Hi Quinn,
I worked through it progressively like you suggested and I was able to route UDP traffic and receive a response.
The problem I see now is that I can't use the systems DNS resolver. It seems if I capture all the traffic:
settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]
then I MUST set the DNS settings:
let dnsSettings = NEDNSSettings(servers: [DNS_SERVER])
settings.dnsSettings = dnsSettings
I thought if I set:
dnsSettings.matchDomains = [""]
then DNS_SERVER will only be used for the domains in the matchDomains list and the system resolver used for everything else but this doesn't seem to be the case.
Is this a bug?
Thanks,
Dave
docfp
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Post
Replies
Boosts
Views
Activity
Yes the tunnel is in .destinationMode.
I'm not sure what you mean say if I claim all traffic I need to provide a working DNS configuration. Does this mean the tunnel's DNS overrides the devices resolver? Will the traffic still pass through the tunnel but be routed to the tunnels DNS server? I tried adding this and it doesn't seem to make any difference. I still can't resolve anything.
let dnsSettings = NEDNSSettings(servers: ["8.8.8.8"])
settings.dnsSettings = dnsSettings
Apart from the API docs is there any other information available on configuring the tunnel?
Sorry, I wasn't using writePacketObjects(...) for anything. I was just trying to get at packets coming in.
Thanks Quinn. Seems like excluding the DNS traffic isn't the way to go. I'll debug it further and see why I'm not getting any in the Tunnel.
Thanks for that.
I don't see the DNS traffic enter the tunnel so I need to debug that separately.
I have two general questions:
Could the DNS traffic be excluded using the ipv4Settings.excludedRoutes?
Is excluded traffic just dropped or is it routed "normally", i.e. as if the tunnel wasn't running?
Just wondering if anyone else has ever submitted one of these requests and how long it takes? Is there a way to check the status of the request?
Hi Quinn,
Thanks for your answer and those links.
My app is a VPN app and the cert is packaged with the profile (mobile config). It's used by for some API calls to configure the VPN.
Does that seem like a reasonable use case to create a DTS Tech support ticket for access to the com.apple.managed.vpn.shared keychain group? I'm assuming access would solve my problem.
Thanks for all your help.
Thanks for the answer Quinn.
Can you target Safari via the NETestAppMapping key in the info.plist if its an Enterprise build?