Determining interface index of VPN on iOS and macOS

For an interface index with BSD APIs, there is if_nametoindex that can be used with IP_BOUND_IF. However, if you use a userspace API like NWConnection or `nw_connection_t`, do you have any better luck here?

Also, does this connection exist in the container app or network extension that you developed, or is it on the system in another extension?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

@Matt

We want to know the identity of the VPN adapter before it's configured with its address. We haven't determined a way to identify which of the UTUN adapters correspond to the VPN adapter because there are multiple of them, each with similar or common attributes.

The connection exists in a network extension that we developed.

Are you using the NEPacketTunnelProvider APIs to configure and start your tunnel or are you creating the UTUN interface by hand? If you are creating it by hand you should move to the Network Extension packet tunnel APIs.

The connection exists in a network extension that we developed.

I would avoid using BSD socket APIs in your Network Extension and move to using the in-provider set of APIs to run TCP or UDP connections through your packet tunnel. That way you do not have to know specifics of the UTUN interface to make sure your socket is bound to it, but rather just like the in-providers APIs take care of this for you.

NWTCPConnection
An object to manage a TCP connection, with or without TLS.

NWUDPSession
An object to manage a UDP session to a network endpoint.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com