PacketTunnel pass-through

Hi,


I’m working on iOS platform and want to use PacketTunnel extension by IP (not per-app VPN). Technically, I want to setup custom Proxy by enabling VPN configuration. I do not want to encrypt and pass all the data through an external VPN server.
Is it technically possible to “simulate" VPN server on PacketTunnel extension and make direct unchanged (but filtered) connections?

Accepted Reply

I must reiterate that this is not something that DTS supports: The packet tunnel provider architecture was intended for custom VPN transports, and using it for other purposes is likely to cause you grief in both the short and long term (even if App Review is not a factor).

Given the above, I’m not able to give you a step-by-step guide for setting this up. I don’t want to lead down a path that ultimately turns out to be a dead end.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

These two parts to this, business and technical.

At the business level, packet tunnel providers are intended to be used to provide custom VPN transports. DTS does not support their use for other, ‘off label’ tasks. And while I can’t speak for App Review, my recommendation is that you consult both their guidelines and your developer legal agreements before creating a packet tunnel provider for anything other than this supported case.

At a technical level, the answer depends on what you mean by “setup custom proxy”. Are you referring to a proxy configured via the

NEProxySettings
type? Or a proxy that you implement in your own code by processing the various packets that travel through your provider?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

At a technical level, I was looking for a NEProxySettings.

At a business level, I'm working on my pet project without plans for AppStore distribution.

Proxy settings work (roughly) the same way as DNS settings: By default the system honours the settings of the tunnel interface when it becomes the default route. However, that’s not the full story, and there are ways for a non-default interface to be consulted. See this post for more.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Got it.

Does the external connection to VPN server is required to make this work? May it possible to instantiate direct connections to requested IPs and bypass data with my own Proxy/DNS settings via PacketTunnel extension?

I must reiterate that this is not something that DTS supports: The packet tunnel provider architecture was intended for custom VPN transports, and using it for other purposes is likely to cause you grief in both the short and long term (even if App Review is not a factor).

Given the above, I’m not able to give you a step-by-step guide for setting this up. I don’t want to lead down a path that ultimately turns out to be a dead end.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"