NEPacketTunnelProvider: Not able to read packets from the virtual interface

Hi,


I am implementing a PacketTunnelProvider for a remote-access VPN usecase,
So far I can successfully create the virtual interface and configure it with IP address, subnet mask and route.
I have kept the route as default

Up vote post of ypurohit Down vote post of ypurohit
632 views
Posted by
ypurohit
Reply
Add a Comment

Accepted Reply

Your problem is on line 10. A packet tunnel provider should not create a new instance of 

NEPacketTunnelFlow
. Rather, it accesses the packet flow via its 
packetFlow
property.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Replies

Here is my code snippet,

setTunnelNetworkSettings(networkSettings, completionHandler: { (error) -> Void in
            if (error != nil) {
                NSLog("Failed to apply network settings: \(String(describing: error))")
                completionHandler(error)
            } else {
                NSLog("Successfully applied network settings")
                completionHandler(error)

                    //Read packets from the interface
                    let packetFlow =  NEPacketTunnelFlow()
                    packetFlow.readPackets(completionHandler: {packets_array, protocols_array in
                        NSLog("Packets read from virtual interface, packets_array: \(packets_array.count), protocol_array has: \(protocols_array.count) entries")
                    })
                    //Read packets done
              
            }
        })


In order to test this flow, I start the traffic first and then bring up my application.
But I am not able to read any packets from the virtual interface.
This is what I see in the logs:

Packets read from virtual interface, packets_array: 0, protocol_array has: 0 entries


Can someone please let me know if I am missing something here?
Thank you.

Posted by
ypurohit
Up vote reply of ypurohit Down vote reply of ypurohit
Add a Comment

Your problem is on line 10. A packet tunnel provider should not create a new instance of 

NEPacketTunnelFlow
. Rather, it accesses the packet flow via its 
packetFlow
property.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Post marked as solved
Add a Comment

Thank you for the reply eskimo!
That made it work. I am able to read packets now.
But I see there is a default route that is always created even if there is no route configured in the PacketTunnelProvider,
Here is the output of my "netstat -nr" command:


Internet:
Destination        Gateway            Flags        Netif Expire
default            192.168.1.1        UGSc           en0      
default            link#18            UCSI         utun2

Is the entry at line #4 supposed to be present even if no default route is configured over the utun interface?
Thank you.

Posted by
ypurohit
Up vote reply of ypurohit Down vote reply of ypurohit
Add a Comment

Interpreting the routing table on Apple platforms can be tricky. My general advice is that you not go down that path unless you have a routing problem. So, regardless of what 

netstat
says, do you have a routing problem? Is default route traffic being routed via your packet tunnel provider?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thank you for the response Eskimo!
I dont have a routing problem. PacketTunnelProvider is working as expected.

Posted by
ypurohit
Up vote reply of ypurohit Down vote reply of ypurohit
Add a Comment