Post

Replies

Boosts

Views

Activity

How can I control if traffic from other apps goes through the proxy when using a NETunnelProvider?
I am setting up a fake VPN with proxy settings using NEPacketTunnelProvider. When I check proxy check sites, I can see the proxy is detected. let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "10.0.0.1") let proxySettings = NEProxySettings() proxySettings.httpEnabled = true proxySettings.httpsEnabled = true proxySettings.httpServer = NEProxyServer(address: hostIP, port: portNumber) proxySettings.httpsServer = NEProxyServer(address: hostIP2, port: portNumber2) proxySettings.excludeSimpleHostnames = false proxySettings.matchDomains = [""] settings.proxySettings = proxySettings How can I control whether other installed apps on the phone use or bypass this proxy? Can I do this with exceptionList? Since I am routing everything through a VPN, I assumed I could control this. The selection of which apps use the proxy should be up to the user. Could you provide an explanation of how I can manage this? I am quite new to these types of tasks.
1
0
124
3w
NEVPNProtocolIKEv2: How to Handle Identity Data from .mobileconfig?
I am trying to establish a connection using NetworkExtension and NEVPNProtocolIKEv2. It needs to work on an iOS device. I have a test.mobileconfig file and I have set up all configurations based on its content. However, I am unsure how to assign the value for identityData. I have tried multiple methods, but each time, I receive the following errors on my server: "ikev2-cp"[200] "my_ip_address" #1387: Peer attempted EAP authentication, but IKE_AUTH is required "ikev2-cp"[200] "my_ip_address" #1387: responding to IKE_AUTH message (ID 1) from "my_ip_address" with encrypted notification AUTHENTICATION_FAILED "ikev2-cp"[200] "my_ip_address" #1387: encountered fatal error in state STATE_V2_PARENT_R1 First of all, I used the first PayloadContent value inside the .mobileconfig file that I tested. I should mention that there is a certificate inside the file. However, the certificate is not password-protected. func getIKEv2Protocol(address: NSString, username: NSString, password: NSString) -> NEVPNProtocolIPSec { let p = NEVPNProtocolIKEv2() let kcs = KeychainService() p.certificateType = .RSA p.authenticationMethod = .certificate kcs.save(key: "ikev2_password", value: password as String) p.passwordReference = kcs.load(key: "ikev2_password") p.identityDataPassword = "cHH....B3" p.ikeSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM p.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA256 p.ikeSecurityAssociationParameters.diffieHellmanGroup = .group19 p.ikeSecurityAssociationParameters.lifetimeMinutes = 1410 p.childSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM p.childSecurityAssociationParameters.integrityAlgorithm = .SHA256 p.childSecurityAssociationParameters.diffieHellmanGroup = .group19 p.childSecurityAssociationParameters.lifetimeMinutes = 1410 if let certData = Data(base64Encoded: base64String) { p.identityData = certData p.authenticationMethod = .certificate } p.serverCertificateIssuerCommonName = "***" p.serverCertificateCommonName = "***-2" p.deadPeerDetectionRate = .medium p.disableRedirect = true p.enableRevocationCheck = false p.useExtendedAuthentication = true p.remoteIdentifier = address as String p.localIdentifier = username as String p.serverAddress = address as String p.enablePFS = false return p; } and let vpnManager = NEVPNManager.shared() // inside > vpnManager.loadFromPreferences { (error) -> Void in let p = self.getIKEv2Protocol(address: address, username: username, password: password) vpnManager.protocolConfiguration = p vpnManager.localizedDescription = "IKEv2 VPN" vpnManager.isEnabled = true vpnManager.saveToPreferences(completionHandler: { (error) -> Void in ... vpnManager.loadFromPreferences(completionHandler: { error in ... try vpnManager.connection.startVPNTunnel() // And this section starts without any errors. How can I properly provide the value for p.identityData and .mobileconfig password? Please explain in detail if there is an answer, as I am inexperienced with Swift and VPNs.
2
0
358
Aug ’24