We set below rule for IKEv2 / IPSec / NETunnelProviderManager custom protocols. where trusted domain contains www.whatismyipaddress.com and manually connected to VPN. NEEvaluateConnectionRule *evalConnectionRule = [[NEEvaluateConnectionRule alloc] initWithMatchDomains:self.trustedDomains andAction:NEEvaluateConnectionRuleActionNeverConnect]; NEOnDemandRuleEvaluateConnection *onDemandRule = [NEOnDemandRuleEvaluateConnection new]; onDemandRule.connectionRules = @[ evalConnectionRule ]; [activeRules addObject:onDemandRule]; [NEVPNManager sharedManager].onDemandRules = [evalConnectionRule]; [NEVPNManager sharedManager].onDemandEnabled = YES; [NEVPNManager sharedManager].enabled = YES; [[NEVPNManager sharedManager].connection startVPNTunnelAndReturnError:&connError]; www.whatismyipaddress.com shows correct public IP address and www.whatismyip.com shows correct VPN server address on Safari. Above code snippet working fine on iOS / iPadOS on all bowsers but not on macOS browsers except Safari. Is there something I'm missing here? Are there other settings that we have to configure in our NEVPNManager/NETunnelProviderManager for macOS specifically? We are testing this in macOS Ventura.

Hello, We are facing what we believe is a compatibility issue with two networking APIs. If the Network extension VPN configuration has includeAllNetworks flag enabled and the NEHotspotHelper is registered. The user has internet connection but it is blocked, and there user will get internet back only after restarting the device. VPN Configuration is as below while connecting to VPN, { localizedDescription = WLVPN WireGuard Configuration enabled = YES protocolConfiguration = { serverAddress = <18-char-str> passwordReference = {length = 20, bytes = 0x67656e70ed0d05c06b1b4896bf4fef2031e1a92d} disconnectOnSleep = NO includeAllNetworks = YES excludeLocalNetworks = YES excludeCellularServices = YES excludeAPNs = YES excludeDeviceCommunication = YES enforceRoutes = NO providerBundleIdentifier = com.wlvpn.ios.consumervpn.network-extension } onDemandEnabled = NO onDemandRules = () } After running the code shown below. Regardless if the VPN is connected or not, the user needs to restart his device to regain internet access. private let neHelperQueue = DispatchQueue(label: "com.wlvpn.ios.consumervpn.hotspot", attributes: DispatchQueue.Attributes.concurrent) let options: [String: NSObject] = [kNEHotspotHelperOptionDisplayName : "" as NSObject] let status = NEHotspotHelper.register(options: nil, queue: neHelperQueue) { cmd in NSLog("Received command: \(cmd.commandType.rawValue)") } We need to use the includeAllNetworks flag to prevent the novel "Tunnel vision" vulnerability. Can we please have some help getting confirmation if both functionalities are compatible or if there's a way to enable them at the same time?