DNS packet data enters the VPN tunnel

hi:

I want to set up a DNS packet to enter the VPN tunnel. I set it this way, but it didn't work.

//networkSettings is NEPacketTunnelNetworkSettings

NEIPv4Settings *ipv4Setting = networkSettings.IPv4Settings;

NSMutableArray *routerArr = [NSMutableArray array];

for (NSString *ip in networkSettings.DNSSettings.servers) {

NEIPv4Route *route = [[NEIPv4Route alloc] initWithDestinationAddress:ip subnetMask:@"255.255.255.255"];

[routerArr addObject:route];

}

ipv4Setting.includedRoutes = routerArr;


1.How should I set up to properly import DNS packets into the tunnel?

2.I want to determine if the DNS packet can be imported into the tunnel?

Accepted Reply

can you set the next hop IP of DNS data?

No. It sounds like what you need here is a DNS proxy provider rather than trying to shoehorn this into a packet tunnel provider. Have you looked at DNS proxy providers?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

The approach you’re proposing is unlikely to work.

What sort of tunnel are you creating (full or split)? That is, are you claiming the default route?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

First, thanks for you reply.

I think it's split.

excludedRoutes property of ipv4Setting is not empty.

When includedRoutes property of ipv4Setting is empty, DNS data can enter the tunnel, but if it is not empty(DNS server and some routes are both set to includedRoutes property of ipv4Setting), DNS data will not enter the tunnel.

I think it's split.

Split or full is determined by the presence of the

+defaultRoute
value. If
includedRoutes
contains the default route, that’s full. Otherwise it’s split.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

what is default route? 0.0.0.0?

what is default route?

The default route is indicated by whatever value returned by

+defaultRoute
. IIRC we do use all zeros for that, but it’s not something to be relied on.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

If split, Does it mean that DNS data cannot enter the tunnel?

Does it mean that DNS data cannot enter the tunnel?

No entirely, it does make the DNS situation much more complex. Hmmm, I have a post that explains this stuff somewhere. Oh yeah, there it is.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

thanks a lot.

Alistar, were you able to get this working. I want to do something similiar. I only want to route DNS request to the VPN. All other traffic should not be routed to the VPN. Any help in how you configured NEPacketTunnelNetworkSettings would be helpful.

According to his answer, split routing does not seem to work, when routing is full

There is another question, can you set the next hop IP of DNS data?

How to set NEProxySettings proxy socks data?

can you set the next hop IP of DNS data?

No. It sounds like what you need here is a DNS proxy provider rather than trying to shoehorn this into a packet tunnel provider. Have you looked at DNS proxy providers?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

How does DNS proxy providers work in PacketTunnelProvider?

How does DNS proxy providers work in PacketTunnelProvider?

I have no idea. If you have a DNS proxy provider do you even need a packet tunnel provider?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"