Simple Tunnel (Network Extension) Sample Code is not working as expected

Question

abhinavbansal8 OP

Created Aug ’15

Replies 5

Boosts 0

Views 4.9k

Participants 6

I am trying to run Simple Tunnel

However there are couple of issues and the app never functions properly:

1. Running tunnel_server on OSX El Capitan is successful but what is the server address that needs to be specified on the client:

newManager.protocolConfiguration?.serverAddress = ?

Specifying the IP address of the machine where the server is running, doesn't help and the app remains in "Connecting State".

Keeping it default as "TunnelService" doesn't help, though I can a bonjour service getting published.

I also see utun interface getting created on client but packets don't get transmitted. What is it that I am not doing right?

Here are the client logs:

Aug 24 16:22:55 iPhone nesessionmanager[119] <Notice>: NESMVPNSession[Demo VPN:1A7C2543-C547-4F08-AAD8-8D191716B912]: Received a start command from SimpleTunnel[2297]
Aug 24 16:22:55 iPhone nesessionmanager[119] <Notice>: NESMVPNSession[Demo VPN:1A7C2543-C547-4F08-AAD8-8D191716B912]: status changed to connecting
Aug 24 16:22:55 iPhone SimpleTunnel[2297] <Error>: __58-[NEVPNConnection updateSessionInfoWithCompletionHandler:]_block_invoke: Failed to retrieve connectTime
Aug 24 16:22:55 iPhone configd[34] <Notice>: network changed
Aug 24 16:23:05 iPhone kernel[0] <Notice>: en0: BSSID changed to 00:24:6c:7c:99:c1
Aug 24 16:23:05 iPhone kernel[0] <Notice>: en0: channel changed to 1
Aug 24 16:23:05 iPhone kernel[0] <Notice>: en0::IO80211Interface::postMessage bssid changed
Aug 24 16:23:05 iPhone kernel[0] <Notice>: 029894.768641 wlan0.A[3228] updateLinkQualityMetrics@1984:Report LQM to User Land 50, fAverageRSSI -85
Aug 24 16:23:05 iPhone kernel[0] <Notice>: en0: BSSID changed to 6c:f3:7f:fa:bf:51
Aug 24 16:23:05 iPhone kernel[0] <Notice>: en0: channel changed to 157,+1
Aug 24 16:23:05 iPhone kernel[0] <Notice>: en0::IO80211Interface::postMessage bssid changed
Aug 24 16:23:05 iPhone kernel[0] <Notice>: 029894.779174 wlan0.A[3229] configureRoamingProfile@1211:Roam profile is already in effect (profile=3)
Aug 24 16:23:05 iPhone wifid[39] <Error>: WiFi:[462151385.824608]: __WiFiLQAMgrSetCurrentNetwork: SSID: Guest BSSID: 0:24:6c:7c:99:c1 RSSI: -57 ApEnv: 4
Aug 24 16:23:19 iPhone nesessionmanager[119] <Notice>: NESMVPNSession[Demo VPN:1A7C2543-C547-4F08-AAD8-8D191716B912]: Received a stop command from SimpleTunnel[2297] with reason 1
Aug 24 16:23:19 iPhone nesessionmanager[119] <Notice>: NESMVPNSession[Demo VPN:1A7C2543-C547-4F08-AAD8-8D191716B912]: status changed to disconnecting
Aug 24 16:23:19 iPhone kernel[0] <Notice>: SIOCPROTODETACH_IN6: utun0 error=6
Aug 24 16:23:19 iPhone SimpleTunnel[2297] <Error>: __58-[NEVPNConnection updateSessionInfoWithCompletionHandler:]_block_invoke: Failed to retrieve connectTime
Aug 24 16:23:19 iPhone nesessionmanager[119] <Notice>: NESMVPNSession[Demo VPN:1A7C2543-C547-4F08-AAD8-8D191716B912]: status changed to disconnected, last stop reason Stop command received
Aug 24 16:23:19 iPhone SimpleTunnel[2297] <Error>: __58-[NEVPNConnection updateSessionInfoWithCompletionHandler:]_block_invoke: Failed to retrieve connectTime
Aug 24 16:23:19 iPhone symptomsd[117] <Error>: nw_interface_get_agents SIOCGIFAGENTIDS failed for interface "utun0" (index 11, type other): [6] Device not configured
Aug 24 16:23:19 iPhone configd[34] <Notice>: network changed
Aug 24 16:23:19 iPhone symptomsd[117] <Error>: nw_interface_get_agents SIOCGIFAGENTIDS failed for interface "utun0" (index 11, type other): [6] Device not configured

2. How to see logs from the extensions? Logs from print don't get printed on console? How to debug the extensions then?

3. Not sure if it is a bug in XCODE 7beta 5 but as soon as I switch on app groups in all targets and add it in app-ids and provisioning profile, the app fails to run on device complaining "Entitlements are invalid"

Boost

Answer 1

pncbose OP

Aug ’15

Have you tried using the port number for eg: 192.168.1.80:8889? (assuming ur mac ip is 192.168.1.80 and tunnel_server is configured to run with port 8889)

0

Answer 2

abhinavbansal8 OP

Aug ’15

Yes, it didnt work..

I tried with Bonjour, replaced print statement with NSLogs and now it throws following errors:

Aug 25 14:52:14 iPhone PacketTunnel[2929] <Warning>: ######## BONJOUR
Aug 25 14:53:10 iPhone SimpleTunnel[2928] <Notice>: Got an error on the XPC connection: Connection interrupted
Aug 25 14:53:10 iPhone SimpleTunnel[2928] <Notice>: The IPC connection was closed by the remote end
Aug 25 14:54:38 iPhone com.apple.CDScheduler[23] <Error>: Failed to get forecast. error:Error Domain=com.apple.corduet Code=86 "General sanity check failed" UserInfo={NSLocalizedFailureReason=General sanity check failed}
Aug 25 14:54:38 iPhone com.apple.CDScheduler[23] <Error>: Failed to get forecast for device plugin.
Aug 25 14:54:38 iPhone com.apple.CDScheduler[23] <Error>: Failed to get device plugin forecast
Aug 25 14:54:38 iPhone mDNSResponder[68] <Error>: Client application bug PID[2929](PacketTunnel) : DNSServiceResolve(ABHINAV._tunnelserver._tcp.local.) active for over two minutes. This places considerable burden on the network.

0

Answer 3

pncbose OP

Aug ’15

i havent tried the bonjour.

initially when i am running into issues of "connecting" not moving to "connected" state, some of these helped:

upgrading the to latest xcode beta and iOS9 beta build

Editing the connection list in the SimpleTunnel app on the device

changing the port numbers on both phone and mac,

making sure enabled is on in simpletunnel app

trying to start vpn from settings app

0

Answer 4

DTS Engineer OP

Apple

Aug ’21

SimpleTunnel is in the documentation archive and, as such, is not being maintained. The sample as it currently stands has some serious problems. Most notably, the Swift 2 to Swift 3 update introduced bugs that prevented the code from working.

Matt and I were talking about this recently and our conclusion was that we don’t plan to fix this. That’s because SimpleTunnel is not simple enough [1]. It’s a complete end-to-end VPN client but most folks don’t need that because:

They already have code to do the ‘back end’ of their VPN, or
They’re trying to implement an existing VPN protocol, and that’s unlikely to align well with the custom protocol used by SimpleTunnel.

Thus, most folks who look at SimpleTunnel are really just trying to get their provider loaded, and SimpleTunnel is way more complex than it needs to be for that case.

Additionally, modern versions of Xcode ship with Network Extension provider target templates that generate a skeleton provider that should load just fine. If you’re getting started with NE provider, start there, not with SimpleTunnel.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] I should stress that this isn’t the only problem with SimpleTunnel. A more fundamental issues is that the SimpleTunnel server, running on the Mac, doesn’t work the way that most folks expect it to. Specifically, the server only lets clients access services that are running on the same Mac. There’s no supported way to configure it to act as an actual VPN server. So, SimpleTunnel has all this complex code to create a complete end-to-end VPN client but you can’t actually use it in practice )-:

1

Answer 5

Systems Engineer OP

Apple

Aug ’21

Like Quinn mentioned, SimpleTunnel is out of date and we will not be updating it, but we do want to provide a code level support route for folks that are trying to get off the ground with their Network Extension projects on either iOS or macOS. If you have reviewed SimpleTunnel project and are struggling to implement one of the Network Extension providers for iOS or macOS and need additional help, please either post your question as a new post in the Network Extension tag, or open a TSI and for additional help on your project implementation goals [1].

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

[1] Having said that, there are a few known ground rules that it would be helpful to get out of the way here now:

Trying to create a NEPacketTunnelProvider for content filtering actions or using this provider to try and capture all of the DNS traffic on the system is not a supported route for the VPN providers on our systems. If you are trying to do this, please reconsider your project goals or consider a different Network Extension provider altogether as there are APIs for both of these actions.
Trying to create a NEPacketTunnelProvider that uses a global or HTTP proxy inside of this provider is also not a supported action. If you wish to do this there are also Network Extension APIs at your disposal, such as NEAppProxyProvider.

0