Class

NEPacketTunnelProvider

The principal class for a packet tunnel provider app extension.

Declaration

class NEPacketTunnelProvider : NETunnelProvider

Overview

The NEPacketTunnelProvider class gives its subclasses access to a virtual network interface via the packetFlow property. Use the setTunnelNetworkSettings(_:completionHandler:) method in the Packet Tunnel Provider to specify that the following network settings be associated with the virtual interface:

  • Virtual IP address

  • DNS resolver configuration

  • HTTP proxy configuration

  • IP destination networks to be routed through the tunnel

  • IP destination networks to be routed outside the tunnel

  • Interface MTU

By specifying IP destination networks, the Packet Tunnel Provider can dictate what IP destinations will be routed to the virtual interface. IP packets with matching destination addresses will then be diverted to Packet Tunnel Provider and can be read using the packetFlow property. The Packet Tunnel Provider can then encapsulate the IP packets per a custom tunneling protocol and send them to a tunnel server. When the Packet Tunnel Provider decapsulates IP packets received from the tunnel server, it can use the packetFlow property to inject the packets into the networking stack.

Creating a Packet Tunnel Provider Extension

Packet Tunnel Providers run as App Extensions for the com.apple.networkextension.packet-tunnel extension point.

To create a Packet Tunnel Provider extension, first create a new App Extension target in your project.

For an example of an Xcode build target for this app extension, see the SimpleTunnel: Customized Networking Using the NetworkExtension Framework sample code project.

Once you have a Packet Tunnel Provider extension target, create a subclass of NEPacketTunnelProvider. Then, set the NSExtensionPrincipalClass key in the the extension’s Info.plist to the name of your subclass.

If it is not already, set the NSExtensionPointIdentifier key in the extension’s Info.plist to com.apple.networkextension.packet-tunnel.

Here is an example of the NSExtension dictionary in a Packet Tunnel Provider extension’s Info.plist:

<key>NSExtension</key>
<dict>
    <key>NSExtensionPointIdentifier</key>
    <string>com.apple.networkextension.packet-tunnel</string>
    <key>NSExtensionPrincipalClass</key>
    <string>MyCustomPacketTunnelProvider</string>
</dict>

Finally, add the Packet Tunnel Provider extension target to your app’s Embed App Extensions build phase.

Subclassing Notes

In order to create a Packet Tunnel Provider extension, you must create a subclass of NEPacketTunnelProvider and override the methods listed below.

Methods to Override

Topics

Managing the Tunnel Life Cycle

func startTunnel(options: [String : NSObject]?, completionHandler: (Error?) -> Void)

Start the network tunnel.

func stopTunnel(with: NEProviderStopReason, completionHandler: () -> Void)

Stop the network tunnel.

func cancelTunnelWithError(Error?)

Stop the network tunnel from the Packet Tunnel Provider.

Handling IP Packets

var packetFlow: NEPacketTunnelFlow

A NEPacketTunnelFlow object which is used to receive IP packets routed to the tunnel’s virtual interface and inject IP packets into the networking stack via the tunnel’s virtual interface.

Creating Network Connections Through the Tunnel

func createTCPConnectionThroughTunnel(to: NWEndpoint, enableTLS: Bool, tlsParameters: NWTLSParameters?, delegate: Any?) -> NWTCPConnection

Create a TCP connection through the current tunnel.

func createUDPSessionThroughTunnel(to: NWEndpoint, from: NWHostEndpoint?) -> NWUDPSession

Create a UDP session through the current tunnel.

Relationships

Inherits From

Conforms To

See Also

Packet Tunnel Provider

class NETunnelProvider

An abstract base class shared by NEPacketTunnelProvider and NEAppProxyProvider.

class NEProvider

An abstract base class for all NetworkExtension providers.

class NEPacketTunnelNetworkSettings

The configuration for a packet tunnel provider’s virtual interface.

class NETunnelNetworkSettings

The configuration for a tunnel provider’s virtual interface.