I have been looking at the routing table via that App, and that is confusing to me.
So, here's more details for you guys to enjoy this puzzle.
To make it simpler, I disconnected my iPhone from the WIFi, and left it only connected to the cellular (LTE) network.
What you see below are the routing tables returned by the app before and after connecting to my home VPN.
I removed plenty of IPv6 entries for simplicity. Not sure they do have a role here. I wonder why IPv6 routes are there in the first place as I am not aware of anything needing IPv6 on my iPhone. They are more than the IPv4 entries below. So, that is a big question mark to me, at present.
Anyway, as to IPv4 entries:
No VPN.
IPv4:
Destination Gateway Interface Flags
default 10.60.165.177 pdp_ip0 UGSc
default link#21 ipsec1 UCSI
10.60.165.177 10.60.165.177 pdp_ip0 UHr
10.60.165.177/32 link#5 pdp_ip0 UCS
10.254.254.254 10.254.254.254 ipsec1 UH
127 127.0.0.1 lo0 UCS
127.0.0.1 127.0.0.1 lo0 UH
224.0.0/4 link#5 pdp_ip0 UmCS
224.0.0/4 link#21 ipsec1 UmCSI
255.255.255.255/32 link#5 pdp_ip0 UCS
255.255.255.255/32 link#21 ipsec1 UCSI
VPN.
IPv4:
Destination Gateway Interface Flags
default link#26 ppp0 UCS
default 10.60.165.177 pdp_ip0 UGScI
default link#21 ipsec1 UCSI
1.0.0.1 10.10.11.101 ppp0 UH
10 ppp0 ppp0 USc
10.60.165.177 10.60.165.177 pdp_ip0 UHr
10.60.165.177/32 link#5 pdp_ip0 UCS
10.254.254.254 10.254.254.254 ipsec1 UH
127 127.0.0.1 lo0 UCS
127.0.0.1 127.0.0.1 lo0 UH
217.133.42.94 10.60.165.177 pdp_ip0 UGHS
224.0.0/4 link#26 ppp0 UmCS
224.0.0/4 link#5 pdp_ip0 UmCSI
224.0.0/4 link#21 ipsec1 UmCSI
224.0.0.251 link#26 ppp0 UHmW3I
255.255.255.255/32 link#26 ppp0 UCS
255.255.255.255/32 link#5 pdp_ip0 UCSI
255.255.255.255/32 link#21 ipsec1 UCSI
The above is very confusing to me.
10.60.x.x is mobile data link from my mobile isp (Wind Italy)
10.10.10.x/24 is my home LAN network.
10.10.11.x/24 is my VPN network
I decided to have the two above in two separate IP spaces back in the day when I configured my home VPN server.
VPN server routes from 10.10.11.x to 10.10.10.x and vice versa.
10.10.10.100 is my Gateway to the Internet for all clients in the 10.10.10.x/24 IP space (again, Home LAN).
10.10.11.1 is the VPN server
and gateway for all clients in 10.10.11.x/24 IP space (VPN network).
So, VPN clients (including my iPhone) receive an IP in the 10.10.11.x space
They also receive the following two routes as they connect to my VPN server:
10.10.10.0/255.255.255.0/10.10.11.1 --> This to tell clients that they can access my LAN (10.10.10.x) via 10.10.11.1 .
0.0.0.0/0.0.0.0/10.10.10.100 --> This is to tell the clients that in order to access the Internet, they need to route through my home Gateway, in my LAN obviously.
This route is designed for the iPhone specifically, otherwise there's no way the iPhone reaches the Internet while connected to my VPN.
For the records, this means that Windows or MacOS clients (and Android, I'd assume. Not tested) - but not the iPhone - would end up with two gateways for 0.0.0.0 (that is all traffic other than my home LAN). By configuring interface metrics, I can easily insure they do not use my home gateway (10.10.10.100) to get to the internet, and keep using whatever gateway they would use otherwise (my office network, or any other network I happen to be in).
Now, please notice that in the above iPhone routing tables I see no reference to 10.10.10.1 or 10.10.10.100 .
The two routes I push to the iPhone do not show.
But, I know they must be there somewhere, because:
- If I don't configure my VPN server to push the
10.10.10.0/255.255.255.0/10.10.11.1 route, my iPhone won't get to my home LAN
- If I don't configure my VPN server to push the
0.0.0.0/0.0.0.0/10.10.10.100 route, my iPhone won't get to the Internet.
So, they
do affect the iPhone behavior. But, they do not show.
I suspect the app is not returning the routing table correctly. Or, I can't read it correctly.
Previous Topic
Index
