Post not yet marked as solved
Hi
I developed a vpn application for iOS via iKEV2 protocol and network extension for a company. and because it has a free with advertisement plan , so I should prevent users to connecting it from iOS setting, as I was checking several applications in iOS do it and work in the appStore ( but I don't know they use openVPN or IKEV2??), so here is my question!!
Is there any way for prevent users for connecting to the VPN from setting???
Post not yet marked as solved
I am a developer of a team and my account is not the account holder in the developer.apple.com (it is admin role) our previous APNs was expired and I wanna create a new one, as you know when we want to create a aps.cer in the developer portal we need to have a .certSigningRequest file and we can generate it from
opening Keychain Access application and open Keychain Access -> Certificate Assistant -> Request a Certificate From a Certificate Authority from menu,
in the window we have some textfields and one of the called User email address
so here is my question: which email should I put in the box? should I put my email or the account holder's email?
I asked it on Stackoverflow but I didn't get an appropriate answer, so decided to ask here and I will remove it form the Stackoverflow in order to prevent duplication:)
Post not yet marked as solved
due to SimpleFirewall example - https://developer.apple.com/documentation/networkextension/filtering_network_traffic I tried to convert it for iOS, but there is several vagus that I couldn't solve them.
1 - first here is used NENetworkRule and NEFilterSettings but both of them are available for mac apps, and I couldn't find any alternative for iOS
let filterRules = ["0.0.0.0", "::"].map { address - NEFilterRule in
let localNetwork = NWHostEndpoint(hostname: address, port: FilterDataProvider.localPort)
let inboundNetworkRule = NENetworkRule(remoteNetwork: nil, remotePrefix: 0, localNetwork: localNetwork, localPrefix: 0, protocol: .TCP, direction: .inbound)
return NEFilterRule(networkRule: inboundNetworkRule, action: .filterData)
}
// Allow all flows that do not match the filter rules.
let filterSettings = NEFilterSettings(rules: filterRules, defaultAction: .allow)
apply(filterSettings) { error in
if let applyError = error {
os_log("Failed to apply filter settings: %@", applyError.localizedDescription)
}
completionHandler(error)
}
2 - I wanted to configure with NEFilterProviderConfiguration and I realized if I want to config a device as a client base, I must configure with vendorConfiguration ( is it correct??) , but the problem is there isn't any document for it, I just realized I must pass a [String : Any]? dictionary to it, and the value must be NSSecureCoding and I don't know how to make that dictionary?, I guess the key is the host name but I don't know how to fill the value!.
3 - and the third problem is I wanted to configure NEFilterManager with the datafilterprovider's bundle, but it doesn't have any property to set. how can I connect the project to filterprovider target in iOS
Hi
I searched in most websites and couldn't find a sample or a suitable tutorial for NEFilterProvider does it have any tutorial or sample code on the internet?!?!? because I do not know how to use it on the project ( should I add a new target? should I have a custom VPN? and etc...)
Post not yet marked as solved
Hi
I want to use packet tunnel provider for manage traffic usage on ios device, and I do not want to connect to a remote vpn server ( I mean the address target is 127.0.0.1 or localhost). I want to use it for adblocking purpose on all traffic data in all applications
So here is my question, how can I config the tunnel provider protocol for run in localhost:
here is my configuration:
let providerProtocol = NETunnelProviderProtocol()
providerProtocol.providerBundleIdentifier = "com.project.tunnel"
providerProtocol.serverAddress = "127.0.0.1"
//???? providerProtocol.username = "uid"
vpnManager.localizedDescription = "local"
vpnManager.protocolConfiguration = providerProtocol
vpnManager.isEnabled = true
self.vpnManager.saveToPreferences { (err) in
self.loadConfig()
}
and the loadConfig() function is:
func loadConfig() {
vpnManager.loadFromPreferences { (err) in
if let err = err {
print("error is :\(err.localizedDescription)")
}
do {
try self.vpnManager.connection.startVPNTunnel()
} catch {
print(" error when connect is \(error.localizedDescription)")
}
}
}
and also I used { NEVPNManager.shared() }() for defining vpnManager
Hi all
As I was searching arount it these days I realized I must use NETunnelProviderManager() rather than NEVPNProtocolIKEv2() and use a networkExtension target project and linked it to the providerManager, And also I realized I can configure my VPN with an object was made from NETunnelProviderProtocol() .
So here is my question:
every VPNs has a bunch of configuration (server address, remote identifier and etc.) an my vpn such other has them, so how can I configure them for an enterprise VPN configuration??
for more detail, here is an example of IKEv2 configuration:
let p = NEVPNProtocolIKEv2()
if config.pskEnabled {
p.authenticationMethod = NEVPNIKEAuthenticationMethod.sharedSecret
} else {
p.authenticationMethod = NEVPNIKEAuthenticationMethod.none
}
p.serverAddress = config.server
p.disconnectOnSleep = true
p.deadPeerDetectionRate = NEVPNIKEv2DeadPeerDetectionRate.medium
p.username = config.account
p.passwordReference = config.getPasswordRef()
p.sharedSecretReference = config.getPSKRef()
p.disableMOBIKE = *
p.disableRedirect = *
p.enableRevocationCheck = *
p.enablePFS = *
p.useExtendedAuthentication = ***
p.useConfigurationAttributeInternalIPSubnet = false
p.remoteIdentifier = config.remoteId
p.serverAddress = config.server
p.localIdentifier = config.account
Post not yet marked as solved
I am trying to connect with a proxy VPN, all of the confines are correct, but I don't know why I got errorhere is my code:NETunnelProviderManager.loadAllFromPreferences { (savedManagers: [NETunnelProviderManager]?, error: Error?) in
if let error = error {
print(error)
}
if let savedManagers = savedManagers {
if savedManagers.count > 0 {
self.vpnManager = savedManagers[0]
}
}
self.vpnManager.loadFromPreferences(completionHandler: { (error:Error?) in
if let error = error {
print(error)
}
let providerProtocol = NETunnelProviderProtocol()
providerProtocol.providerBundleIdentifier = self.tunnelBundleId
providerProtocol.providerConfiguration = ["port": self.serverPort,
"server": self.serverAddress,
"ip": self.ip,
"subnet": self.subnet,
"mtu": self.mtu,
"dns": self.dns
]
providerProtocol.serverAddress = self.serverAddress
self.vpnManager.protocolConfiguration = providerProtocol
self.vpnManager.localizedDescription = "NEPacketTunnelVPNDemoConfig"
self.vpnManager.isEnabled = true
self.vpnManager.saveToPreferences(completionHandler: { (error:Error?) in
if let error = error {
print(error)
} else {
print("Save successfully")
do {
try self.vpnManager.connection.startVPNTunnel()
} catch NEVPNError.configurationInvalid {
print("Failed to start tunnel (configuration invalid)")
} catch NEVPNError.configurationDisabled {
print("Failed to start tunnel (configuration disabled)")
} catch {
print("Failed to start tunnel (other error)")
}
}
})
})
}
Post not yet marked as solved
Hey to allit's my first question here and I wish it helps me.I want to create an IKEv2 VPN connection with swift, I tried to find a sample or a place for learning how to do it , but I can't find anything (I watched WWDC15 , but it doesn't work on swift 4.2 or more)However I tried to create it with StackOverFlow's issues. but there is a bunch of question- How can I prepare my cert Key for put it on NEVPNProtocolIKEv2() variable??? ( is .data(using: String.Encoding.utf8) enough???)- Does cert's string need -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- ???- How can I prepare my password like first question???and finally here is my code, But it doesn't work 😟 :import NetworkExtension
import UIKit
public final class IKEV2Connection {
public func initProfile() {
let vpnManager = NEVPNManager.shared()
let server = "My server IP"
let userName = "VPNUserName"
let remoteIdentifier = server
let cert = """
-----BEGIN CERTIFICATE-----
MIIFQjCCAyqgAwIBAgIIeB6GOr0OS80wDQYJKoZIhvcNAQEMBQAwPzELMAkGA1UE
......
U4Yqeart5YXLigwZ2cPOATEmv6SNIlp68eUVsPg4gvdYbe6Or0kBiScCKcH3
shfuLOjSTEIcedpQEy7b
-----END CERTIFICATE-----
""".data(using: .utf8)
vpnManager.loadFromPreferences { (error) in
if error != nil {
print("Load config faild : \(error!.localizedDescription)")
return
}
let weakP = vpnManager.protocolConfiguration as? NEVPNProtocolIKEv2
var p: NEVPNProtocolIKEv2!
if weakP != nil {
p = weakP!
} else {
p = NEVPNProtocolIKEv2()
}
p.username = userName
p.serverAddress = server
p.certificateType = .RSA
p.passwordReference = "VPNPassword".data(using: .utf8)
p.sharedSecretReference = cert
p.authenticationMethod = NEVPNIKEAuthenticationMethod.sharedSecret
p.remoteIdentifier = remoteIdentifier
p.useExtendedAuthentication = true
p.disconnectOnSleep = true
vpnManager.protocolConfiguration = p
vpnManager.localizedDescription = "IPSec IKEv2 Demo3"
vpnManager.isEnabled = true
vpnManager.saveToPreferences(completionHandler: { (error) in
if error != nil {
print("Save config failed : \(error!.localizedDescription)")
}
})
do {
try vpnManager.connection.startVPNTunnel()
} catch let ex {
print("error is \(ex)")
}
}
}
}