Hi everyone!
I have recently started exploration of Network Extension capabilities in macOS. Currently I am trying to write app using network extension which should provide kind of split tunnelling. The idea is to check destinations of outgoing ip packets and when they match with some list of predefined addresses redirect these packets to another address(which is belongs to some server). If the destination doesn't match with list' elements, packet should not be redirected and simply go to the original target.
I have looked through developers' forum and watched WWDC19 session about NE. Currently I'm thinking that the best approach is to use PacketTunnelProvider to redirect packets. But I'm not sure that I'll be able to achieve needed behaviour. Is it possible to redirect packets using NE? Is it possible at all to check destination address of the outgoing packets? Also it would be great if anybody could provide a link to example project which use split tunnelling. I don't work with networks on a daily basis and will be glad to get any help from the community
I have recently started exploration of Network Extension capabilities in macOS. Currently I am trying to write app using network extension which should provide kind of split tunnelling. The idea is to check destinations of outgoing ip packets and when they match with some list of predefined addresses redirect these packets to another address(which is belongs to some server). If the destination doesn't match with list' elements, packet should not be redirected and simply go to the original target.
I have looked through developers' forum and watched WWDC19 session about NE. Currently I'm thinking that the best approach is to use PacketTunnelProvider to redirect packets. But I'm not sure that I'll be able to achieve needed behaviour. Is it possible to redirect packets using NE? Is it possible at all to check destination address of the outgoing packets? Also it would be great if anybody could provide a link to example project which use split tunnelling. I don't work with networks on a daily basis and will be glad to get any help from the community
First, check that setTunnelNetworkSettings is not producing an error before readPackets is called. Next, you should provide a tunnel remote address with your NEPacketTunnelNetworkSettings. This is the the address or hostname that you added to your serverAddress out in NETunnelProviderProtocol. And finally, yes, it is good to compare your NEIPv4Settings against traffic locally that you want to claim.And I don't understand what am I doing wrong. Could I use NEIPv4Settings() configurations of the machine in my local network?
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com