We are trying to configure split tunnel with tunnel routes with the below Tunnel Provider configuration tunnelProvider.protocolConfiguration.includeAllNetworks = NO; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = YES; We are adding some IPs in the excludeRoutes[10.168.10.182 and 192.168.10.65]. Please refer the below network settings for VPN IPv4Settings = { configMethod = manual addresses = ( 10.168.10.68, ) subnetMasks = ( 255.255.255.255, ) includedRoutes = ( { destinationAddress = 0.0.0.0 destinationSubnetMask = 0.0.0.0 }, ) excludedRoutes = ( { destinationAddress = 192.168.10.65 destinationSubnetMask = 255.255.255.255 }, { destinationAddress = 10.168.10.182 destinationSubnetMask = 255.255.255.255 }, ) overridePrimary = NO } Issue: when we are trying to access excludedRoute's IP [10.168.10.182 and 192.168.10.65] , it's getting tunneled. Expected Results : excludedRoutes IPs should go via physical interface.

Requirement: We need to update below tunnel provider properties once VPN is up. Is it possible? includeAllNetworks excludeLocalNetworks enforceRoutes When is the standard time to configure and save the below properties in system preferences? Is it possible to save these properties in system preference when VPN is up? saveToPreferencesWithCompletionHandler If we can change these properties in VPN connected state, When these tunnel provider properties will come into effect?

[iOS 17] We are trying to configure below Tunnel Provider configuration and we are saving it in NETunnelProviderManager preferences before calling startTunnelWithOptions tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; We are adding an IP in the excludeRoutes which belongs to server address[10.97.6.244]. Please refer the below network settings for VPN IPv4Settings = { configMethod = manual addresses = ( 10.97.4.188, ) subnetMasks = ( 255.255.255.255, ) includedRoutes = ( { destinationAddress = 0.0.0.0 destinationSubnetMask = 0.0.0.0 }, ) excludedRoutes = ( { destinationAddress = 10.97.6.244 destinationSubnetMask = 255.255.255.255 }, ) overridePrimary = NO } Issue: when we are trying to access server address, it's getting tunneled because of that few of our APIs are sending failure and we are unable to connect to VPN. Expected Results : excludedRoutes IPs should go via physical interface. STEPS TO REPRODUCE Configure VPN packet tunnel provider config as mentioned above and add some IPs in excludeRoutes Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” Try to connect to VPN excludeRoutes are tunneled via VA