Ok, thanks Quinn. Will look in to the full tunnel option.CheersAlan
Hi QuinnI'm using the following code:- (NSString *)getDNSAddressesStr {
NSMutableString *addressStr = [[NSMutableString alloc]initWithString:@"DNS Addresses \n"];
res_state res = malloc(sizeof(struct __res_state));
int result = res_ninit(res);
if ( result == 0 )
{
for ( int i = 0; i < res->nscount; i++ )
{
NSString *s = [NSString stringWithUTF8String : inet_ntoa(res->nsaddr_list[i].sin_addr)];
[addressStr appendFormat:@"%@\n",s];
NSLog(@"%@",s);
}
}
else
[addressStr appendString:@" res_init result != 0"];
return addressStr;
}When connected to the VPN that is setup in code this returns the default servers that are associated with the WiFi connection but when connected to the VPN that is configured via the profile it returns the DNS servers from the VPN. The code is just for debugging, I can tell that the correct DNS servers are not being used because certain sites that are supposed to blocked via DNS are not when using the programmatic VPN.ThanksAlan
Hi Quinn,I'm working on iOS (currently testing on 11.2.5) on iPad and iPhone. Here is how I am installing the VPN: private func installVPN(server: String, identityData: Data, identityDataPassword: String, localIdentifier: String) {
let vpnProtocol = NEVPNProtocolIKEv2()
let onDemandRule = NEOnDemandRuleConnect()
onDemandRule.interfaceTypeMatch = NEOnDemandRuleInterfaceType.any
vpnProtocol.serverAddress = server
vpnProtocol.disconnectOnSleep = false
vpnProtocol.remoteIdentifier = server
vpnProtocol.localIdentifier = localIdentifier
vpnProtocol.authenticationMethod = NEVPNIKEAuthenticationMethod.certificate
vpnProtocol.serverCertificateCommonName = server
vpnProtocol.enablePFS = true
vpnProtocol.deadPeerDetectionRate = .medium
vpnProtocol.certificateType = .RSA
vpnProtocol.identityDataPassword = identityDataPassword
vpnProtocol.identityData = identityData
vpnProtocol.ikeSecurityAssociationParameters.diffieHellmanGroup = NEVPNIKEv2DiffieHellmanGroup.group14
vpnProtocol.ikeSecurityAssociationParameters.encryptionAlgorithm = NEVPNIKEv2EncryptionAlgorithm.algorithmAES128
vpnProtocol.ikeSecurityAssociationParameters.integrityAlgorithm = NEVPNIKEv2IntegrityAlgorithm.SHA96
vpnProtocol.ikeSecurityAssociationParameters.lifetimeMinutes = 1440
vpnProtocol.childSecurityAssociationParameters.diffieHellmanGroup = NEVPNIKEv2DiffieHellmanGroup.group14
vpnProtocol.childSecurityAssociationParameters.encryptionAlgorithm = NEVPNIKEv2EncryptionAlgorithm.algorithmAES128
vpnProtocol.childSecurityAssociationParameters.integrityAlgorithm = NEVPNIKEv2IntegrityAlgorithm.SHA96
vpnProtocol.childSecurityAssociationParameters.lifetimeMinutes = 1440
manager.localizedDescription = "Test VPN"
manager.isOnDemandEnabled = true
manager.onDemandRules = [onDemandRule]
manager.protocolConfiguration = vpnProtocol
manager.isEnabled = true
manager.saveToPreferences { (error) in
if error != nil {
print(error!)
}
}
}This works ok, in that it installs and starts the VPN but when I check in code what the DNS servers are it returns the local ones. The following profile looks to be configured the same way (I've removed the cert details, server etc) but when installed it uses the VPN DNS servers. The problem is that we are using DNS to configure access etc.<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>DNS</key>
<dict>
<key>SearchDomains</key>
<array>
<string></string>
</array>
<key>SupplementalMatchDomains</key>
<array>
<string></string>
</array>
</dict>
<key>IKEv2</key>
<dict>
<key>AuthenticationMethod</key>
<string>Certificate</string>
<key>ChildSecurityAssociationParameters</key>
<dict>
<key>DiffieHellmanGroup</key>
<integer>14</integer>
<key>EncryptionAlgorithm</key>
<string>AES-128</string>
<key>IntegrityAlgorithm</key>
<string>SHA1-96</string>
<key>LifeTimeInMinutes</key>
<integer>1440</integer>
</dict>
<key>DeadPeerDetectionRate</key>
<string>Medium</string>
<key>DisableMOBIKE</key>
<integer>0</integer>
<key>DisableRedirect</key>
<integer>0</integer>
<key>EnableCertificateRevocationCheck</key>
<integer>0</integer>
<key>EnablePFS</key>
<integer>1</integer>
<key>IKESecurityAssociationParameters</key>
<dict>
<key>DiffieHellmanGroup</key>
<integer>14</integer>
<key>EncryptionAlgorithm</key>
<string>AES-128</string>
<key>IntegrityAlgorithm</key>
<string>SHA1-96</string>
<key>LifeTimeInMinutes</key>
<integer>1440</integer>
</dict>
<key>LocalIdentifier</key>
<string>local id</string>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
</dict>
<dict>
<key>Action</key>
<string>Disconnect</string>
</dict>
</array>
<key>PayloadCertificateUUID</key>
<string>dc785ab8-81dd-4d1e-aee1-4f0ff7aae26f</string>
<key>RemoteAddress</key>
<string>remote-address</string>
<key>RemoteIdentifier</key>
<string>remote-identifier</string>
<key>ServerCertificateCommonName</key>
<string>cert common name</string>
</dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadDisplayName</key>
<string>Test VPN</string>
<key>PayloadIdentifier</key>
<string>com.apple.vpn.managed.56c86f12-3a81-44c2-80a6-6e555c7026c7</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<string>56c86f12-3a81-44c2-80a6-6e555c7026c7</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Proxies</key>
<dict>
<key>HTTPEnable</key>
<integer>0</integer>
<key>HTTPSEnable</key>
<integer>0</integer>
</dict>
<key>UserDefinedName</key>
<string>Test</string>
<key>VPNType</key>
<string>IKEv2</string>
</dict>
<dict>
<key>Password</key>
<string>cert password</string>
<key>PayloadCertificateFileName</key>
<string>33059064-c0d2-5dc1-a667-68d9cd9fa01e.p12</string>
<key>PayloadContent</key>
<data>
</data>
<key>PayloadDescription</key>
<string>Adds a PKCS#12-formatted certificate</string>
<key>PayloadDisplayName</key>
<string>PKCS12 Certificate</string>
<key>PayloadIdentifier</key>
<string>com.apple.security.pkcs12.dc785ab8-81dd-4d1e-aee1-4f0ff7aae26f</string>
<key>PayloadType</key>
<string>com.apple.security.pkcs12</string>
<key>PayloadUUID</key>
<string>dc785ab8-81dd-4d1e-aee1-4f0ff7aae26f</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDescription</key>
<string>This profile is part of the Test service. It helps protect your device when on Wi-Fi.</string>
<key>PayloadDisplayName</key>
<string>Test VPN</string>
<key>PayloadIdentifier</key>
<string>33059064-c0d2-5dc1-a667-68d9cd9fa01e</string>
<key>PayloadOrganization</key>
<string>Test</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>47F3A3E6-1FE9-48B8-A078-A743C448C141</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>Thanks!
