I found that some UDP packets did not enter the VPN tunnel, what should I do?

App & System Services Networking
Shingi OP
Created Jul ’20
Replies 7
Boosts 0
Views 485
Participants 2
As an iOS developer, I am developing a VPN app. I found that the UDP packets of some apps did not enter the VPN tunnel, so I could not intercept them. Fortunately, most of the other APP data can enter the tunnel and work normally. I don't know what went wrong, but could you give me some ideas?
Replies  7
Boosts  0
Views  485
Participants  2
Shingi OP
Jul ’20
In addition, my APP works like this: it intercepts all the data through VPN, then changes the target IP, but finds that some UDP data cannot be intercepted.
0
Systems Engineer OP
Apple
Jul ’20

it intercepts all the data through VPN, then changes the target IP

Sounds like you could have a use case her for an App Proxy instead of a Packet Tunnel if you are rewriting the destination? What is the use case here?

There are many reasons these packets are not claimed by your tunnel.

1) These packets could be outside of the address range you are claiming on your Tunnel.

2) For UDP, if this is DNS, you may not be handling DNS for the domains there packets are being sent to resolve for.

My recommendation would be to check your address and route settings.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Shingi OP
Jul ’20
Thanks for your reply, but there are still the following questions:

1) These packets could be outside of the address range you are claiming on your Tunnel.

I wrote the following code, but there is still some UDP data that will not enter the tunnel, is it not effective?
[NEIPv4Route defaultRoute].

2) For UDP, if this is DNS, you may not be handling DNS for the domains there packets are being sent to resolve for.

This, I know, does not include DNS.



0
Systems Engineer OP
Apple
Jul ’20

I wrote the following code, but there is still some UDP data that will not enter the tunnel, is it not effective?
[NEIPv4Route defaultRoute].

The default route is essentially the last stop in the routing table to claim traffic. If you are not seeing traffic being claimed by the default route, try and be more specific in the requirements.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Shingi OP
Jul ’20
Well, I need to intercept all data traffic, but I found that after setting "NEIPv4Route defaultRoute", not all data will enter the tunnel. I don’t know what to do now, or how do I set it up to intercept all packets?
0
Systems Engineer OP
Apple
Aug ’20
You need to research why this traffic is not being claimed by your address and routing configuration and adjust your tunnel from there. You can start by taking a packet trace of all the data coming off of your rvi and evaluating what makes it through the tunnel and what doesn't. From there adjust your address and routing setting.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com 
0
Shingi OP
Aug ’20
if the includedRoutes attribute uses [NEIPv4Route defaultRoute], does it mean that all data on the phone will enter the tunnel?
0
I found that some UDP packets did not enter the VPN tunnel, what should I do?
First post date Last post date
 
 
Q