-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use iOS VPN API #23
Comments
If using this API won't let Apple approve this app, it makes no difference. |
Why not have a try? shadowsocks is an VPN app, no diff with AnyConnect or OpenVPN. OpenVPN thought they can not get such API detail from Apple. Now their app is on AppStore.Best regards, AirBlue Sharing Frequently asked questions: http://www.if0rce.com/en/2011/11/06/airsharing-f-a-q/ iBluever Frequently asked questions: http://www.if0rce.com/en/2010/12/29/ibluever-f-a-q/ iBluever W/ OnDemand Configuration Guide Lines: http://www.if0rce.com/en/2011/06/05/ibluever-w-ondemand-configuration-guide-lines/ AirBlue Sharing 常见问题: http://www.if0rce.com/2011/10/26/airblue-sharing-使用方法及常见问题/ iBluever 常见问题: http://www.if0rce.com/2010/12/29/有关-ibluever-的常见问题/ iBluever W/ OnDemand 配置指南: Cydia Store 银联卡支付教程: http://jbguide.me/2012/04/09/buy-tweaks-via-yinlian-for-video/ On Sun, Feb 16, 2014 at 9:03 AM, clowwindy notifications@github.com
|
Shadowsocks is a socks5 proxy. We have to create a VPN adapter first. Since you're familiar with the private VPN API, maybe you can send me a pull request? |
So are you going to implement this packet based vpn layer in shadowsocks or only in the iOS app? Thanks, AirBlue Sharing Frequently asked questions: http://www.if0rce.com/en/2011/11/06/airsharing-f-a-q/ iBluever Frequently asked questions: http://www.if0rce.com/en/2010/12/29/ibluever-f-a-q/ iBluever W/ OnDemand Configuration Guide Lines: http://www.if0rce.com/en/2011/06/05/ibluever-w-ondemand-configuration-guide-lines/ AirBlue Sharing 常见问题: http://www.if0rce.com/2011/10/26/airblue-sharing-使用方法及常见问题/ AirBlue Sharing 支付宝购买方法: http://www.if0rce.com/2012/02/29/airblue-sharing-%e6%94%af%e4%bb%98%e5%ae%9d%e8%b4%ad%e4%b9%b0%e6%96%b9%e6%b3%95/ iBluever 常见问题: http://www.if0rce.com/2010/12/29/有关-ibluever-的常见问题/ iBluever W/ OnDemand 配置指南: iBluever 支付宝购买流程: http://www.if0rce.com/2011/05/22/ibluever-alipay/ Cydia Store 银联卡支付教程: http://jbguide.me/2012/04/09/buy-tweaks-via-yinlian-for-video/ On Monday, February 17, 2014 at 11:53 AM, clowwindy wrote:
|
Only in the iOS app. |
@Smartype We're using VPNService and tun2socks (badvpn) to implement the VPN mode of shadowsocks-android. You can get more details from here https://github.com/shadowsocks/shadowsocks-android/tree/master/src/main/jni/badvpn/tun2socks |
hello i read here : https://github.com/shadowsocks/shadowsocks-iOS/wiki/Help could anybody help me about how i could edit this app to user is unlimited for my self ? i need if very very much , thanks |
It seems that only after signing an NDA, Apple will approve an app using the vpnlugin API. |
I thought openvpn is GPL licensed, which does not allow add AppStore protection. So I did not submit it to AppStore. Even if now OpenVPN is in AppStore. It still looks illegal.
It does not worth the effort implement the vpnplugin in shadow socks. And I don't like the badvpn implementation personally. Ok, I guess I will submit the vpnplugin API to GitHub. If someone interests in this and does not hate badvpn, he/she can implement this. As I reversed the interface, it is not limited by the silly NDA, right? :) Have a good day!Best regards, AirBlue Sharing Frequently asked questions: http://www.if0rce.com/en/2011/11/06/airsharing-f-a-q/ iBluever Frequently asked questions: http://www.if0rce.com/en/2010/12/29/ibluever-f-a-q/ iBluever W/ OnDemand Configuration Guide Lines: http://www.if0rce.com/en/2011/06/05/ibluever-w-ondemand-configuration-guide-lines/ AirBlue Sharing 常见问题: http://www.if0rce.com/2011/10/26/airblue-sharing-使用方法及常见问题/ iBluever 常见问题: http://www.if0rce.com/2010/12/29/有关-ibluever-的常见问题/ iBluever W/ OnDemand 配置指南: Cydia Store 银联卡支付教程: http://jbguide.me/2012/04/09/buy-tweaks-via-yinlian-for-video/ On Sat, Mar 1, 2014 at 3:21 AM, clowwindy notifications@github.com
|
While we can't distribute this app via App Store, we can still build the app for our own devices. I still want to have a try. Thanks for the effort you made for reversing the API. |
Many thanks! |
There are two known implementations to look at (for reverse engineering purposes). Cisco AnyConnect and OpenVPN Connect. To quote a post on the OpenVPN forums:
The |
Updates:
I now have a plugin bundle loading and "working" (setting status to enabled), but I have not been able to redirect traffic just yet. |
If you still want to get this working, I can add more comments for you. It is really straightforward. I had ever created a fully working openvpn client. This won't get shadowsocks approval led by Apple. But this is much better than "playing silent audio", which is really dirty hack.Best regards, AirBlue Sharing Frequently asked questions: http://www.if0rce.com/en/2011/11/06/airsharing-f-a-q/ iBluever Frequently asked questions: http://www.if0rce.com/en/2010/12/29/ibluever-f-a-q/ iBluever W/ OnDemand Configuration Guide Lines: http://www.if0rce.com/en/2011/06/05/ibluever-w-ondemand-configuration-guide-lines/ AirBlue Sharing 常见问题: http://www.if0rce.com/2011/10/26/airblue-sharing-使用方法及常见问题/ iBluever 常见问题: http://www.if0rce.com/2010/12/29/有关-ibluever-的常见问题/ iBluever W/ OnDemand 配置指南: Cydia Store 银联卡支付教程: http://jbguide.me/2012/04/09/buy-tweaks-via-yinlian-for-video/ On Tue, May 13, 2014 at 5:04 AM, Conrad Kramer notifications@github.com
|
I understand the configuration and loading process (most of the functions), just not the actual traffic redirection part. Would you be able to post the old OpenVPN client for sample code? I'd love to see a sample implementation of the exported APIs. |
I have added some example files. |
When your plugin is launched by the vpnagent, Plugin_VPNTunnelInit will be called. The settings dict includes TunnelSocket, this is the socket fd created for you. Read it to get ipv4 packets from apps. Then write ipv4 packets from vpn to this fd. |
Even if it only keep the app running in background, can be really awesome |
Don't use 99$ developer license, use 299$ iOS Development Enterprise Program this license don't need submit to app store,through web download and install. |
Which framework provides the implementations for the files in the iOSVPNPlugin.h header? |
I guess it is SystemConfiguration. I suggest you grep the functions in Frameworks and PrivateFrameworks. Best regards, AirBlue Sharing Frequently asked questions: http://www.if0rce.com/en/2011/11/06/airsharing-f-a-q/ iBluever Frequently asked questions: http://www.if0rce.com/en/2010/12/29/ibluever-f-a-q/ iBluever W/ OnDemand Configuration Guide Lines: http://www.if0rce.com/en/2011/06/05/ibluever-w-ondemand-configuration-guide-lines/ AirBlue Sharing 常见问题: http://www.if0rce.com/2011/10/26/airblue-sharing-使用方法及常见问题/ iBluever 常见问题: http://www.if0rce.com/2010/12/29/有关-ibluever-的常见问题/ iBluever W/ OnDemand 配置指南: Cydia Store 银联卡支付教程: http://jbguide.me/2012/04/09/buy-tweaks-via-yinlian-for-video/ On Fri, May 16, 2014 at 11:46 PM, Jeff Wofford notifications@github.com
|
@conradev I tried indeed cannot using |
It is an fd to an utun device. Try ifconfig and you will see it. Before you can see any data on that device. You will have to publish a network service which overwrite the default route. My examples should have implemented such functions, just call them when you have successfully established the VPN tunnel. Then try select/cfsocket/kevent on it to see if any datagram. You will found that they are ipv4 packets, forward them with your VPN connection. You can play with openvpn or something else first to understand the tun device and VPN details. iOS VPN plug provides the utun interface and other API for you to override default route. What you have to do is encrypting ip packets and transferring them between the VPN server. Best regards, AirBlue Sharing Frequently asked questions: http://www.if0rce.com/en/2011/11/06/airsharing-f-a-q/ iBluever Frequently asked questions: http://www.if0rce.com/en/2010/12/29/ibluever-f-a-q/ iBluever W/ OnDemand Configuration Guide Lines: http://www.if0rce.com/en/2011/06/05/ibluever-w-ondemand-configuration-guide-lines/ AirBlue Sharing 常见问题: http://www.if0rce.com/2011/10/26/airblue-sharing-使用方法及常见问题/ iBluever 常见问题: http://www.if0rce.com/2010/12/29/有关-ibluever-的常见问题/ iBluever W/ OnDemand 配置指南: Cydia Store 银联卡支付教程: http://jbguide.me/2012/04/09/buy-tweaks-via-yinlian-for-video/ On Mon, May 19, 2014 at 12:41 AM, Conrad Kramer notifications@github.com
|
@Smartype Thanks for providing the example code. I've been working with it to build a VPN Plugin, and I find that something is missing (or I'm missing something). I'm able to package the vpn plugin bundle along with an app in an IPA, and I believe I'm setting the correct entitlements because the vpn plugin is being installed with the app. But calling VPNConfigurationConnectionStart() only gives the console output: |
can anyone tell me how to use opnvpn Plugin in ios project..i downloaded the repo but no xcodeconfig file present .any guide lines how to compile it please ..few files are missing i guess |
@Smartype Would you please share more detail about iOS_VPNPlugin? Seems there're some missing required files like VPNPluginMsgTypes.h. If no detail or missing files provided, it will be pretty hard to implement. |
Ignore it. That’s where you define your app msg. enum { typedef int32_t AppleVPN_MessageType; On Jul 7, 2014, at 7:44 PM, Kun notifications@github.com wrote:
|
@Smartype OK, thanks! |
Best regards, AirBlue Sharing Frequently asked questions: http://www.if0rce.com/en/2011/11/06/airsharing-f-a-q/ iBluever Frequently asked questions: http://www.if0rce.com/en/2010/12/29/ibluever-f-a-q/ iBluever W/ OnDemand Configuration Guide Lines: http://www.if0rce.com/en/2011/06/05/ibluever-w-ondemand-configuration-guide-lines/ On Thu, Jul 24, 2014 at 3:44 AM, arrrow-pk notifications@github.com
|
In iOS8 apple added the Network Extension Framework, for VPN configuration support. At least we may have it run on iOS8 without being denied by AppStore. |
@huajiahen It's just an API to turn on/off VPN. |
@clowwindy @huajiahen Here's an article describing the new iOS 8 API |
I fixed the project "iOS_VPNPlugin" at https://github.com/ligun123/iOS_VPNPlugin. |
@ligun123 do you get the following error when compiling the plugin? Undefined symbols for architecture arm64: |
@ligun123 are you able to build the project uploaded by you? |
Can anyone tell me the list of private API's being used in implementing the vpn service? |
@huajiahen @clowwindy @chrisballinger |
@bronze1man :( |
may i ask the reason not building 2 versions: App store/private? |
Pull requests are welcome. |
iOS 9 introduced a public API that allows us to implement VPN and transparent proxy apps. |
We are interested in analyzing IP PAckets and the only way we found out with out using private APIs are :VPN Approach. We do not want VPN to terminate at server and also we want to reduce Over the Air traffic. Is it possible to create a local loop back tunnel by giving route overwritten as 128.0.0.0 and 0.0.0.0 and do all packet analysis in the phone itself? If so how do we mention the same in configuration |
It would be good if we get to know how to create a local loop back UTUN? |
Any progress with the local loop back? |
not much as was held with other work..will try and update you tomorrow On Thu, Jul 30, 2015 at 8:13 PM, Mike Kane notifications@github.com wrote:
|
that would be great, Im trying to do the same and I can only get it to work via WWAN. If I start is on wifi I get cant assign address, but if i turn wifi off presto success.. Thanks! |
Any update? We now have NEPacketTunnelProvider, which can be used to implement custom VPN APIs. |
@conradev @Smartype I'm now try to create a openvpn client in iOS8 jailbreaked. But failed in creating the vpnplugin. I add a framework target ,rename it to myProvider.vpnplugin, and use command PackageApplication to add the framework into ipa. But it result in failed to install ipa using |
Since iOS 4.2, an VPN API is added.
Such API is used by Cisco AnyConnect and some other apps from big companies.
A few years later, OpenVPN added such support.
This API can be easily reversed. Actually I had created an OpenVPN client before the official client going to AppStore, I didn't submit it to AppStore because I do not think Apple would allow me to use this private API.
To use this API, you will have to create a vpnplugin, iOS will create a sandbox env for this bundle, you app can still talk to the plugin to pass configurations to it. When user is turn on VPN of your kind in Preferences, the bundle will be launched to provide VPN service. You bundle can keep running all time unless the user disconnect it.
By the way, this API is IP packet based.
The text was updated successfully, but these errors were encountered: