When tethering a cellular-capable iOS 10 device, the traffic from the remote machine seems to bypass the connect-as-needed VPN and go directly to the cellular network. Local iOS device traffic starts and uses the VPN as usual, but web sites visited from the remote machine see the mobile IP address, not the VPN IP address (regardless of whether the VPN is on at the time of the visit or not).
One purpose of a VPN is to shield traffic from the prying eyes of the (mobile) ISP. Is there a way to force tethered traffic through the VPN (other than by putting the VPN on the remote machine)?
Best Answer
No, it seems that's not possible.
I have made several tests with different VPNs and VPN settings on my iPhone - some on demand, some not, but even when switched on manually, tethered traffic was never sent through the VPN.
I've also tried setting OverridePrimary to true as described here (it is false by default when creating the profile in the Apple Configurator), but that did not change the tethered traffic either.
The remaining solution is to install the VPN connection on your tethering client.
BTW, if that client is a Mac, you can simply import the same VPN profile by double-clicking on the mobileconfig file created for iOS.