Recently, I’ve been building a VPN server/client application. The server side runs on Ubuntu, and the client side runs on iOS (using Network Extension). The primary process is all IP packets tramsims from Client to Server through a TCP tunnel; when the VPN server gets the packets, it makes NTA to every packet (changing the source IP and the source port) and then sends these packets to the target server(IP forwarding) using a raw socket, VPN server does receive response packets from the target server, after that, it changes the source IP and source port to the origin on those packets and send them back through the tunnel to the Client, the problem is the Client seems doesn’t accept the response packet.