We’re looking to implement a custom IPSec IKEv2 VPN using the Packet Tunnel Provider network extension on iOS because we need to add extra information to EAP, which the built-in IKEv2 VPN configuration does not support.
Is it possible to handle the full IKEv2 negotiation and IPSec tunneling within the Packet Tunnel Provider extension? Or are there limitations that would prevent implementing a full IKEv2 stack this way?
Any insights or alternative approaches would be appreciated. Thanks!
I don’t have a good enough on IKEv2 to give you a definitive answer to this. I suspect that you’ll be generally OK, but I wouldn’t be surprised if you run into the odd speedbump.
I am aware of one thing that the built-in IKEv2 can do that an NE packet tunnel provider can’t do, namely support Always-on VPN. I’m presuming that’s not a big deal for you.
Is this something generally useful? Or extremely specific to your environment? If it’s the former, I encourage you to file an enhancement request for that feature, regardless of what else you do. And in this case, please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"