Intercepting DNS query in PacketTunnelProvider for blocking domains

Question

munibsiddiqui OP

Created Sep ’23

Replies 3

Boosts 0

Participants 3

Hi,

I have developed a VPN application with PacketTunnelProvider that connects to the OpenVPN server. It works perfectly fine. Now I have the following requirements.

The user should be able to block a particular domain, such as "example.com" while staying connected to the VPN server.

For the above requirement, I need to capture the DNS request for facebook.com and see if it is in the block list provided by the user and block the DNS request.

I don't have to have multiple network extensions, I need to handle it from one Packettunnel provider that is already handling OpenVPN connection.

Can anyone help me here with this use case?

Boost

Answer 1

DTS Engineer OP

Apple

Sep ’23

The user should be able to block a particular domain,

What do you mean by block? Is the goal to prevent the user from connecting to a service hosted by that domain?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

munibsiddiqui OP

Sep ’23

@eskimo

The user should be able to block a particular domain ,

Yes, prevent users from loading example.com in Safari/chrome/Brave or through some other application.

0

Answer 3

DTS Engineer OP

Apple

Sep ’23

OK. What you’re trying to create here is a content filter. We have an NE provider for that, see Network Extension > Content Filter Providers, and it works pretty well. However, packet tunnel providers were not intended to support that. They exist so folks can create VPN products. When you try to bend a packet tunnel provider into acting like a content filter, you run into all sorts of problems. This is why TN3120 Expected use cases for Network Extension packet tunnel providers says not to do that.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

1