I am porting Android device vpn to iOS based device vpn based on nepackettunnelprovider. Android provides a mechanism to bypass vpn for some tcp/udp connections uisng the following api:
class VpnService
protect(int socket)
Protect a socket from VPN connections
I dont see equivalent api in iOS 9 vpn apis. How do I implement equivalent in iOS 9 vpn ?
From within your provider? You can use NEProvider’s
-createTCPConnectionToEndpoint:enableTLS:TLSParameters:delegate:-createUDPSessionToEndpoint:fromEndpoint:Share and Enjoy
—
Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"I will try to see if NWTCPConnection can bypass utun0 interface.
Is there a way to do this using the socket api?
Maybe Apple's answerer did not understand what exactly was meant, but coming from Android and knowing nothing of Apple API (except Swift and ObjC++ languages), I will point out what a normal developer would like to know.
How to achieve VpnService's protect in an iOS VPN?
An iOS App's life ends the moment the views are closed, hence a permanent VPN-Service is ONLY possible in an extension, which is a completely different target than that of your views (because iOS has no Service concept).
In addition to knowing above, learn the fact that any socket (aka connection) created from within your extension (aka Provider) is magically excluded (aka protected) from going through packetFlow (aka Tunnel), no matter if it's a Raw-socket made by C/C++ or OOP-Wrapped class in Swift5.
Surprisingly enough, actually making your extension's socket go through tunnel is much harder,
and you would need to use NEPacketTunnelProvider class's methods:
- createTCPConnectionThroughTunnelToEndpoint:enableTLS:TLSParameters:delegate:
- createUDPSessionThroughTunnelToEndpoint:fromEndpoint:
Note that above are instance methods, which is what minus sign in ObjC means,
so only available in extension context (but there is no escaping from the tunnel for App-targets anyway).