I am creating a VPN app that tunnels traffic through SSH. Everything works well except for DNS resolution. This is evidenced by using a literal IP address e.g. 1.1.1.1 for which the web page loads. Apps like telegram that connect directly with IP addresses work well too. Now, my question is, how can I solve this? I was thinking of using google DNS servers in the NEDNSSettings and excluding their routes though I don't know how to do that. Any assistance is greatly appreciated.
NEPacketTunnelProvider DNS Resolution not working
I am creating a VPN app that tunnels traffic through SSH. Everything works well except for DNS resolution.
Since you are using SSH, which is based on TCP, if you use DoT or DoH for your DNS, does this work better that cleartext based DNS? Take a look at NEDNSOverHTTPSSettings or NEDNSOverTLSSettings, does this have an impact?
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Thanks for the reply. Do you mean me doing something like this?
let networkSettings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "127.0.0.1")
networkSettings.mtu = 1500
let ipv4Settings = NEIPv4Settings(addresses: ["10.0.0.0"], subnetMasks: ["255.255.255.255"])
ipv4Settings.includedRoutes = [NEIPv4Route.default()]
networkSettings.ipv4Settings = ipv4Settings
let dnsSettings = NEDNSOverHTTPSSettings()
dnsSettings.serverURL = URL(string: "https://dns.adguard.com/dns-query")
dnsSettings.matchDomains = [""]
networkSettings.dnsSettings = dnsSettings
By the way, for more context, my tunnelling functionality is written in Golang and built into a framework with gomobile. The tunnel exposes an http proxy and socks proxy through which traffic can be tunnelled. I already use the same in my android version of the app.
Is there an iOS-specific way I could use to redirect all device traffic to a local HTTP proxy or socks proxy in the NEPacketTunnelProvider instead of my Golang tun2socks implementation?
Redirecting all device traffic to a proxy that exists inside the NEPacketTunnelProvider is not a valid use case for the provider and not something I will help support. You will experience endless issues with the environment you are wanting to create. NEPacketTunnelProvider should be used to provide secure access for clients to remote protected resources, not act as a means to proxy device traffic.
Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Thanks for the reply. However, I thought NEPacketTunnelProvider was one of the ways of implementing a custom VPN protocol on iOS. If this isn't the case, what is the correct way then?