[egberts1]

Apple App Store mandates that their Apple network infrastructure shall not be impacted by an app (VPN, TailScale, WireGuard, et. al.)

In addition to unimpeded Apple network pathway, DNS resolver is being resolved by Apple DNS recursive DNS server during your tunneling setup, arguably resolving even just the IP address(es) as well as DNS names of VPN server.

More on this sad saga of Apple iOS and VPN, et. al.:

https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php#whe...

Edit: of course, an external router would only leverage the WiFi part of iOS. We could use just the WiFi part of iOS and totally ignore the mysterious cellular traffic.

[responsible]

I’m not talking about an app. I’m talking about a router that VPN-ifies all your traffic to mitigate any form of leak. That article talks about iOS leaking traffic when using VPN apps. A VPN router is the only solution to stop this from happening.

[smoldesu]

Or you can just use a different device. There's plenty of hardware/software that respects your VPN routing rules, Apple is the outlier here. You don't need a complicated racked-and-stacked Ubiquiti when kernel-level WireGuard will do the trick.

[egberts1]

Noted and edited.