Hi,I am building VPN client with Packet Tunnel Provider for macOS. The VPN profile configured by Apple Configurator 2 uses certificate p12 file as user authentication for connection, the profile installed on my Mac as well as the certificate was imported to keychain. The VPN extension is called once I try to connect the vpn, but I am not able to retrieve the private key with persistent reference of my VPN keychain item which comes within NETunnelProviderProtocol object. Below are things I did.1. Generate p12 file with certificate and RSA private key. openssl pkcs12 -export -out client.p12 -inkey privateKey.key -in certificate.crt -certfile CACert.crt2. Try to retrieve the private key with persistent reference in NETunnelProviderProtocol object in Packet Tunnel Provider extension. SecIdentityRef identity_ref = NULL; const void *keys[] = { kSecClass, kSecReturnRef, kSecValuePersistentRef }; const void *values[] = { kSecClassIdentity, kCFBooleanTrue, persistent_ref }; CFDictionaryRef dict = CFDictionaryCreate(NULL, keys, values, 3, NULL, NULL); if ( SecItemCopyMatching(dict, &identity_ref) == errSecSuccess) { SecItemImportExportKeyParameters params = {}; params.version = SEC_KEY_IMPORT_EXPORT_PARAMS_VERSION; params.flags = kSecKeySecurePassphrase; params.passphrase = CFStringCreateWithCString(kCFAllocatorDefault, "", kCFStringEncodingASCII); status = SecItemExport(identity, kSecFormatPKCS12,0, &params, &exportResult);// error, not able to get the private key }Addictionly I try to use SecItemCopyMatching to retrieve the private key, I can get just only 96 bytes back, obviously, it is not correct.There should be something wrong with my code, please give me help.Thanks!
Post
Replies
Boosts
Views
Activity
I have built a VPN app using Packet Tunnel Provider on iOS. The VPN profiles are configured through an MDM server. The VPN can be used in a Per-App VPN configuration mode or device level mode.I am facing an issue with the split tunnel in per-app VPN configuration. I set up a couple of routes for the Per-app VPN to split the traffic over the tunnel, but all the traffic go through the tunnel disregarding of the route setting.When the same routes are configured and the VPN is running in device level mode, the route configuration is respected and only traffic destined to the specified networks goes through the tunnel.The question I have is: Are the split tunnel routes not respected in per-app VPN configuration mode?Below is the code snippet that I am using for configuring VPN setting.//Set server address and assigned ip addresses
NEPacketTunnelNetworkSettings *setting = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:remote_server_addr];
setting.IPv4Settings = [[NEIPv4Settings alloc] initWithAddresses:tunnel_addresses subnetMasks:netmasks];
//Add routes
if(routes.count > 0)
{
NSMutableArray <NEIPv4Route *> * includeRoutes = [[NSMutableArray alloc]init];
for (int i = 0; i < routes.count; ++i)
{
NEIPv4Route* route = [[NEIPv4Route alloc] initWithDestinationAddress:routes[i].addr subnetMask: routes[i].netmask];
if (routes[i].gateway.length() > 0) {
route.gatewayAddress = routes[i].gateway;
}
[includeRoutes addObject:route];
}
setting.IPv4Settings.includedRoutes = includeRoutes;
}
else
{
setting.IPv4Settings.includedRoutes = @[[NEIPv4Route defaultRoute]];
}
//Set DNS server
setting.DNSSettings = [[NEDNSSettings alloc]initWithServers:DNSServers];
setting.DNSSettings.searchDomains = nil;
setting.DNSSettings.matchDomains = @[@""]
setting.tunnelOverheadBytes = @(1500);
[tun_provider setTunnelNetworkSettings:setting completionHandler:^(NSError * _Nullable error) {
//handle result
}];