Configure VPN tunnels. Customize and extend core networking features.
The Network Extension framework contains APIs that can be used to customize and extend the core networking features of iOS and macOS.
Network Extension Hotspot Entitlements
NEVPNManager API gives apps the ability to create and manage a Personal VPN configuration on iOS and macOS. Personal VPN configurations are typically used to provide a service to users that protects their Internet browsing activity on insecure networks such as public Wi-Fi networks.
Network Tunneling Protocol Client
You can use the
NETunnelProvider family of APIs to connect iOS and macOS devices to a VPN server that uses a non-standard network tunneling protocol, such as an SSL-VPN server.
NETunnelProvider family of APIs gives apps the ability to implement the client side of a custom network tunneling protocol, called a Tunnel Provider. The Tunnel Provider runs as an app extension. The
NETunnelProvider family of APIs also contains the following classes, which are used to configure and control the Tunnel Provider:
On-Device Network Content Filter
NEFilterProvider API gives apps the ability to dynamically filter network content on iOS devices. Apps can use the following classes in school environments to protect students as they browse the Internet using school-owned devices:
Wi-Fi Hotspot Authentication and Configuration
NEHotspotHelper API gives your app the ability to perform custom authentication for Wi-Fi Hotspots. It gives users a way to seamlessly connect to a large aggregated network of Wi-Fi Hotspots. The
NEHotspotConfiguration API lets your app configure those hotspots.
NEAppProxyTCPFlow is used to read data from and write data to a TCP socket that is being proxied by an App Proxy Provider.
NEAppProxyUDPFlow is used to read data from and write data to a UDP socket that is being proxied by an App Proxy Provider.
NEAppRule contains the match conditions for a rule that is used to match network connections based on a source app.
NEFilterBrowserFlow contains details about a flow of network data which originated from a WebKit browser object.
NEFilterDataVerdict contains the decision that a Filter Data Provider makes about a chunk of network data.
A representation of the flow of network data being examined by a filter provider.
Create and manage network content filter configurations and to control network content filters.
NEFilterNewFlowVerdict contains the decision that a Filter Provider makes about a flow of network data that the Filter Provider has just seen for the first time.
The base class for the two Filter Provider extension principal classes that work together to make a complete on-device network content filtering system.
NEFilterRemediationVerdict contains the decision that Filter Data Provider makes about a flow of network data after the user has requested access to the network data.
NEFilterSocketFlow contains details about a flow of network data which originated from a socket.
NEFlowMetaData contains additional information about a flow of network data beyond the flow’s local and remote network endpoints.
Extensible Authentication Protocol (EAP) settings for configuring WPA and WPA2 enterprise Wi-Fi networks.
NEIPv4Settings contains the Internet Protocol version 4 (IPv4) settings of a IP layer network tunnel.
NEIPv6Settings contains the Internet Protocol version 6 (IPv6) settings of a IP layer network tunnel.
NEProvider is the base class for all Network Extension Provider classes.
Create a principal class for Network Extension Provider app extensions that implement the client-side of a custom network tunneling protocol.
NETunnelProviderSession is used to control a network tunnel connection, and to introspect the status of a tunnel connection.
NEVPNConnection is used to control a VPN connection and to introspect the status of a VPN connection.
NEVPNManager is used to create and manage VPN configurations and to control the resulting VPN tunnel connections.
NWHostEndpoint specifies a network endpoint using the endpoint’s host name or IP address.
NWPath contains the viability status and the properties of the path that a network connection will take on a device.
NWTCPConnection is used to establish TCP connections to a network endpoint and to send and receive data on the established TCP connection.
NWTLSParameters defines advanced TLS options to be used with NWTCPConnection instances.
NWUDPSession is used to establish UDP sessions to a network endpoint and send and receive datagrams.