How to implement full device SSL VPN for macOS?

HI,


We would like to implement full device VPN for macOS. As of now, we have NEAppProxyProvicer based VPN client but as there are lot of configurations needed to flag each application binary for VPN, it takes some time to find out which binary would be creating connections in the application bundle and flag those for VPN.


For creating full device VPN using the TLS protocol so that we can connect to our existing VPN server, is there any framework already on macOS like Network Extension to achieve tunneling the traffic at TCP layer?


Thanks.

Replies

to achieve tunneling the traffic at TCP layer?

Check out the transparent proxy provider supported we added in 10.15.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks Quinn. Interesting, is there any sample code how to use it as document is brief as of now. Do we just need to provide the configuration and can use existing "NEAppProxyProvider" extension to tunnel traffic?

can [we] use existing

NEAppProxyProvider
extension to tunnel traffic?

Probably not, but my experience is that you can reuse the vast majority of your provider code.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks Quinn.


One more follow up on this, can we use this new provider in non-MDM managed devices? If not, do you know any other framework Apple has for non-MDM managed devices to achieve the same?

can we use this new provider in non-MDM managed devices?

Yes.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"