The easiest way to allow traffic to continue to it's destination is to allow the system to handle the packet and not even to touch NEPacketTunnelFlow. However, I suspect that you are wanting to perform some custom packet handling, otherwise you would not be using a NEPacketTunnelProvider. The key rule to remember with packet tunnel in this context is if you call readPacket* then you must handle that packets you are given in some way. Whether it is sending it over the network to it's destination or altering the packets and sending it to it's destination, the packet needs to be handled.For instance if an ICMP packet comes into the tunnel how can I send that ICMP packet unmodified through to it's set destination?
I can see how to do that with networks/routes. How would you do that based on the packet type? Let's say I always want to allow ICMP packets through unmodified.The easiest way to allow traffic to continue to it's destination is to
allow the system to handle the packet and not even to touch NEPacketTunnelFlow.
One way to do that would be to determine ICMP packets by observing the IP Packet information delivered in NEPacket. For example, if the IP Header indicates ICMP, then take that NEPacket and send it over the wire to your packet tunnel server. If the IP Header indicates otherwise, then proceed with further logic. The key thing to remember is that you need to take action on the packets.How would you do that based on the packet type? Let's say I always want to allow ICMP packets through unmodified.
Is there a way to do this in Transport mode IPsec without a full blown VPN solution? We want a client to client solution without a gateway and without a packet tunnel server. I have been able to parse NEPacket and identify if it is an ICMP protocol but at that point it's already being handled by the tunnel interface. Since there's no option to resume the packet as is, I'm lost as to how to "send it over the wire".For example, if the IP Header indicates ICMP, then take that NEPacket and send it over the wire to your packet tunnel server.