Hi,
I've created a packet tunnel but my packetFlow
object isn't get called with any packets. Do I need to do something else to configure the packetFlow
? Maybe I have to link it to a NWUDPSession
?
Thanks,
Dave
class PacketTunnelProvider: NEPacketTunnelProvider {
override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) {
let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: tunnelRemoteAddress)
settings.ipv4Settings = NEIPv4Settings(addresses: [tunnelRemoteAddress], subnetMasks: ["255.255.255.255"])
settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]
setTunnelNetworkSettings(settings) { error in
completionHandler(error)
self.readPacketObjects()
}
}
private func readPacketObjects() {
self.packetFlow.readPacketObjects() { packets in
// It never gets here.
self.logMessage("Got '\(packets.count)' packet(s)")
self.packetFlow.writePacketObjects(packets)
self.readPacketObjects()
}
}
}
No. The routing of packets to your provider is independent of what the provider actually does with those packets. In a real VPN setup you’d want to set up your tunnel before you call the completion handler — indeed, you typically want to do this before calling setTunnelNetworkSettings(…)
, because important settings are coming from the VPN server — but if you’re just bringing things up then there’s no requirement to have the tunnel in place in order to get packets.
Rather, packets are routed to you based on your tunnel settings. And assuming you’re in destination IP mode — that is, the routingMethod
property is .destinationIP
, so not per-app VPN — then packets are routed to you based on their destination IP address.
Currently you’re claiming the default route. That sounds like it’ll simplify things, but it doesn’t. If you claim the default route then you need to provide a working DNS configuration. So, just to get things started:
-
Claim a route to a specific network.
-
Write a small test project that sends UDP datagrams to an IP address on that network.
Can you receive those packets?
Also, I’m not sure what you’re hoping to achieve via that writePacketObjects(…)
call, but it’s almost most definitely not correct. The writePacketObjects(…)
method is the mechanism you use to pass packets coming it from your VPN tunnel up to the networking stack. Echoing back packets in this way is not going to do anything useful.
Finally, I wanna make sure you’re using a packet tunnel provider to implement… well… a packet tunnel. I see lots of folks attempt to use it for ‘off-label’ purposes and that generally ends badly. See TN3120 Expected use cases for Network Extension packet tunnel providers.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"