an MDM profile with a compatible enterprise VPN solution.
Thank you for your reply.
We have the same thought. But I couldn’t find a way to do that on iOS, with Android it is possible and I already did it.
I’m new to iOS development as well therefore I don’t have enough knowledge to make it works. hope some one can give me a sight.
Thanks for the information, bro. Looks promising.
I’m doing this for studying purpose. AFAIK, VPN provides people a more privacy internet. isn’t it?
The better question is why would anyone ever not use a VPN.
There is an App in the App Store called Net Analyzer that provides route tracing with reverse DNS on each hop. That means the network tools are in iOS. Check the BSD routing information (not Linux) and see what tools you can access. Perhaps routing tools are restricted for security purposes. You wouldn’t want an app to reroute network requests to a hostile server for example.
Off the top of my head: Because they are slower, funnel traffic to a central location which, if not trustworthy, makes security worse, sometimes introduce their own security holes in the software, and sometimes things break when a web site sees too much traffic coming from one egress point.
There is an App in the App Store called Net Analyzer that provides route tracing with reverse DNS on each hop. That means the network tools are in iOS. Check the BSD routing information (not Linux) and see what tools you can access. Perhaps routing tools are restricted for security purposes. You wouldn’t want an app to reroute network requests to a hostile server for example.
Cool. I’ll give it a try. Thanks for your advice bro.
In my opinion. Everything has it own advantage and disadvantage. It depends on how we use it and what would it help us. For example the medium.com website is restricted in my country which means I can’t access it directly and everyone knows that medium.com has so many useful posts. Therefore I need to use VPN to bypass the restriction and be able to get the knowledge on the website.
You’re right in it is hard to find a trustworthy VPN provider so that is why I’m doing it myself.