We have implemented System Extension with the capability of Packet Tunnel Provider . Our Tunnel is full tunnel, so we are getting all packets for all traffic (DNS request packets and application data packets).
what we want to achieve
- DNS request packets only for match domains should come to our Tunnel
- All applications data packets for all apps should come to our Tunnel
Code that I have tried to achieve this
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: remoteAddress)
/* DNS settings. */
let dnsSettings = NEDNSSettings(servers: dnsServerList)
dnsSettings.matchDomains = ["example.com" ]
dnsSettings.matchDomainsNoSearch = true
networkSettings.dnsSettings = dnsSettings
/* IPv4 settings */;
let ipV4Settings = NEIPv4Settings(addresses: [tunnelAddress], subnetMasks: [tunnelSubnetMask])
ipV4Settings.includedRoutes = [NEIPv4Route.default()]
let localDNSServerRoute = NEIPv4Route(destinationAddress:localDNSServer, subnetMask: excludedRouteSubnetMask)
ipV4Settings.excludedRoutes = [localDNSServerRoute]
networkSettings.ipv4Settings = ipV4Settings
networkSettings.mtu = NSNumber(integerLiteral: mtuValue
We have set includedRoutes as NEIPv4Route.default() and in
excludedRoutes we have set localDNSServer address. But with this code we are getting all traffic (DNS and app data packets) even-though we have excluded the system/local DNS server.
Question
- Can we achieve this functionality?
- if yes, what mistake have we made in the code?
Thanks