I am attemtping to establish a tcp connection with a MacOS per-app vpn client to a tunnel_server similar to the one provided in the SimpleTunnel example. I have already converted the tunnel_server code to Swift 3 and believe it works. I ran it (./tunnel_server 8889 tunnel_server/config.plist) on terminal and got the following:2018-08-06 14:37:40.883 tunnel_server[86851:3286192] Starting network service on port 88892018-08-06 14:37:41.642 tunnel_server[86851:3286192] Network service published successfullyHowever I am still unable to connect my per-app vpn to the server. I believe it might have to do with the "EndAddress" and "StartAddress" in the config.plist for the tunnel_server and the remote address to which my per app vpn is trying to connect to.Should I be using the default "EndAddress" and "StartAddress" Config.plist values provided in the SimpleTunnel example or should it be something else? (Currently using default values provided in example code)Does the port number matter? (Im currently using 8889 when I run on terminal).And in terms of my per app vpn configuration server address value, should it match either the "EndAddress" or the "StartAddress" along with a colon and port number? (ex: deafultIPAddress:8889)
Post not yet marked as solved
I was wondering if I could get a visual clarification on how the SimpleTunnel is set up to work. I created a per-app vpn client based off of SimpleTunnel and want to ensure I understand its inner workings.This is how I currently believe SimpleTunnel works:App (Attempting to reach internet/some server) ^ | (Re-routed via device kernal to Packet Flow of vpn client) v VPN Client App < - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - > tunnel_server (Packets get sent to and from tunnel_server via tunnel) ^ | | | (Packets get forwarded to utun interface) ***(response gets forwarded to tunnel_server) | v utun interface ^ | ***(response gets forwarded to utun interface) | | (packets get forwarded to actual server) | v internet/some server*** = packets get dropped so it doesnt necessarily reach this stage but ideally it wouldSo is there only one utun interface which the tunnel_server uses to reach the requested server?
Post not yet marked as solved
I'm creating a per-app VPN client for MacOS by using the PacketTunnelProvider app extension and tunnel_server code from the simpleTunnel example apple provided to make to it work. Once the client connects to the server, what behavior should I expect from apps I have included to connect on to the VPN server? For example, if the domain url www.google.com is supposed to go through the vpn and I try to google something, should the page be able to load? I thought I had read on other posts that this tunnel_server in particular wasnt set up to allow for clients to actually load content since its just an example.
Post not yet marked as solved
I developed a per-app VPN client for MacOS using the almost exact same code as the SimpleTunnel example for the packetTunnelProvider extension app (Swift 4) and the tunnel_server (updated to Swift 3) in my app. When I run the tunnel_server and connect the per-app vpn client to it (use mac ip addess and port), the server accepts the connection successfully.I then used WireShark to check the connection between the client and server on the "utun2" interface that it creates and see that packages are being sent across. However, I am confused about the Destination source and protocol in which it happens. WireShark states that the Source IP is 192.168.2.2 which is correct, but states that the destination ip is 10.50.10.50 which should be 192.168.2.1 on port #5555 instead, (States protocol is DNS).The packages seem to be sent accross from the client to the server accordingly to when I connect and disconnect the client, so I am confused as to why my client/server is doing this and still seems to work fine. If this is incorrect, how can I send it through the correct Destination ip and port #?
Ive made a Per-App VPN client which reads a vpn configuration from a configuration profile and then launches the PacketTunnelProvider to establish a connection with the tunnel_server (both PacketTunnelProvider and tunnel_server are identical to the ones in the SimpleTunnel example). Furthermore, the tunnel_server is able to successfully start as well.The problem seems to be in the PacketTunnelProvider right after the ClientTunnel calls the first line in the "observeValue" function which only gets triggered after "connection!.addObserver" is called by ClientTunnel as it attempts to start the tunnel. The PacketTunnelProvider doesnt seem to get passed this line and never connects. (Connection status remains "disconnected")Specific Line in the "ObserverValue" function that fails:guard keyPath == "state" && context?.assumingBound().pointee == connection else
{
//code never reaches this
}
//code reaches this eitherAny assistance would be appreciated.
Post not yet marked as solved
So Im trying to build a MacOS per-app vpn client to test out the Network Extensions API. I plan to use a configuration profile to both configure the per app vpn and to configure apps to work with the per app vpn along with my own custom protocol in PacketTunnelProvider app extension. Originally, in my PacketTunnelProvider app extension, I was trying to recreate my own IKEv2 custom protocol, but Ive realized I dont nessearily need to do that to test my client app. Instead, I could do something similar to the SimpleTunnnel example which simply creates a TCP connection to the server.My question is: Can I use the PacketTunnel app extension, SimpleTunnelServices, and tunel_server (to create the server) code in my per-app vpn project?Or are there any restrictions that might prevent that example code from working in a per-app vpn basis?
I am trying to develop a MacOS Per-App VPN client using NEPacketTunnelProvider app extension (Will build my own IKEv2 transport if neccessary). I understand that I can simply use a configuration profile to enable the per-app capabilities on a Mac using the built in IKEv2 transport, but I want an actual client (Mac app) so I can log information as packets flow and such.I currently have been able to: Load/create VPN tunnel configurations using netunnelprovidermanagers in my VPN app project Created the NEPacketTunnelProvider app extensionSo my questions are:What exactly do I have to do in the NEPacketTunnelProvider app extension to make this work? (Is there an example of this?)How do I develop my own IKEv2 transport withint the NEPacketTunnelProvider app extension? (Is there an example of this?)What do I have to change in the configuration profile to enable it to work with the NEPacketTunnelProvider app extension?Is there something I am missing or not understanding correctly?
t-joave.