Merge pull request #382 from ivpn/bugfix/network-protection-ios17

Network Protection does not work with Custom DNS on iOS 16 and 17

IVPNClient/Managers/StorageManager.swift

@@ -300,21 +300,35 @@ extension StorageManager {
         return nil
     }
 
+    private static func probeURL() -> URL? {
+        let isNetworkProtection = UserDefaults.shared.networkProtectionEnabled
+        let probeURL = URL(string: "https://\(Config.ApiHostName)\(Config.apiServersFile)")
+        return isNetworkProtection ? probeURL : nil
+    }
+
     private static func getDefaultOnDemandRule(status: NEVPNStatus) -> NEOnDemandRule? {
         let defaultTrust = getDefaultTrust()
 
         if defaultTrust == NetworkTrust.Untrusted.rawValue {
-            return NEOnDemandRuleConnect()
+            let onDemandRule = NEOnDemandRuleConnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         }
         if defaultTrust == NetworkTrust.Trusted.rawValue {
-            return NEOnDemandRuleDisconnect()
+            let onDemandRule = NEOnDemandRuleDisconnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         }
 
         switch status {
         case .connected:
-            return NEOnDemandRuleConnect()
+            let onDemandRule = NEOnDemandRuleConnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         case .disconnected, .invalid:
-            return NEOnDemandRuleDisconnect()
+            let onDemandRule = NEOnDemandRuleDisconnect()
+            onDemandRule.probeURL = probeURL()
+            return onDemandRule
         default:
             return nil
         }

IVPNClient/Managers/VPNManager.swift

@@ -232,26 +232,30 @@ class VPNManager {
     func installOnDemandRules(settings: ConnectionSettings, accessDetails: AccessDetails) {
         switch settings {
         case .ipsec:
-            self.disable(tunnelType: .openvpn) { _ in
+            disable(tunnelType: .openvpn) { _ in
                 self.disable(tunnelType: .wireguard) { _ in
                     self.setup(settings: settings, accessDetails: accessDetails, status: .disconnected) { _ in
                         self.disconnect(tunnelType: .ipsec)
                     }
                 }
             }
         case .openvpn:
-            self.disable(tunnelType: .ipsec) { _ in
+            disable(tunnelType: .ipsec) { _ in
                 self.disable(tunnelType: .wireguard) { _ in
                     self.setup(settings: settings, accessDetails: accessDetails, status: .disconnected) { _ in
-                        self.disconnect(tunnelType: .openvpn)
+                        DispatchQueue.delay(1) {
+                            self.openvpnManager?.connection.stopVPNTunnel()
+                        }
                     }
                 }
             }
         case .wireguard:
-            self.disable(tunnelType: .ipsec) { _ in
+            disable(tunnelType: .ipsec) { _ in
                 self.disable(tunnelType: .openvpn) { _ in
                     self.setup(settings: settings, accessDetails: accessDetails, status: .disconnected) { _ in
-                        self.disconnect(tunnelType: .wireguard)
+                        DispatchQueue.delay(1) {
+                            self.wireguardManager?.connection.stopVPNTunnel()
+                        }
                     }
                 }
             }
@@ -272,13 +276,11 @@ class VPNManager {
     }
 
     func disconnect(tunnelType: TunnelType, reconnectAutomatically: Bool = false) {
-        getManagerFor(tunnelType: tunnelType) { manager in
-            DispatchQueue.async {
-                manager.connection.stopVPNTunnel()
-            }
+        getManagerFor(tunnelType: tunnelType) { [self] manager in
+            manager.connection.stopVPNTunnel()
 
             if !UserDefaults.shared.networkProtectionEnabled || reconnectAutomatically {
-                self.removeOnDemandRule(manager: manager)
+                removeOnDemandRule(manager: manager)
             }
         }
     }