vpn control traffic

Question

Created Feb ’16

Replies 6

Boosts 0

Views 1.5k

Participants 2

I configued a VPN and I want to handle all device's traffic.
In the class, PacketTunnelProvider how should I configure the NEPacketTunnelNetworkSettings ?

I tried something like this:

let newSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: serverAddress)
newSettings.IPv4Settings = NEIPv4Settings(addresses: [addressIGotFromServer], subnetMasks: ["0.0.0.0"])
newSettings.IPv4Settings?.includedRoutes = [NEIPv4Route.defaultRoute()]

let serverRoute = NEIPv4Route(destinationAddress: addressIGotFromServer, subnetMask: "255.255.255.255")
newSettings.IPv4Settings?.excludedRoutes = [serverRoute]


newSettings.IPv6Settings = NEIPv6Settings(addresses: anotheraddress, networkPrefixLengths: [1])
newSettings.IPv6Settings!.includedRoutes = [NEIPv6Route.defaultRoute()]

newSettings.MTU = 1432
self.reasserting = false
  
self.setTunnelNetworkSettings(newSettings) { (error: NSError?) -> Void in
...

I want all the ipV4 and ipV6 packets to go to the TUN and that I would be able to read them

I dont know if the addresses and masks in the above code are as they supposed to be.

Thanks!

Boost

Answer 1

liszt OP

Feb ’16

I think if you're setting a default route, e.g.

newSettings.IPv4Settings?.includedRoutes = [NEIPv4Route.defaultRoute()]

then you do not need to explicitly exclude a route to the server as you do in line 6.

Also, check your subnet mask in line 2 and prefix length in line 9.

0

Answer 2

roee84 OP

Feb ’16

Thanks!

I removed line 6, and changed the subnet mask to my server (line2) to "255.255.255.255"

Still, I thinks it's not working -

For example, If I open Safari on my device, and write an IP address -

I read the packets from the packeFlow, and immediately write them back to the packeFlow;

Shouldnt the wep page should be open ?

Because all I get is timeout

0

Answer 3

liszt OP

Feb ’16

I would suggest reading up on IPv6 to truly understand how the addressing works. It can be tricky and more complex than standard IPv4. For instance, any interface with IPv6 will likely have more than one IPv6 address, some of which are automatically added by the system.

It's not clear what you want to do with IPv6 traffic. Just because your server only has an IPv4 address and thus only reachable over IPv4 does not preclude its ability to handle IPv6 tunneled traffic.

I will guess that you want to capture all IPv6 traffic with your packet tunnel provider because you use the defaultRoute method for IPv6. How do you want to handle the IPv6 traffic once your tunnel receives it?

0

Answer 4

roee84 OP

Feb ’16

No, Sorry, it was my mistake.

For now I dont want to handle IPv6.

But I want to handle all the IPv4.

When I try to open a webpage in Safari, If The address is written as an IP address, I can see that I capture it.

But I write the address as a "www.google.com" or if I open an application, I dont capture any packets.

(And in both cases - all I get is timeout and no application / webpage really gets open)

(And really big thanks to your help)

0

Answer 5

liszt OP

Feb ’16

Accepted Answer

A hostname like www.google.com in Safari must first be resolved using DNS. It sounds like the DNS server that is resolving google for you is not reached through a route on your tunnel.

Try setting the DNS settings in your NEPacketTunnelNetworkSettings to a DNS server that you know would be reached through your tunnel.

Alternative theory: www.google.com is resolved to both IPv4 and IPv6 addresses. The system is preferring the IPv6 address and directly connecting to google outside of your tunnel.

0

Answer 6

roee84 OP

Feb ’16

Thank you!
DNS configuration was the missing piece.

0