iOS IKEv2 Vpn Connection

NEVPNProtocolIKEv2 is a subclass of NEVPNProtocolIPSec, which is, in turn, a subclass of NEVPNProtocol. You set the password via the

passwordReference

sharedSecretReference

IMPORTANT Have you tested your VPN setup via a configuration profile? If not, I suggest you do that first, before trying to set it up via NEVPNManager. Once you get the profile working, it’s generally pretty straightforward to set up a matching configuration via the API.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I tested, setup in iphone (setting > vpn > add vpn configuration) works fine 😁

I use this, but it fails: (fails in: xcode console)

NSString *Pass = @"12341234";
NSData *Pdata = [Pass dataUsingEncoding:NSUTF8StringEncoding];

protocol.passwordReference = Pdata;
protocol.sharedSecretReference = Pdata;

Console:

secitemcopymatching failed: -50
secitemcopymatching failed: -50

I want to this config, how can i do: 🙂

http://i.imgur.com/ti40mYZ.png

It’s hard to say what’s going wrong based on what you’ve posted so far. However, if you have a configuration profile that works but can’t get the same setup working in code, my recommendation is that you open a DTS tech support incident and I’ll take a detailed look at your code in that context.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

My only problem:

I Add VPN as programmatically, When I try to connect always asking for a password (Apple Setting Vpn)

I can not set a password as programmatically 😟

Anyway Thank You 🙂 I try DTS

NEVPNManager *manager = [NEVPNManager sharedManager];
    [manager loadFromPreferencesWithCompletionHandler:^(NSError *error){
        if(error){
            NSLog(@"Error: %@", error);
        }else{

            NEVPNProtocolIKEv2 *protocol = [[NEVPNProtocolIKEv2 alloc] init];

            protocol.serverAddress = @"192.168.2.1";
            protocol.remoteIdentifier = @"username";
            protocol.localIdentifier = @"username";
     
            protocol.username = @"username";
            NSString *pass = @"password";

            //protocol.authenticationMethod = NEVPNIKEAuthenticationMethodNone;
            protocol.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret;
            protocol.useExtendedAuthentication = YES;

           //protocol.passwordReference = [pass dataUsingEncoding:NSUTF8StringEncoding];
           //protocol.identityReference = [pass dataUsingEncoding:NSUTF8StringEncoding];
           //protocol.identityDataPassword = pass;
           //protocol.identityData = [pass dataUsingEncoding:NSUTF8StringEncoding];;

            protocol.disconnectOnSleep = NO;

            [manager setLocalizedDescription:@"MyVpnConnection"];
            [manager setProtocolConfiguration:protocol];

            [manager setEnabled:YES];

            [manager saveToPreferencesWithCompletionHandler:^(NSError *error){
                if (error) {
                    NSLog(@"Save Error: %@",error);
                }else{
                    NSLog(@"Saved");
                }
            }];
        }
    }];

I met the same problem with you, each time the connection need to enter a password, you solved now?Can you tell me?

NEVPNProtocolIKEv2 *pp = [[NEVPNProtocolIKEv2 alloc]init];
    pp.serverAddress = @"myserver";
    pp.remoteIdentifier = @"remote";
    pp.localIdentifier = @"test";
    pp.username = @"myname";
   
   
    pp.authenticationMethod = NEVPNIKEAuthenticationMethodNone;
    pp.useExtendedAuthentication = YES; 
    pp.disconnectOnSleep = NO; 
   
    [manager setLocalizedDescription:@"myVPN"];
    [manager setProtocolConfiguration:pp];
    [manager setEnabled:YES];
    [manager setOnDemandEnabled:YES];

Ha ha I solve the problem of the password

Here is what works :

p.username = @"u1";

p.serverAddress = @“w.x.y.z”;

// Get password persistent reference from keychain

// If password doesn't exist in keychain, should create it beforehand.

[self createKeychainValue:@“some string” forIdentifier:@"VPN_PASSWORD"];

p.passwordReference = [self searchKeychainCopyMatching:@"VPN_PASSWORD"];

// PSK

p.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret;

[self createKeychainValue:@“some string“ forIdentifier:@"PSK"];

p.sharedSecretReference = [self searchKeychainCopyMatching:@"PSK"];

Hope it help!

After use IKEv2 link, how to hide in the VPN information system server and IP and other information,😢

What I've found tends to mislead most developers (including myself) is the Data? type of NEVPNProtocol's passwordReference and sharedSecretReference's properties.

As such, we all get started by taking our password strings and generating a Data representation of it using UTF8 encoding: it seems sensible, but that just won't work as the system will not be able to access those secrets when required.

This will cause to one or more of the following symptoms:

1. secitemcopymatching failed: -50 (logged in the debugger)
2. The Settings app asking to enter the password info when the VPN gets switched ON
3. Log lines such as the below in the Console:

failed to create a com.apple.vpn-plugin sandbox extension for /System/Library/Frameworks/NetworkExtension.framework/PluginIKEv2.vpnplugin

What the documentation states, although I admit the API reference docs may be improved to stress this aspect, is that both passwordReference and sharedSecretReference require an object of type Data that is a persistent reference to the keychain item which stores the real password or sharedSecret data. In order to obtain such persistent reference representation, you will need to query the keychain via SecItemCopyMatching and set the kSecReturnPersistantRef entry of the query dictionary to YES.

Below an extract in Objective-C:

NSMutableDictionary* query = @{(__bridge id)kSecClass      : (__bridge id)kSecClassGenericPassword,
                            (__bridge id)kSecAttrService : @"Your service name here",
                            (__bridge id)kSecAttrAccount : @"Your account name here",
                            };
query[(__bridge id)kSecReturnPersistentRef] = @YES
__block OSStatus status;
CFTypeRef results = nil;
status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &results);

The data obtained in such a way will be a persistent keychain item reference that can be stored in the protocol's passwordReference property and that, once saved via NEVPNManager's saveToPreferences method, can be accessed by the system when required (eg: when the VPN's switch gets toggled).

Hope this helps.

Hi, I know this is a old post, but can you upload the Xcode project to GitHub? I have my IKEV2 servers ready, but atm I’m installing ota via profile. Would like to do it via app :)

can you upload the Xcode project to GitHub?

Please drop me a line via email (my email address is in my signature).

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

NSMutableDictionary* query = @{(__bridge id)kSecClass : (__bridge id)kSecClassGenericPassword, (__bridge id)kSecAttrService : @"Your service name here", (__bridge id)kSecAttrAccount : @"Your account name here", }; query[(__bridge id)kSecReturnPersistentRef] = @YES __block OSStatus status; CFTypeRef results = nil; status = SecItemCopyMatching((__bridge CFDictionaryRef)query, &results);