how to connect iKEv2 with non personal VPN configuration

Question

Created Oct ’20

Replies 3

Boosts 0

Views 1.3k

Participants 2

Hi all
As I was searching arount it these days I realized I must use NETunnelProviderManager() rather than NEVPNProtocolIKEv2() and use a networkExtension target project and linked it to the providerManager, And also I realized I can configure my VPN with an object was made from NETunnelProviderProtocol() .
So here is my question:
every VPNs has a bunch of configuration (server address, remote identifier and etc.) an my vpn such other has them, so how can I configure them for an enterprise VPN configuration??

for more detail, here is an example of IKEv2 configuration:

Code Block swiftlet p = NEVPNProtocolIKEv2()
        if config.pskEnabled {
            p.authenticationMethod = NEVPNIKEAuthenticationMethod.sharedSecret
        } else {
            p.authenticationMethod = NEVPNIKEAuthenticationMethod.none
        }
        p.serverAddress = config.server
        
        p.disconnectOnSleep = true
        p.deadPeerDetectionRate = NEVPNIKEv2DeadPeerDetectionRate.medium
        p.username = config.account
        p.passwordReference = config.getPasswordRef()
        p.sharedSecretReference = config.getPSKRef()
        p.disableMOBIKE = *
        p.disableRedirect = *
        p.enableRevocationCheck = *
        p.enablePFS = *
        p.useExtendedAuthentication = ***
        p.useConfigurationAttributeInternalIPSubnet = false
        p.remoteIdentifier = config.remoteId
        p.serverAddress = config.server
        p.localIdentifier = config.account

Answered by Systems Engineer in 641274022

Great question. The APIs that you posted in your code sample are NEVPNManager APIs used to create an IKEv2 transport for a personal VPN. These APIs would not work with NETunnelProviderManager and NETunnelProviderProtocol because the NEPacketTunnelProvider approach lays down a foundation for you to create your own custom transport. In the personal VPN APIs, NEVPNManager, this is handled for you with NEVPNProtocol that allows you to setup IKEv2 or IPSec. Going the NEPacketTunnelProvider route sets up a blank canvas for you to specifically define your own IP Packet encapsulation protocol and you can define the transport any way you want.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Boost

Answer 1

Systems Engineer OP

Apple

Oct ’20

Accepted Answer

Great question. The APIs that you posted in your code sample are NEVPNManager APIs used to create an IKEv2 transport for a personal VPN. These APIs would not work with NETunnelProviderManager and NETunnelProviderProtocol because the NEPacketTunnelProvider approach lays down a foundation for you to create your own custom transport. In the personal VPN APIs, NEVPNManager, this is handled for you with NEVPNProtocol that allows you to setup IKEv2 or IPSec. Going the NEPacketTunnelProvider route sets up a blank canvas for you to specifically define your own IP Packet encapsulation protocol and you can define the transport any way you want.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

2

Answer 2

mohsen_Kh OP

Oct ’20

Thanks for your answer Meaton.
is there any tutorial for how to do it??

0

Answer 3

Systems Engineer OP

Apple

Oct ’20

Thanks for your answer Meaton.
is there any tutorial for how to do it??

No problem. This is not a tutorial for wading through this. The closest thing is probably the SimpleTunnel example for here.

However, if you get stuck during the development process then I would encourage you to post your question on the Forums here. For more advanced code level support on the development of the VPN, you can open a TSI and someone from DTS can assist you. Note that DTS does not debug server level VPN issues, we can only help with the API and development side of things.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

1