Framework

NetworkExtension

Configure VPN tunnels. Customize and extend core networking features.

Overview

The Network Extension framework contains APIs that can be used to customize and extend the core networking features of iOS and macOS.

Network Extension Hotspot Entitlements

Except when you use the NEHotspotHelper class, you do not need to obtain entitlements from Apple to use Network Extension classes. To request an entitlement to use Hotspot Helper, visit https://developer.apple.com/contact/network-extension.

Personal VPN

The NEVPNManager API gives apps the ability to create and manage a Personal VPN configuration on iOS and macOS. Personal VPN configurations are typically used to provide a service to users that protects their Internet browsing activity on insecure networks such as public Wi-Fi networks.

Network Tunneling Protocol Client

You can use the NETunnelProvider family of APIs to connect iOS and macOS devices to a VPN server that uses a non-standard network tunneling protocol, such as an SSL-VPN server.

The NETunnelProvider family of APIs gives apps the ability to implement the client side of a custom network tunneling protocol, called a Tunnel Provider. The Tunnel Provider runs as an app extension. The NETunnelProvider family of APIs also contains the following classes, which are used to configure and control the Tunnel Provider:

On-Device Network Content Filter

The NEFilterProvider API gives apps the ability to dynamically filter network content on iOS devices. Apps can use the following classes in school environments to protect students as they browse the Internet using school-owned devices:

Wi-Fi Hotspot Authentication and Configuration

The NEHotspotHelper API gives your app the ability to perform custom authentication for Wi-Fi Hotspots. It gives users a way to seamlessly connect to a large aggregated network of Wi-Fi Hotspots. The NEHotspotConfiguration API lets your app configure those hotspots.

Topics

Classes

class NEAppProxyFlow

NEAppProxyFlow is used to read data from and write data to a network socket.

class NEAppProxyProvider

Create a principal class for an App Proxy Provider app extension.

class NEAppProxyProviderManager

Configure and control network tunnels provided by an App Proxy Provider app extension.

class NEAppProxyTCPFlow

NEAppProxyTCPFlow is used to read data from and write data to a TCP socket that is being proxied by an App Proxy Provider.

class NEAppProxyUDPFlow

NEAppProxyUDPFlow is used to read data from and write data to a UDP socket that is being proxied by an App Proxy Provider.

class NEAppRule

NEAppRule contains the match conditions for a rule that is used to match network connections based on a source app.

class NEDNSSettings

NEDNSSettings contains the DNS resolver settings of a network tunnel.

class NEEvaluateConnectionRule

NEEvaluateConnectionRule associates properties of network connections with an action.

class NEFilterBrowserFlow

NEFilterBrowserFlow contains details about a flow of network data which originated from a WebKit browser object.

class NEFilterControlProvider

Create a principal class for a Filter Control Provider app extension.

class NEFilterControlVerdict

NEFilterControlVerdict contains the decision that a Filter Control Provider makes about a flow of network data.

class NEFilterDataProvider

Create a principal class for a Filter Data Provider app extension.

class NEFilterDataVerdict

NEFilterDataVerdict contains the decision that a Filter Data Provider makes about a chunk of network data.

class NEFilterFlow

A representation of the flow of network data being examined by a filter provider.

class NEFilterManager

Create and manage network content filter configurations and to control network content filters.

class NEFilterNewFlowVerdict

NEFilterNewFlowVerdict contains the decision that a Filter Provider makes about a flow of network data that the Filter Provider has just seen for the first time.

class NEFilterProvider

The base class for the two Filter Provider extension principal classes that work together to make a complete on-device network content filtering system.

class NEFilterProviderConfiguration

NEFilterProviderConfiguration contains configuration settings for a Filter Provider.

class NEFilterRemediationVerdict

NEFilterRemediationVerdict contains the decision that Filter Data Provider makes about a flow of network data after the user has requested access to the network data.

class NEFilterSocketFlow

NEFilterSocketFlow contains details about a flow of network data which originated from a socket.

class NEFilterVerdict

The abstract base class for content filter verdict classes.

class NEFlowMetaData

NEFlowMetaData contains additional information about a flow of network data beyond the flow’s local and remote network endpoints.

class NEHotspotConfiguration

Configuration settings for a Wi-Fi network hotspot.

class NEHotspotConfigurationManager

A configuration manager that applies and removes hotspot configurations of Wi-Fi networks.

class NEHotspotEAPSettings

Extensible Authentication Protocol (EAP) settings for configuring WPA and WPA2 enterprise Wi-Fi networks.

class NEHotspotHelper

Register an app as a Hotspot Helper.

class NEHotspotHelperCommand

NEHotspotHelperCommand contains a command for Hotspot Helper apps to handle.

class NEHotspotHelperResponse

NEHotspotHelperResponse contains a response to a Hotspot Helper command.

class NEHotspotHS20Settings

Settings for configuring Hotspot 2.0 Wi-Fi networks.

class NEHotspotNetwork

NEHotspotNetwork conveys information about a network to Hotspot Helper apps.

class NEIPv4Route

NEIPv4Route contains settings for an IPv4 route.

class NEIPv4Settings

NEIPv4Settings contains the Internet Protocol version 4 (IPv4) settings of a IP layer network tunnel.

class NEIPv6Route

NEIPv6Route contains settings for an IPv6 route.

class NEIPv6Settings

NEIPv6Settings contains the Internet Protocol version 6 (IPv6) settings of a IP layer network tunnel.

class NEOnDemandRule

NEOnDemandRule defines a rule for when to start a VPN connection automatically.

class NEOnDemandRuleConnect

NEOnDemandRuleConnect defines a Connect On Demand rule with the NEOnDemandRuleActionConnect action.

class NEOnDemandRuleDisconnect

NEOnDemandRuleDisconnect defines a Connect On Demand rule with the NEOnDemandRuleActionDisconnect action.

class NEOnDemandRuleEvaluateConnection

NEOnDemandRuleEvaluateConnection defines a Connect On Demand rule with the NEOnDemandRuleActionEvaluateConnection action.

class NEOnDemandRuleIgnore

NEOnDemandRuleIgnore defines a Connect On Demand rule with the NEOnDemandRuleActionIgnore action.

class NEPacketTunnelFlow

NEPacketTunnelFlow is used to read packets from and write packets to a TUN virtual interface.

class NEPacketTunnelNetworkSettings

NEPacketTunnelNetworkSettings contains the IP network settings of an IP-layer tunnel.

class NEPacketTunnelProvider

Create a principal class for a Packet Tunnel Provider app extension.

class NEProvider

NEProvider is the base class for all Network Extension Provider classes.

class NEProxyServer

NEProxyServer contains settings for a proxy server.

class NEProxySettings

NEProxySettings contains HTTP proxy settings.

class NETunnelNetworkSettings

NETunnelNetworkSettings contains the network settings of a network tunnel.

class NETunnelProvider

Create a principal class for Network Extension Provider app extensions that implement the client-side of a custom network tunneling protocol.

class NETunnelProviderManager

Configure and control VPN connections provided by a Tunnel Provider app extension.

class NETunnelProviderProtocol

NETunnelProviderProtocol contains configuration parameters for a network tunnel.

class NETunnelProviderSession

NETunnelProviderSession is used to control a network tunnel connection, and to introspect the status of a tunnel connection.

class NEVPNConnection

NEVPNConnection is used to control a VPN connection and to introspect the status of a VPN connection.

class NEVPNIKEv2SecurityAssociationParameters

NEVPNIKEv2SecurityAssociationParameters contains parameters for an IKEv2 Security Association.

class NEVPNManager

NEVPNManager is used to create and manage VPN configurations and to control the resulting VPN tunnel connections.

class NEVPNProtocol

NEVPNProtocol contains the protocol-specific portion of a VPN configuration

class NEVPNProtocolIKEv2

NEVPNProtocolIKEv2 contains the IKEv2-specific portion of a VPN configuration.

class NEVPNProtocolIPSec

NEVPNProtocolIPSec contains the IPSec-specific portion of a VPN configuration.

class NWBonjourServiceEndpoint

NWBonjourServiceEndpoint contains the specification of a network endpoint that is resolved using Bonjour.

class NWEndpoint

NWEndpoint is an abstract base class that represent network endpoints, such as a port on a remote server. All instances should be created using one of the subclasses, NWHostEndpoint or NWBonjourServiceEndpoint.

class NWHostEndpoint

NWHostEndpoint specifies a network endpoint using the endpoint’s host name or IP address.

class NWPath

NWPath contains the viability status and the properties of the path that a network connection will take on a device.

class NWTCPConnection

NWTCPConnection is used to establish TCP connections to a network endpoint and to send and receive data on the established TCP connection.

class NWTLSParameters

NWTLSParameters defines advanced TLS options to be used with NWTCPConnection instances.

class NWUDPSession

NWUDPSession is used to establish UDP sessions to a network endpoint and send and receive datagrams.

class NEDNSProxyManager

An object that manages a DNS proxy.

class NEDNSProxyProvider

The principle class for a DNS proxy.

class NEDNSProxyProviderProtocol

Configuration settings specific to network extensions provided by DNS proxy providers.

class NEFilterReport

The report of an action taken by the data provider on a flow.

Protocols

protocol NWTCPConnectionAuthenticationDelegate

NWTCPConnectionAuthenticationDelegate declares methods that NWTCPConnection objects call on their delegates to let them take custom actions on some connection events.