L2TPOverIPsec VPN stopped working with initWithRemoteNetwork

Hi

I am building NETransparentProxyProvider proxy. Observing a problem with L2TP over IPsec VPN. As soon as the following UDP filter is set. L2TP over IPSec VPN is disconnected after some time.

 includeRule = [[NENetworkRule alloc] initWithRemoteNetwork:nil
                                 remotePrefix:0
                                 localNetwork:nil
                                  localPrefix:0
                                   protocol:NENetworkRuleProtocolUDP
                                   direction:NETrafficDirectionOutbound];

In this case, Wireshark capture shows only outgoing packets on the ppp0 interface.

I also set up exception rules:

  1. 500/4500 UDP ports bypass.
  NSString *ipAddress = [NSString stringWithUTF8String:"0.0.0.0"];
  NSString *portNum = [NSString stringWithUTF8String: "500"];
  NWHostEndpoint *endpoint = [NWHostEndpoint endpointWithHostname:ipAddress port:portNum];
  NENetworkRule *rule = [[NENetworkRule alloc]
                  initWithDestinationNetwork:endpoint
                  prefix:0 protocol:NENetworkRuleProtocolAny];
  [excludeRules addObject:rule];
   
  ipAddress = [NSString stringWithUTF8String:"0.0.0.0"];
  portNum = [NSString stringWithUTF8String: "4500"];
  endpoint = [NWHostEndpoint endpointWithHostname:ipAddress port:portNum];
  rule = [[NENetworkRule alloc]
      initWithDestinationNetwork:endpoint
      prefix:0 protocol:NENetworkRuleProtocolAny];
  [excludeRules addObject:rule];
  1. Always returning NO in handleNewUDPFlow
  initialRemoteEndpoint:(NWEndpoint *)remoteEndpoint {
    return NO;
}

Both options did not resolve the issue.

Please let give me some pointers to resolve it.

I am running 11.3.1

Up vote post of anandfrombangalore Down vote post of anandfrombangalore
570 views
Posted by
anandfrombangalore
Reply
Add a Comment

Replies

I am building NETransparentProxyProvider proxy. Observing a problem with L2TP over IPsec VPN. As soon as the following UDP filter is set. L2TP over IPSec VPN is disconnected after some time.

That is odd. If you start the NETransparentProxyProvider first and then start the L2TP VPN do the two work together? Either way, this should be captured in a bug report with a sysdiagnose. Please respond with the Feedback ID.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment

Thanks, Matt!

Please check FB9174140.

My test servers are behind the VPNs. So I can not test your recommendation.

Posted by
anandfrombangalore
Up vote reply of anandfrombangalore Down vote reply of anandfrombangalore
Add a Comment

Thanks, Matt! Please check FB9174140.

Thank you for opening a bug report, I see it internally and have copied myself on it for more information.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment