If I develop my personal VPN app and extension that can connect to standard network tunneling protocol IKEv2 type VPN server, by using Network Extension Framework, such as NEPacketTunnelProvider, should I implement the whole IKEv2 protocol and connecting flow in my the app and extension? or what should I do?
I don’t really understand your question. You seem to be conflating two separate components within the Network Extension framework:
The NEVPNManager API allows any app to set up the built-in IPsec and IKEv2 VPN transports. This requires an entitlement (
com.apple.developer.networking.vpn.apiThis arrangement is known as Personal VPN.
Network Extension framework also supports various flavours of app extensions that allow you to create your own VPN transport. In the Network Extension terminology, these are known as providers. Implementing a provider requires special entitlements that must be granted by Apple.
Implementing your own VPN transport is a non-trivial amount of work. If you can get away with Personal VPN, that’s what I recommend you do.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"To make it work I should create a VPN app and extension by using Network Extension framework.
I’m confused by this. The system has built-in support for IKEv2. You can configure that via a configuration profile, so there should be no need for a VPN app or Network Extension provider. Why do you need those?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Alas, I’m still confused by your goals. Are you looking to use the built-in IKEv2 VPN transport? Or create your own IKEv2 VPN transport?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"Want to develop my Per-App VPN extension client that can work with standard IKEv2. It is great if built-in IKEv2 works with my Per-App VPN extension client, If I can develop my Per-App VPN extension client based on Network Extension framework and build-in IKEv2, How can I? Would you please give me technical detail?
I suspect I’m still missing some subtlety here but I’ll take a shot at answering:
I don’t know if the built-in IKEv2 VPN transport supports per-app VPN. The OS’s built-in VPN features are supported by AppleCare, so DTS doesn’t maintain a lot of expertise in their capabilities.
You can’t configure per-app VPN using an API. For the built-in transports the only configuration API is NEVPNManager (for Personal VPN) and that does not support per-app configuration. For third-party VPN transports, you can configure per-app VPN features during development (on iOS, via
NETestAppMappingIf you develop your own VPN transport, you can’t layer it on top of a built-in VPN transport. So if you decide you need your own IKEv2 implementation, you have to write it from scratch.
Does that address your questions?
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"What I should do next to make the VPN work?
If you’re building your own packet tunnel provider, your next step would be “implement IKEv2”. Which, as I said earlier, is a non-trivial amount of work.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"i am searching how to use non person vpn because
1. I cant change the name of vpn even I set vpnManager.localizedDescription = "xxxxxx"
2. i dont wanna show server address and username for the connection
3. i dont wanna custom use the connection by click the connect the setting-vpn page
are there anyway to gigure out that in personal vpn?