iOS VPN Application using Tunnel Mode with Network extension - ios

Currently Personal iOS Vpn Application implemented using IKEv2 protocol and network extension api but i want implement same thing using Network extension with packet Tunnel provider in tunnel mode.
So can explain clear architecture how to implement and what are library need?

I suggest you look through (and built) the SimpleTunnel sample code. It shows how basic Packet Tunnel and App Proxy providers are set up.

Related

Proxy websocket connections in iOS NEPacketTunnelProvider using NEKit

When I use Charles Proxy for iOS and play some games, I recognize that they etablish connections with the protocol prefix "socket://" followed by an IP address (instead of a hostname, which is always present for other HTTP(s) connections). I'd assume that those are websockets.
Currently, I'm trying to implement a tool to track rudimentary network activity. To archive that, I'm using the NEKit (https://zhuhaow.me/NEKit/) in combination with the NEPacketTunnelProvider extension for iOS. Using that, I was able to set up a local HTTP Proxy server and setup the network interface to redirect every HTTP(s) request over that local proxy. Through an observer, I was able to see all the requested hostnames.
Now I found out, that some games (those which are using websockets) are not working properly with my solution. Regarding to this discussion https://news.ycombinator.com/item?id=16694670 it seems like proxying the HTTP(s) data flow doesn't enable me to handle websocket connections:
Yes, but the problem with Charles (well, iOS related at least) is that iOS websockets don't go through the HTTP Proxy configured. They're just considered a raw socket. Thus, even on desktop Charles, it's a nogo.
Due to that, some apps don't even work when my tracker is enabled, since they can't etablish a connection to their servers.
Is there the possibility to archive something similar for the websocket connections since the combination of GCDHTTPProxyServer (NEKit) and NEProxySettings (NetworkExtension) is only working for HTTP(s)? How can I track and (even better) proxy websocket connections?

How to setup Packet Tunnel Provider with device-internal VPN

I'm trying to build an iOS app that lists all requests that are made from the device, like Charles Proxy does. Much like Charles, my idea has been to create a Packet Tunnel Provider and have it setup a local VPN connection without an external VPN server. The traffic would then be internally routed to the packet tunnel, without requiring an external VPN server.
Since Charles Proxy does so, I know that it is technically possible, but I can't find any information about how to setup a tunnel with an internal VPN connection, instead of using a "real" external VPN server. The only resource people refers to is the SimpleTunnel Apple sample project, which is a couple years old and written in Swift 3.
I have downloaded the SimpleTunnel sample code project, created the correct entitlements and can now run the project and create a VPN configuration that gets listed under Settings, but I just can't connect the VPN tunnel. I have tried changing the server address to 127.1.0.0 and to use IKEv2, but without success. I have also downloaded the source code at https://github.com/lxdcn/NEPacketTunnelVPNDemo but didn't get it to work either.
Does anyone know how to setup an internal VPN server with NetworkExtensions and have the tunnel use that connection?

Implementing VPN with L2TP protocol in iOS app

In iOS settings, there are options to create a VPN configuration using IPSec, IKEv2, and L2TP. Using the NetworkExtension framework from Apple there's an option to create VPN using IPSec and IKEv2 protocols only. They do work but problem is that I need to create a connection via L2TP since that's only supported by the company's firewall.
There's a question iOS app with custom VPN connect from 2014 and it's answered with:
If you want to connect programmatically in ios 8 you can use only IPSec or IKEv2 protocols. L2TP and PPTP protocols are private for apple. It is not possible to use L2TP and PPTP APIs in your applications. Only Apple is currently using these APIs.
Is there any way to create a L2TP VPN connection from an iOS application (Swift)?
The Personal VPN feature that allows using built-in protocols doesn't support unencrypted protocols, presumably for security reasons:
Personal VPN only supports recommended VPN protocols; it doesn’t support legacy VPN protocols, like PPTP and L2TP.
However, that's not the only way to implement a VPN app. You can also create a Packet Tunnel Provider to tunnel layer 3 packets yourself, or an App Proxy Provider for TCP and UDP connections. A packet tunnel provider would allow using your own L2TP implementation.
This might be solving the wrong problem, though. If this is for a specific company, why not use MDM instead of a custom app? MDM does support L2TP.
It is not possible to create a L2TP VPN connection from an iOS application. Only Apple is currently using the L2TP and PPTP APIs.
Is it possible that the company this is for has some sort of internal framework or package you can use for their VPN authentication within your app?
You can make use of every proxy app available on Android playstore. Basically youre iOS device will make use of the hostpot from android phone.
Remember youre android phone must be connected to L2TP VPN.
Every proxy will put all the connection of VPN shared to iOS device.
iOS device in settings we need to add ip and port. You will now be connected to VPN on iOS.
You can try hosting an l2tp server on your mac and connect another device remotely to the server using the settings->network->vpn->l2tp and provide the settings. I haven't tried it personally. On the iPhone General->VPN Management->L2tp can be used.

Is it possible to to communicate an iOS app communicate over the USB port to a Windows computer?

I have an iOS application with a tableview which I would like to send text strings via USB to my Windows computer indicating which cell was selected by the user.Anyone have experience with this type of interface?
I've written a blog post detailing how to achieve this here.
http://thecodewash.blogspot.com/2017/05/communicating-with-your-ios-app-over.html
To answer your question (so this answer isn't just a link), yes it definitely is possible to achieve this utilizing the USB Multiplexing Daemon (usbmuxd) program that is usually installed as part of iTunes. This program can create a socket connection to your iOS device through the USB cable, and allow you to communicate via that socket connection like you would any other socket. The link goes into much more detail.
Hope this helps!
(In short) Yes, you can communicate with ios application via normal socket communication by using ITunes which acts like proxy. In this model your ios app acts like server listening for connection. Windows app must connect to iTunes on port 27015 and estabilish connection to specific port (used by ios app) on connected via usb device. This is done by using a special MUX protocol described here

Built-in VPN types in iOS Network Extension

After some research I saw that IPSec is built-in in iOS Network Extension. Unfortunately, IPSec does not fit our needs.
OpenVPN would be great for our needs but it needs custom implementation of the OpenVPN source code - which is something we would like to avoid because of the difficulty of estimate the amount of work and license issues.
That's why I would like to know if there are other built-in VPN protocols than IPSec in iOS Network Extension so that I can check if it could meet our needs.
In Network extension, there is the class NEVPNProtocol. In the description of this class, we can see that the class NEVPNProtocolIPSec implements IPSec VPN. But I can't see any other VPN built-in protocol.
Could anyone tel me if he knows of other VPN built-in implementation than IPSec ?
Thanks in advance,
"For NEVPNManager objects, this property can be set to either an NEVPNProtocolIPSec object or an NEVPNProtocolIKEv2 object."
For SSL connections, According to the NetworkExtension API reference:
You can use the NETunnelProvider family of APIs to connect iOS and macOS devices to a VPN server that uses a non-standard network tunneling protocol, such as an SSL-VPN server.
I would also be interested in any further information anyone has about using openVPN in Swift apps.

Resources