I am working on a NetworkExtension which uses the NEPacketTunnelProvider to provide VPN-like tunnel so I can modify the traffic.
This works great for basically all the apps I tried so far, but Facebook Messenger seems to be able to ignore it. I first see that the traffic goes through the tunnel, should be blocked (for testing), but then the messages are successfully sent anyway.
To me this suggests that Messenger first goes through the tunnel and when that does not work, it has some kind of fallback. This happens whether I am on Wifi or cellular data. At first I thought that it may somehow fallback to cellular when WiFi does not work, but even when I disable cellular on the iOS level, Messenger still works when the tunnel is active.
I tried getting all the system routes (meaning the IPs and masks) and manually setting them to includedRoutes on the NEIPv4Settings but this has no effect.
Does this look like the Messenger is indeed bypassing the VPN tunnel? Or maybe something else is at play?
So far I have tried basically all configuration combinations and nothing seems to affect Messenger in any way. Apps like Signal, Instagram, YouTube and other can be successfully cut off the network with the tunnel.
EDIT: Found this on the official Apple forums: https://developer.apple.com/forums/thread/122330
Actually Facebook Messanger sends traffic to all active interfaces in iOS. It even sends tarffic out trough Cellular, when mobile data is disabled from settings.
EDIT 2: I tried the new iOS 14 configuration option includeAllNetworks which seems to work for Messenger but somehow messes up other apps like Signal or WhatsApp.
When I don't have this flag on, Signal work with my VPN on and I can see its traffic, but when I enable this flag Signal does not send messages nor receives them.
