I am trying to develop a MacOS Per-App VPN client using NEPacketTunnelProvider app extension (Will build my own IKEv2 transport if neccessary). I understand that I can simply use a configuration profile to enable the per-app capabilities on a Mac using the built in IKEv2 transport, but I want an actual client (Mac app) so I can log information as packets flow and such.
I currently have been able to:
- Load/create VPN tunnel configurations using netunnelprovidermanagers in my VPN app project
- Created the NEPacketTunnelProvider app extension
So my questions are:
- What exactly do I have to do in the NEPacketTunnelProvider app extension to make this work? (Is there an example of this?)
- How do I develop my own IKEv2 transport withint the NEPacketTunnelProvider app extension? (Is there an example of this?)
- What do I have to change in the configuration profile to enable it to work with the NEPacketTunnelProvider app extension?
- Is there something I am missing or not understanding correctly?
How do I make my configuration profile work with my app extension? I cant seem to figure out how to use Apple Configurator to do that.
Apple Configuration does not support the App-to-Per-App VPN Mapping payload (
com.apple.vpn.managed.appmappingAnd is there an example on how to develop my own IKEv2 transport in the app extension?
No. IKEv2 is a complex protocol and creating your own implementation of that protocol is going to be a lot of work.
I want to create a client to log information as data flows through, not just create a Per-App VPN using a configuration profile.
Have you thought about using the built-in IKEv2 transport and then accomplishing the above using macOS’s packet trace architecture? That’s likely to be a lot less work.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"