I've found a few articles online such as this one which discuss using the new NetworkExtension.framework in iOS 8 and it's corresponding NEVPNManager class to create custom VPN configurations programatically.
It's implied that these configurations will only affect my app, and not other things in the background, but I've been unable to find anything definitive. The code references various things with names like sharedManager so it's not obvious.
So, if I create a VPN programatically with NEVPNManager and connect to it from within my iOS app, will it affect other apps and/or background services?
We're using NEVPNManager to connect VPN, that limits internet connectivity. All the apps on the device fail to connect their services, when our VPN is connected. However, some system services (like APNS) are still working somehow.
Related
I've searched google and only found the MultipeerConnectivity framework in iOS but I don't know how I could make it work for my specific case.
The flow of what I want to do is like this:
Enable personal hotspot in iOS
Connect to hotspot from a raspberry pie
Once client is connected, send a message string from the iOS app.
Assuming that the raspberry pie connection is already sorted out (We're using a static SSID and Password for the hotspot)
The questions that come up are:
Which framework should I use (assuming there is one already)?
do I need to explicitly advertise the iOS device from the app?
How do I get notified when the raspberry connects to the phone?
How do I send a message to the connected client?
Although I never developed anything for Pi, I developed net service browsing for iOS devices, so can give an answer.
When you connect to iPhone hotspot, it's a usual WiFi connection, so here you can use Bonjour protocol (mDNS) to discover devices one another.
Run Avahi mDNS service on Pi, and discover it on iPhone.
Here is how to run Avahi on Pi.
Here is how to discover mDNS net service on iPhone.
After net service is discovered with NSNetServiceBrowser, you'll have IP address and port of your Pi available on your iPhone, so you can connect to it.
If you are trying to setup a IoT system, it may be useful to look into various cloud offerings to facilitate messaging between devices. Personally I have used AWS IoT core services in the past, and it is relatively easy to setup messaging between devices.
I am not sure what your exact use case is for this setup, but using a cloud based service to setup messaging between devices will remove the requirement to connect directly between devices via hotspot (the pi still needs some internet connection), and could make it easier to enable multiple devices and app clients in the system.
In iOS settings, there are options to create a VPN configuration using IPSec, IKEv2, and L2TP. Using the NetworkExtension framework from Apple there's an option to create VPN using IPSec and IKEv2 protocols only. They do work but problem is that I need to create a connection via L2TP since that's only supported by the company's firewall.
There's a question iOS app with custom VPN connect from 2014 and it's answered with:
If you want to connect programmatically in ios 8 you can use only IPSec or IKEv2 protocols. L2TP and PPTP protocols are private for apple. It is not possible to use L2TP and PPTP APIs in your applications. Only Apple is currently using these APIs.
Is there any way to create a L2TP VPN connection from an iOS application (Swift)?
The Personal VPN feature that allows using built-in protocols doesn't support unencrypted protocols, presumably for security reasons:
Personal VPN only supports recommended VPN protocols; it doesn’t support legacy VPN protocols, like PPTP and L2TP.
However, that's not the only way to implement a VPN app. You can also create a Packet Tunnel Provider to tunnel layer 3 packets yourself, or an App Proxy Provider for TCP and UDP connections. A packet tunnel provider would allow using your own L2TP implementation.
This might be solving the wrong problem, though. If this is for a specific company, why not use MDM instead of a custom app? MDM does support L2TP.
It is not possible to create a L2TP VPN connection from an iOS application. Only Apple is currently using the L2TP and PPTP APIs.
Is it possible that the company this is for has some sort of internal framework or package you can use for their VPN authentication within your app?
You can make use of every proxy app available on Android playstore. Basically youre iOS device will make use of the hostpot from android phone.
Remember youre android phone must be connected to L2TP VPN.
Every proxy will put all the connection of VPN shared to iOS device.
iOS device in settings we need to add ip and port. You will now be connected to VPN on iOS.
You can try hosting an l2tp server on your mac and connect another device remotely to the server using the settings->network->vpn->l2tp and provide the settings. I haven't tried it personally. On the iPhone General->VPN Management->L2tp can be used.
Looking at VPN configuration in apple's Configurator tool, it offers many different types of VPN, such as
L2TP
PPTP
Cisco AnyConnect
Juniper SSL
Check Point Mobile VPN
etc
I'd like to create a custom VPN configuration programmatically using NEVPNManager, however looking at the list of objects added in the NetworkExtension framework there are only 2 protocol classes - NEVPNProtocolIPSec and NEVPNProtocolIKEv2.
I'm new to the world of VPN's, so my question is this:
Are those proprietary VPN types (such as Cisco AnyConnect) just variations of IPSec or IKEv2, and thus can I set them up using one of those protocol classes, or is it not currently possible to do this with NEVPNManager
You can implement your own version of VPN via NEVPNManager, but you can't use it to set up / edit other VPNs (such as Cisco).
Thank you for requesting information about the Network Extension framework. Please note that as of November 10, 2016 this process is not required for developers who wish to use App Proxy, Content Filter, or Packet Tunnel APIs. To use these services please navigate to your Developer Account at https://developer.apple.com/account/ and select the Network Extension capability for the App ID you will be using for your app.
If you are requesting an entitlement for Hotspot Helper APIs and have already filled out the request questionnaire then your request will be addressed at our earliest convenience. Otherwise please visit https://developer.apple.com/contact/network-extension/ and enter the required information.
Regards,
Developer Technical Support
Apple Worldwide Developer Relations
I've recently noticed that some iOS applications, such as the Astrill VPN Client, are able to create and dial VPN connections. In this specific case they seem to be Cisco IPSEC connections. I have not been able to locate any official Apple documentation on how to do this. Can anyone please tell me how this is possible?
Please note that I know how to configure VPN connections manually. The reason I want my application to do it is to provide an idiot proof and streamlined process for customers.
These iOS apps achieve this by installing a VPN dialling profile that contains a VPN On Demand setting for a specific network and then simply try to connect to an address on that network, which prompts iOS to establish the VPN connection.
VPN On Demand can only be enabled for the IPSec (Cisco) connection type. You can create a dialling profile to do this using the iPhone Configuration Utility to see how it works.
I have to build an App that connects to a special Wi-Fi network and the opens an Ip address that is only available withing the network.
Is it possible to connect to a special wi-fi network (say "Network XYZ") via iPhone App. If so, please let know, so that I have an idea how to solve this.
Sadly no. Not from within the app.
All you can do is instruct user to go to settings and connect to that network.
If iPhone was not registered to any WiFi network before entering your app and your app has usesWiFi key set to YES then user will get a list of available networks to choose from.
One more big problem is: there are no AdHoc networks on this list - only infrastructure networks. AdHoc networks are available only trough settings.
What you could do is to instruct your user to set the auto-join feature on for desired network.
I'm afraid the only way to change the network is via the Settings application. Otherwise, rogue apps might be able to move users to their own proxies without the user's knowing.
It may be possible on jailbroken devices, however, as you would no longer be confined to working within the usual app restrictions on accessing system-level settings.
You can have your app launch once the user connects to the SSID you specify using the CaptiveNetwork API.