App Proxy Provider

Implement a VPN client for a flow-oriented, custom VPN protocol.

Overview

A virtual private network (VPN) is a form of network tunnel where a VPN client uses the public Internet to create a connection to a VPN server and then passes private network traffic over that connection. If you want to build a VPN client that implements a flow-oriented, custom VPN protocol—one that works with the data passing through a TCP connection rather than the packets used to transport that data—create an app proxy provider app extension.

When the system starts a VPN configuration that uses your app proxy provider, it launches your app extension, instantiates your app proxy provider subclass within that app extension, and starts forwarding flows to your provider. Each flow represents either a TCP connection or a conversation over UDP. Your provider is expected to open a tunnel to a VPN server and forward each flow over that tunnel. Similarly, if your provider receives flow data from the tunnel, it should pass that back to the system via the appropriate flow.

App proxy providers are one form of per-app VPN, the other being a Packet Tunnel Provider in source application mode.

App proxy providers are supported in iOS on managed devices only, and in macOS for Mac App Store apps only.

Topics

Essentials

Network Extensions Entitlement

The APIs an app can use to customize networking features.

Key: com.apple.developer.networking.networkextension

App Proxy Provider

class NEAppProxyProvider

The principal class for an app proxy provider app extension.

class NEProvider

An abstract base class for all NetworkExtension providers.

class NETunnelNetworkSettings

The configuration for a tunnel provider’s virtual interface.

Flow Handling

class NEAppProxyTCPFlow

An object for reading and writing data to and from a TCP connection being proxied by the provider.

class NEAppProxyUDPFlow

An object for reading and writing data to and from a UDP conversation being proxied by the provider.

class NEAppProxyFlow

An abstract base class shared by NEAppProxyTCPFlow and NEAppProxyUDPFlow.

class NEFlowMetaData

Additional information about data flowing through a per-app VPN provider.

In-Provider Networking

Network APIs for use by all types of NetworkExtension providers and by hotspot helpers.

VPN Configuration

class NEAppProxyProviderManager

An object to create and manage the app proxy provider’s VPN configuration.

class NETunnelProviderManager

An object to create and manage the tunnel provider’s VPN configuration.

class NEVPNManager

An object to create and manage a Personal VPN configuration.

class NETunnelProviderProtocol

Configuration parameters for a VPN tunnel.

class NEAppRule

The identity of an app whose traffic is to be routed through the tunnel.

VPN Control

class NETunnelProviderSession

An object to start and stop a tunnel connection and get its status.

class NEVPNConnection

An object to start and stop a Personal VPN connection and get its status.

See Also

Virtual Private Networks

Personal VPN

Create and manage a VPN configuration that uses one of the built-in VPN protocols (IPsec or IKEv2).

Packet Tunnel Provider

Implement a VPN client for a packet-oriented, custom VPN protocol.