9 Replies
      Latest reply: Jan 10, 2017 5:13 AM by m.digimat RSS
      pandora_team Level 1 Level 1 (0 points)
        NEVPNProtocolIKEv2 *protocol = [[NEVPNProtocolIKEv2 alloc] init];
        
        protocol.serverAddress = @"domain.com";
        protocol.remoteIdentifier = @"domain.com";
        protocol.localIdentifier = @"username";
        
        protocol.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret;
        protocol.useExtendedAuthentication = YES;
        protocol.username = @"username";
        
        
        

         

        How do I specify the user password?

        Server Password Type: EAP

         

        • Re: iOS IKEv2 Vpn Connection
          eskimo Apple Staff Apple Staff (6,270 points)

          NEVPNProtocolIKEv2 is a subclass of NEVPNProtocolIPSec, which is, in turn, a subclass of NEVPNProtocol.  You set the password via the passwordReference property of NEVPNProtocol.  You set the shared secret via the sharedSecretReference of NEVPNProtocolIPSec.

          IMPORTANT Have you tested your VPN setup via a configuration profile?  If not, I suggest you do that first, before trying to set it up via NEVPNManager.  Once you get the profile working, it’s generally pretty straightforward to set up a matching configuration via the API.

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: iOS IKEv2 Vpn Connection
              pandora_team Level 1 Level 1 (0 points)

              I tested, setup in iphone (setting > vpn > add vpn configuration) works fine

               

              I use this, but it fails: (fails in: xcode console)

               

              NSString *Pass = @"12341234";
              NSData *Pdata = [Pass dataUsingEncoding:NSUTF8StringEncoding];
              
              protocol.passwordReference = Pdata;
              protocol.sharedSecretReference = Pdata;
              
              
              

               

              Console:

               

              secitemcopymatching failed: -50
              secitemcopymatching failed: -50
              
              

               

              I want to this config, how can i do:

              http://i.imgur.com/ti40mYZ.png

                • Re: iOS IKEv2 Vpn Connection
                  eskimo Apple Staff Apple Staff (6,270 points)

                  It’s hard to say what’s going wrong based on what you’ve posted so far.  However, if you have a configuration profile that works but can’t get the same setup working in code, my recommendation is that you open a DTS tech support incident and I’ll take a detailed look at your code in that context.

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"

                    • Re: iOS IKEv2 Vpn Connection
                      pandora_team Level 1 Level 1 (0 points)

                      My only problem:

                       

                      I Add VPN as programmatically, When I try to connect always asking for a password (Apple Setting Vpn)

                      I can not set a password as programmatically

                      Anyway Thank You I try DTS

                       

                       

                      NEVPNManager *manager = [NEVPNManager sharedManager];
                          [manager loadFromPreferencesWithCompletionHandler:^(NSError *error){
                              if(error){
                                  NSLog(@"Error: %@", error);
                              }else{
                      
                                  NEVPNProtocolIKEv2 *protocol = [[NEVPNProtocolIKEv2 alloc] init];
                      
                                  protocol.serverAddress = @"192.168.2.1";
                                  protocol.remoteIdentifier = @"username";
                                  protocol.localIdentifier = @"username";
                           
                                  protocol.username = @"username";
                                  NSString *pass = @"password";
                      
                                  //protocol.authenticationMethod = NEVPNIKEAuthenticationMethodNone;
                                  protocol.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret;
                                  protocol.useExtendedAuthentication = YES;
                      
                                 //protocol.passwordReference = [pass dataUsingEncoding:NSUTF8StringEncoding];
                                 //protocol.identityReference = [pass dataUsingEncoding:NSUTF8StringEncoding];
                                 //protocol.identityDataPassword = pass;
                                 //protocol.identityData = [pass dataUsingEncoding:NSUTF8StringEncoding];;
                      
                                  protocol.disconnectOnSleep = NO;
                      
                                  [manager setLocalizedDescription:@"MyVpnConnection"];
                                  [manager setProtocolConfiguration:protocol];
                      
                                  [manager setEnabled:YES];
                      
                                  [manager saveToPreferencesWithCompletionHandler:^(NSError *error){
                                      if (error) {
                                          NSLog(@"Save Error: %@",error);
                                      }else{
                                          NSLog(@"Saved");
                                      }
                                  }];
                              }
                          }];
                      
                        • Re: iOS IKEv2 Vpn Connection
                          chenxiaojun Level 1 Level 1 (0 points)
                          • I met the same problem with you, each time the connection need to enter a password, you solved now?Can you tell me?
                          
                          NEVPNProtocolIKEv2 *pp = [[NEVPNProtocolIKEv2 alloc]init];
                              pp.serverAddress = @"myserver";
                              pp.remoteIdentifier = @"remote";
                              pp.localIdentifier = @"test";
                              pp.username = @"myname";
                             
                             
                              pp.authenticationMethod = NEVPNIKEAuthenticationMethodNone;
                              pp.useExtendedAuthentication = YES; 
                              pp.disconnectOnSleep = NO; 
                             
                              [manager setLocalizedDescription:@"myVPN"];
                              [manager setProtocolConfiguration:pp];
                              [manager setEnabled:YES];
                              [manager setOnDemandEnabled:YES]; 
                          
                          • Re: iOS IKEv2 Vpn Connection
                            vzrao Level 1 Level 1 (0 points)

                            Here is what works :

                             

                                        p.username = @"u1";

                                        p.serverAddress = @“w.x.y.z”;

                                     

                                        // Get password persistent reference from keychain

                                        // If password doesn't exist in keychain, should create it beforehand.

                                        [self createKeychainValue:@“some string” forIdentifier:@"VPN_PASSWORD"];

                                        p.passwordReference = [self searchKeychainCopyMatching:@"VPN_PASSWORD"];

                                     

                                        // PSK

                                        p.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret;

                                        [self createKeychainValue:@“some string“ forIdentifier:@"PSK"];

                                        p.sharedSecretReference = [self searchKeychainCopyMatching:@"PSK"];

                             

                            Hope it help!

                    • Re: iOS IKEv2 Vpn Connection
                      m.digimat Level 1 Level 1 (0 points)

                      What I've found tends to mislead  most developers (including myself) is the Data? type of NEVPNProtocol's passwordReference and sharedSecretReference's properties.

                      As such, we all get started by taking our password strings and generating a Data representation of it using UTF8 encoding: it seems sensible, but that just won't work as the system will not be able to access those secrets when required.

                      This will cause to one or more of the following symptoms:

                      1. secitemcopymatching failed: -50  (logged in the debugger)
                      2. The Settings app asking to enter the password info when the VPN gets switched ON
                      3. Log lines such as the below in the Console:
                      
                      failed to create a com.apple.vpn-plugin sandbox extension for /System/Library/Frameworks/NetworkExtension.framework/PluginIKEv2.vpnplugin
                      
                      
                      

                       

                      What the documentation states, although I admit the API reference docs may be improved to stress  this aspect, is that both passwordReference and sharedSecretReference require an object of type Data that is a persistent reference to the keychain item which stores the real password or sharedSecret data. In order to obtain such persistent reference representation, you will need to query the keychain via SecItemCopyMatching and set the kSecReturnPersistantRef entry of the query dictionary to YES.

                       

                      Below an extract in Objective-C:

                       

                      NSMutableDictionary* query = @{(__bridge id)kSecClass      : (__bridge id)kSecClassGenericPassword,
                                                  (__bridge id)kSecAttrService : @"Your service name here",
                                                  (__bridge id)kSecAttrAccount : @"Your account name here",
                                                  };
                      query[(__bridge id)kSecReturnPersistentRef] = @YES
                      __block OSStatus status;
                      CFTypeRef results = nil;
                      status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &results);
                      
                      
                      
                      

                       

                      The data obtained in such a way will be a persistent keychain item reference that can be stored in the protocol's passwordReference property and that, once saved via NEVPNManager's saveToPreferences method, can be accessed by the system when required (eg: when the VPN's switch gets toggled).

                      Hope this helps.