Pango Platform
HomeConsole
  • What is Pango Developer Platform
  • Getting started
    • Sign up on the Management Console
    • Create a new project
    • Switch projects
    • Change console settings
    • Edit your profile
    • Try out the demo app
    • Keep exploring
    • Deprecation and Sunset
  • Console details
    • Dashboard
      • General
      • Location loading
    • Users
      • User page
    • Active sessions
    • Network
      • Countries
      • Locations
      • Pools
        • Optimal location
        • Location rules
    • Settings
      • General
        • Project config description (JSON format)
          • Server selector (JSON format)
          • Request selector (JSON format)
      • Authentication methods
        • Auth Plugin requirements
      • VPN
        • General
        • VPN Bypass list
        • Client Networks
      • Member
    • Export Data
    • Log
  • SDK
    • Unified VPN SDK for Android
      • Setup
        • Application Setup
        • Proguard Rules, Notification, and Analytics Configurations
        • Backend URL Configuration
      • Usage
        • Initialization
        • VPN Interface
        • Backend interface
      • Features
        • Hydra Protocol
          • Location profile (Hydra only)
        • Custom sdk dependencies
        • Deferred VPN Service Initialization
        • Authentication
        • Client Network List (CNL)
        • OpenVPN transport
        • Wireguard Transport
        • Reconnection strategy
        • Single Protocol SDK
        • Killswitch
        • Domain route via VPN
        • Process route via VPN
        • Process Bypass
        • Domain Bypass
        • Traffic rules
        • VPN Node DNS Configuration
        • Multihop
          • Optimal Location
      • Exceptions
      • Version migration
      • Changelog
    • Unified VPN SDK for Apple
      • Setup
        • Application Setup
        • Network Extension Setup
          • Network Extension Setup for tvOS
        • Backend URL Configuration
      • Usage
        • Single Protocol SDK
        • Unified SDK
        • Logging
        • Decoding Encoded VPN SDK Logs
      • Features
        • Deferred VPN Service Initialization
        • Authentication
        • Wireguard Transport
        • Reconnection strategy
        • Killswitch
        • Domain Bypass
        • Multihop
          • Optimal Location
        • Client Network List (CNL)
        • Domain route via VPN
      • Changelog
      • API Reference
    • IPSEC VPN SDK for Apple
    • Unified VPN SDK for Windows
      • Setup
        • Backend URL Configuration
        • Service command line arguments
        • ARM Platform Support
      • Usage
        • CoreAPI
        • Events
        • Generating a Unique Device Identifier
        • Error processing
        • Pipe Messaging
      • Features
        • Traffic protection
          • Killswitch
          • Prevent IP Leaks
          • Block Local Networks
        • Other
          • Firewall
            • DNS Monitor
            • Process Bypass
            • Domain Bypass
            • Process route via VPN
            • Domain route via VPN
          • Throttling
          • Optimal Location
          • Common issues
        • Hydra Protocol
          • CustomDNS, UserDNS, MultiHop, VpnProfiles
        • OpenVPN Protocol
        • Wireguard Protocol
        • IPSec Protocol
      • Collecting Debug Logs
      • Changelog
    • Unified VPN SDK for Routers
      • SDK. Shared library.
      • Configuration Interface (CI)
        • Unix Domain Sockets CI
        • REST API CI
    • Unified VPN SDK Feature Comparison By Platform
    • Unified VPN SDK
      • Features
        • Personal Bridge
    • Tunnel Vision and Tunnel Crack Prevention
  • REST API
    • Partner API
  • Sample applications
    • Unified VPN SDK demo for Windows
    • Hydra VPN SDK demo for iOS
    • IPSEC VPN SDK demo for iOS
    • Unified VPN SDK demo for Android
    • Hydra VPN SDK demo for OpenWRT
    • OpenVPN configuration file
  • Resources
    • Use cases
      • Public VPN
      • Business VPN
        • Creating a Business VPN Project
        • Wi-Fi Security for Business
      • Application anti-blocking
    • How-to
      • Create a Firebase project for User Authentication
      • AWS CloudFront Distribution of the Platform URL
      • How can I get Shared Secret key from iTunes Connect for In-App Purchase
  • FAQ
    • General
      • VPN Platform Flow
      • What data is collected by the Platform?
      • What analytic data is collected by your SDK?
      • How the Platform restricts access to our data?
      • Why DNS Leak tests often indicate positive result?
      • Do we need to perform endpoint health checks?
      • How is the VPN exit node found?
      • How are streams re-marked if VPN is enabled/disabled on an active flow?
      • Is there a maximum number of supported devices?
      • Are both IPv4 and IPv6 supported?
      • What is the MTU of the tunnel?
      • Are any redundancy measures in terms of reliability provided?
      • Is there any load balancing?
      • Do you block broadcast and multicast to/from the VPN?
    • List of Open Source libs
Powered by GitBook
On this page
  • Understanding Domain Bypass Configuration
  • Use Cases

Was this helpful?

  1. SDK
  2. Unified VPN SDK for Apple
  3. Features

Domain Bypass

Domain bypass allows users to selectively route internet traffic for specific domains outside of a VPN connection. This feature provides flexibility in managing network traffic, optimizing performance, and maintaining access to certain resources that may be restricted or perform poorly when accessed through a VPN.

Understanding Domain Bypass Configuration

At its core, domain bypass is controlled through a configuration structure that specifies which domains should bypass the VPN. This configuration typically includes three main components:

  1. A boolean flag to enable or disable bypass functionality

  2. A list of domains that should bypass the VPN

  3. An optional DNS server to use for bypassed domains

For example, a basic domain bypass configuration might look like this:

let bypassConfig = BypassConfiguration(
    isBypassEnabled: false,
    bypassDomains: ["*domain1.com", "domain2.net", "domain3.org"],
    bypassDNSServer: nil
)
  • Since we do not provide default values for this initializer at the moment, you need to explicitly specify isBypassEnabled: false.

  • It's important to be aware that if you use isBypassEnabled: true, it will result in a full bypass, meaning that all traffic will be bypassed and not routed through the VPN.

The resulting BypassConfiguration instance may look like this when inspected:

{
  bypassDomains = 3 values {
    [0] = "*domain1.com"
    [1] = "domain2.net"
    [2] = "domain3.org"
  }
  bypassDNSServer = nil
  bypassDomainsBehaviour = bypass
}

The configuration also supports wildcards. In the example, *domain1.com means the domain and all its subdomains will bypass the VPN.

Currently WireGuard protocol does not support wildcards as it is expects IPv4 addresses to be provided for bypassing. Domain names are undergoing conversion in this case and wildcard representation can't be converted without significant delays in protocol workflow.

Use Cases

Use Case
Description

Improved Performance

For domains that don't require VPN protection, such as content delivery networks (CDNs) or local network resources, bypassing the VPN can improve network performance and reduce latency. This is especially beneficial for apps that heavily rely on media streaming or frequent communication with local devices.

Access to Local Resources

When connected to a VPN, Apple devices may have difficulty accessing resources on the local network, such as printers, smart home devices, or media servers. By bypassing the VPN for local network domains, apps can seamlessly communicate with these resources while still maintaining VPN protection for other connections.

Compliance with Regional Restrictions

Some services or content may be restricted or have different behavior based on the user's geographical location. If an app needs to access such services or content, bypassing the VPN for those specific domains allows the app to comply with regional restrictions and provide the appropriate user experience.

Compatibility with Captive Portals

Captive portals, commonly found in public Wi-Fi networks, often require users to log in or agree to terms of service before granting internet access. By bypassing the VPN for captive portal domains, apps can ensure that users can properly authenticate and access the internet when connected to such networks.

PreviousKillswitchNextMultihop

Last updated 9 days ago

Was this helpful?