Recently I experienced some weird issues with iOS VPN including personal VPN(IPsec VPN) and enterprise VPN(custom ssl VPN) when running some applications on both mac and iOS.
I coded a network extension program which can run on both mac and iOS. In the network extension it intercepts the packets from the NEPacketTunnelFlow and encap them with a self defined header which is 16 bytes and send them via a UDP session to the remote server.
test env: Xcode 12.0.1 / iOS 14.0 SDK / iPhone iOS 12.4.8
Here are some test results as following.
There is no such issue on WIFI network.
I suspect it's related to the mtu setting so I tried
with different tunnelOverheadBytes or mtu values:
on wifi network(my router's mtu is 1480):
work: -100/-16/20 (<=20)
not work: 21 (> 20)
on mobile network:
work:0/-16/-100(very slow)
not work: 1/2/5/10/20/21/28 (> 0)
It's weird that negative numbers work for overhead setting.
And it seems on WIFI network the range of x <= 20 work for the Roblox game application( can join the server and play some games without any problems) and on mobile network the range is x <=0.
Or set mtu instead of tunnelOverheadBytes:
on wifi network:
work:1480/1485/1490/1500
not work:1464/1479/1600
on mobile network:
work:1480/1485/1490/1500
not work:1464/1479/1600/2000
It seems the working value range is [1480, 1500] for both WIFI and mobile network.
And also, Speedtest works on WIFI network but not on mobile network.
To my understanding in the network extension we only need to set the tunnelOverheadBytes and the iOS will compute the mtu size and we don't need to care about the difference between different type of network.
But actually there are differences.
Now I'm totally confused. Apparently the value of tunnelOverheadBytes or mtu is quite critical for the network traffic. How to correctly set the tunnelOverheadBytes in the network extension for both WIFI and mobile network?
I coded a network extension program which can run on both mac and iOS. In the network extension it intercepts the packets from the NEPacketTunnelFlow and encap them with a self defined header which is 16 bytes and send them via a UDP session to the remote server.
test env: Xcode 12.0.1 / iOS 14.0 SDK / iPhone iOS 12.4.8
Here are some test results as following.
IPSec VPN(personal VPN) which is supported natively by iOS: when running Speedtest from OOKLA it failed to test on mobile network(in my case it's 4G). The message shows
Code Block ERROR Test failed to complete. Check your internet connection and try again OK
There is no such issue on WIFI network.
custom ssl VPN(enterprise VPN) created by using NETunnelProviderManager:
Code Block Disconnected Failed to connect to the Game.(ID=17:Connection attempt failed.)(Error Code: 279) Leave
I suspect it's related to the mtu setting so I tried
with different tunnelOverheadBytes or mtu values:
on wifi network(my router's mtu is 1480):
work: -100/-16/20 (<=20)
not work: 21 (> 20)
on mobile network:
work:0/-16/-100(very slow)
not work: 1/2/5/10/20/21/28 (> 0)
It's weird that negative numbers work for overhead setting.
And it seems on WIFI network the range of x <= 20 work for the Roblox game application( can join the server and play some games without any problems) and on mobile network the range is x <=0.
Or set mtu instead of tunnelOverheadBytes:
on wifi network:
work:1480/1485/1490/1500
not work:1464/1479/1600
on mobile network:
work:1480/1485/1490/1500
not work:1464/1479/1600/2000
It seems the working value range is [1480, 1500] for both WIFI and mobile network.
And also, Speedtest works on WIFI network but not on mobile network.
To my understanding in the network extension we only need to set the tunnelOverheadBytes and the iOS will compute the mtu size and we don't need to care about the difference between different type of network.
But actually there are differences.
Now I'm totally confused. Apparently the value of tunnelOverheadBytes or mtu is quite critical for the network traffic. How to correctly set the tunnelOverheadBytes in the network extension for both WIFI and mobile network?
