How to setup Packet Tunnel Provider with device-internal VPN - ios

I'm trying to build an iOS app that lists all requests that are made from the device, like Charles Proxy does. Much like Charles, my idea has been to create a Packet Tunnel Provider and have it setup a local VPN connection without an external VPN server. The traffic would then be internally routed to the packet tunnel, without requiring an external VPN server.
Since Charles Proxy does so, I know that it is technically possible, but I can't find any information about how to setup a tunnel with an internal VPN connection, instead of using a "real" external VPN server. The only resource people refers to is the SimpleTunnel Apple sample project, which is a couple years old and written in Swift 3.
I have downloaded the SimpleTunnel sample code project, created the correct entitlements and can now run the project and create a VPN configuration that gets listed under Settings, but I just can't connect the VPN tunnel. I have tried changing the server address to 127.1.0.0 and to use IKEv2, but without success. I have also downloaded the source code at https://github.com/lxdcn/NEPacketTunnelVPNDemo but didn't get it to work either.
Does anyone know how to setup an internal VPN server with NetworkExtensions and have the tunnel use that connection?

Related

Proxy websocket connections in iOS NEPacketTunnelProvider using NEKit

When I use Charles Proxy for iOS and play some games, I recognize that they etablish connections with the protocol prefix "socket://" followed by an IP address (instead of a hostname, which is always present for other HTTP(s) connections). I'd assume that those are websockets.
Currently, I'm trying to implement a tool to track rudimentary network activity. To archive that, I'm using the NEKit (https://zhuhaow.me/NEKit/) in combination with the NEPacketTunnelProvider extension for iOS. Using that, I was able to set up a local HTTP Proxy server and setup the network interface to redirect every HTTP(s) request over that local proxy. Through an observer, I was able to see all the requested hostnames.
Now I found out, that some games (those which are using websockets) are not working properly with my solution. Regarding to this discussion https://news.ycombinator.com/item?id=16694670 it seems like proxying the HTTP(s) data flow doesn't enable me to handle websocket connections:
Yes, but the problem with Charles (well, iOS related at least) is that iOS websockets don't go through the HTTP Proxy configured. They're just considered a raw socket. Thus, even on desktop Charles, it's a nogo.
Due to that, some apps don't even work when my tracker is enabled, since they can't etablish a connection to their servers.
Is there the possibility to archive something similar for the websocket connections since the combination of GCDHTTPProxyServer (NEKit) and NEProxySettings (NetworkExtension) is only working for HTTP(s)? How can I track and (even better) proxy websocket connections?

communicate with remote safenet hsm using TCP connection

I am new to the HSM, i have to connect to remote safenet HSM using TCP connection ? how should i communicate ? whats the TPK,TMK and how it works ? please share some links or documents.
First off, whenever you see a reference to an "_MK" on an HSM, it's referring to the the master key. Each acronym may be vendor specific. These master keys are used to protect other keys that you or your applications may generate on the device.
To interact with a remote SafeNet HSM, the HSM must first be configured for network use. When you first power up a networked HSM, you'll need to connect to it over a serial connection first, and you can then configure an IP for the NIC. Once that's done, you can use the supplied CLI tools that come with the SafeNet Luna Client Driver for Windows/Linux to connect and even do some test operations (demo tool allows testing simple things like RSA key gen).
Is your HSM device a network or PCI based HSM?
As I have been working with network based HSM, you need to install the driver for this particular network HSM and configure it by setting up the IP address (It is a wizard so you will not miss it).
After doing so, the windows registry will be updated and on your application you do not have to change anything, it is as calling normal ProtectToolkit API.
It is mentioned in the manual (PDF) when you purchased the device. Check the installation folder.

Accessing remotely my web service

I have implemented a web service on my mac and I am able to access its functionalities through the url "http://localhost:8080/ServiceApp-war/resources/".
As I got satisfying results that I could see in the iPhone simulator in Xcode, I decided to connect my iPhone and test on it. But for this to work I think I need to change the "localhost" in my URL to the IP address of my mac.
I tried to replace it with my public IP address and I got a "could not connect to the server" error on my console. I also tried to replace "localhost" with the IP address I found in System Preferences-->Network-->Wi-Fi and I could see that it was working on the simulator but still nothing when I connect my iPhone and run the application on it.
Please provide a solution for accessing my web service remotely.
Thank you.
Create hotspot from your mac, connect to it with your iPhone and try again.
<lame solution>
Try some service for temporary domain, it will make your computer accessible from anywhere.
How do you "connect" your iPhone? USB connection does not create a network. Well, it does create if you turn on Personal Hotspot on your iPhone (maybe in some other cases, dunno). But the most simple way is to connect Mac and iPhone to the same WiFi network.
Once connected, you can use any of "ping" apps available on App Store. Just look for "ping" (some kind of "network reachability test" or so). You can check if your Mac is really reachable on the network.
If it's not reachable, check your network settings on both devices: do they belong to the same subnet, do they use the same gateway, etc.
If your Mac is reachable with ping, then you should deal with your web service. I setup the web server (which is already distributed within OS X): it already has all the settings to allow other devices to connect. But your web service may require some additional setup. It's two basic things: it should bind to your IP address (please check http://YOUR.IP:8080/ServiceApp-war/resources/ from your Mac!) and second, accept incoming connections from other agents, you should find it somewhere in its settings.
Ngrok was the perfect solution I was looking for.
https://ngrok.com
You could also try finch, which is similar to ngrok. It has a nice friendly GUI. https://meetfinch.com

How can I programatically create and dial a VPN connection on iOS?

I've recently noticed that some iOS applications, such as the Astrill VPN Client, are able to create and dial VPN connections. In this specific case they seem to be Cisco IPSEC connections. I have not been able to locate any official Apple documentation on how to do this. Can anyone please tell me how this is possible?
Please note that I know how to configure VPN connections manually. The reason I want my application to do it is to provide an idiot proof and streamlined process for customers.
These iOS apps achieve this by installing a VPN dialling profile that contains a VPN On Demand setting for a specific network and then simply try to connect to an address on that network, which prompts iOS to establish the VPN connection.
VPN On Demand can only be enabled for the IPSec (Cisco) connection type. You can create a dialling profile to do this using the iPhone Configuration Utility to see how it works.

Connect iPhone to local server for testing on XCode? -- without using WiFi

So I have an ejabberd (XMPP) server setup on my MacBook. Connects fine with Simulator, only intermittently on the device. The two times it hasn't connected were at cafes that had sign-on gateways for their Wi-Fi. I know nothing when it comes to networks, but I'm guessing this is a Firewall thing?
I'm supposing I can't get around the firewall without an elaborate workaround.
I've found that turning off Wi-Fi on both devices and turning on tethering so that both devices are communicating via data works. However, I'd rather not do this as my data plan is limited and I'd like to be freely internet-connected while I work.
Is there a way to setup XCode to have the phone use the USB connection to access the server on the MacBook? Or maybe some other way I'm not imagining?
Bluetooth doesn't work.
I don't believe that the problem is with some kind of firewall on the network…
Try using the local IP address instead of the hostname, It will change from network to network. To get it, you can open the network utility
In this case it would be [xmppStream setHostName:#"172.16.1.2"];

Resources