L2TPOverIPsec VPN stopped working with initWithRemoteNetwork

App & System Services Networking
anandfrombangalore OP
Created Jun ’21
Replies 3
Boosts 0
Views 666
Participants 2

Hi

I am building NETransparentProxyProvider proxy. Observing a problem with L2TP over IPsec VPN. As soon as the following UDP filter is set. L2TP over IPSec VPN is disconnected after some time.

 includeRule = [[NENetworkRule alloc] initWithRemoteNetwork:nil
                                 remotePrefix:0
                                 localNetwork:nil
                                  localPrefix:0
                                   protocol:NENetworkRuleProtocolUDP
                                   direction:NETrafficDirectionOutbound];

In this case, Wireshark capture shows only outgoing packets on the ppp0 interface.

I also set up exception rules:

  1. 500/4500 UDP ports bypass.
  NSString *ipAddress = [NSString stringWithUTF8String:"0.0.0.0"];
  NSString *portNum = [NSString stringWithUTF8String: "500"];
  NWHostEndpoint *endpoint = [NWHostEndpoint endpointWithHostname:ipAddress port:portNum];
  NENetworkRule *rule = [[NENetworkRule alloc]
                  initWithDestinationNetwork:endpoint
                  prefix:0 protocol:NENetworkRuleProtocolAny];
  [excludeRules addObject:rule];
   
  ipAddress = [NSString stringWithUTF8String:"0.0.0.0"];
  portNum = [NSString stringWithUTF8String: "4500"];
  endpoint = [NWHostEndpoint endpointWithHostname:ipAddress port:portNum];
  rule = [[NENetworkRule alloc]
      initWithDestinationNetwork:endpoint
      prefix:0 protocol:NENetworkRuleProtocolAny];
  [excludeRules addObject:rule];
  1. Always returning NO in handleNewUDPFlow
  initialRemoteEndpoint:(NWEndpoint *)remoteEndpoint {
    return NO;
}

Both options did not resolve the issue.

Please let give me some pointers to resolve it.

I am running 11.3.1

Replies  3
Boosts  0
Views  666
Participants  2
Systems Engineer OP
Apple
Jun ’21

I am building NETransparentProxyProvider proxy. Observing a problem with L2TP over IPsec VPN. As soon as the following UDP filter is set. L2TP over IPSec VPN is disconnected after some time.

That is odd. If you start the NETransparentProxyProvider first and then start the L2TP VPN do the two work together? Either way, this should be captured in a bug report with a sysdiagnose. Please respond with the Feedback ID.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
anandfrombangalore OP
Jun ’21

Thanks, Matt!

Please check FB9174140.

My test servers are behind the VPNs. So I can not test your recommendation.

0
Systems Engineer OP
Apple
Jun ’21

Thanks, Matt! Please check FB9174140.

Thank you for opening a bug report, I see it internally and have copied myself on it for more information.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
L2TPOverIPsec VPN stopped working with initWithRemoteNetwork
First post date Last post date
 
 
Q