NEVPNManager connect to VPN server

Question

Created Mar ’21

Replies 4

Boosts 0

Views 2.1k

Participants 3

I use https://github.com/hwdsl2/setup-ipsec-vpn as vpn server.

and I create app connect my server use NEVPNManager

here is vpn configuration Code:

Code Block     func createNewConfiguration() {    let p = NEVPNProtocolIKEv2()
     
    p.serverAddress = "xxxxx"
    p.remoteIdentifier = "x"xxxx
    p.localIdentifier = "vpnclient"
  
    p.authenticationMethod = .certificate
    p.identityData = try! Data(contentsOf: Bundle.main.url(forResource: "vpnclient", withExtension: "p12")!)
    p.identityDataPassword = "password"
     
     
    p.useExtendedAuthentication = false
    p.disconnectOnSleep = false
     
    manager.isEnabled = true
    manager.protocolConfiguration = p
    manager.saveToPreferences { (error) in
      guard error == nil else {
        self.manager.protocolConfiguration = nil
        return
      }
      self.connectAfterInit = true
    }
  }

I have tow file

ikev2vpnca.cer

vpnclient.p12

Here is my connection process

I import ikev2vpnca.cer as iOS profiles manual
then start app connect vpn

everything work fine.

But when I delete ikev2vpnca.cer at Setting->General->Profile
I can't connect to my VPN anymore

Can I implement step 1 use swift code? I don't want to send ikev2vpnca.cer to my iPhone and manual install it

There is no idea how to solve this problem

Answered by wlixcc in 665177022

I have solved this problem. Just set the identityReference property, hoping to help others who encounter the same problem in the future

Code Block p.identityReference = try! Data(contentsOf: Bundle.main.url(forResource: "ikev2vpnca", withExtension: "cer")!)

Boost

Answer 1

wlixcc OP

Mar ’21

Accepted Answer

I have solved this problem. Just set the identityReference property, hoping to help others who encounter the same problem in the future

Code Block p.identityReference = try! Data(contentsOf: Bundle.main.url(forResource: "ikev2vpnca", withExtension: "cer")!)

0

Answer 2

Systems Engineer OP

Apple

Mar ’21

Glad you were able to resolve you issue. I just want to point out that the identityReference is meant to be a persistent keychain reference to an identity, not loaded from disk. Loading this identity from disk also means that you have your private key saved on disk and that is not advisable.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

1

Answer 3

wlixcc OP

Mar ’21

Sorry for misleading others. Last day I manual install .cer file and test the code。 That mad me think I had sloved the problem，when I delete .cer profile ，connect to the vpn server auto disconnected immediately。

Still need help

0

Answer 4

DTS Engineer OP

Apple

Mar ’21

Personal VPN requires that the VPN server’s certificate be issued by a CA that’s trusted by the system as a whole. It sounds like you’re using your own custom CA, and thus your Personal VPN configuration only works when your CA’s root certificate is installed.

There’s an easy way to test this: Use Apple Configurator to create a configuration profile with a VPN payload for your VPN. Can you do that without having to also add a com.apple.security.root payload? If so, it’s likely that you’ll be able to create an equivalent configurator using Personal VPN. If not, the only way to get this working with Personal VPN is to change your server.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1