Adopting iOS 9 network extension points

[clowwindy]

Network extension points:
Use the Packet Tunnel Provider extension point to implement the client side of a custom VPN tunneling protocol.
Use the App Proxy Provider extension point to implement the client side of a custom transparent network proxy protocol.
Use the Filter Data Provider and the Filter Control Provider extension points to implement dynamic, on-device network content filtering.
Each of the network extension points requires special permission from Apple.

[conradev]

Each of the network extension points requires special permission from Apple :(

[clowwindy]

Now that Apple allows anyone to run the code on their own devices, we don't have to publish the app on the App Store.

No, it still requires some entitlements to run on the devices.

[conradev]

Totally, but - the API documentation is hard to piece together and there is no template in Xcode for the extension point. Gonna have to do some reverse engineering.

[conradev]

Totally. We need to find the extension point identifier, too. Cisco and OpenVPN need to update their apps...

[conradev]

I'm going to wait for the single WWDC session before diving in

[blackgear]

A ref: WWDC: What's New in Network Extension and VPN

[icodesign]

Have you made any progress on packet tunnel?

[icodesign]

I'm writing to Apple to see if we can get permission for the API.

So does this mean only those who have grant permissions from Apple can develop global proxy apps?

[clowwindy]

I'm afraid yes.

[icodesign]

I'm afraid yes.

Sad but reasonable. Good luck with SS. 🙏

[muenzpraeger]

The NEAppProxyProvider API only require a MDM deployed app. That can be "simulated" as described in the video.

[xmxsuperstar]

https://developer.apple.com/library/prerelease/ios/releasenotes/General/WhatsNewIniOS/Articles/iOS9.html

[angelovAlex]

There're actually templates for Xcode. You need to install them from

/System/Library/Frameworks/NetworkExtension.framework/Versions/A/Resources/NEProviderTargetTemplates.pkg

But I have not found the way of how to activate a vpn. As there's no shared instance for NETunnelProviderManager I think we need to create a new one.

[NETunnelProviderManager loadAllFromPreferencesWithCompletionHandler:^(NSArray<NETunnelProviderManager *> * __nullable managers, NSError * __nullable error) {

        if (managers.count <= 0){
            NETunnelProviderProtocol *protocol = [[NETunnelProviderProtocol alloc] init];
            protocol.providerConfiguration = @{ @"some parameter" : @"some value" };
            protocol.providerBundleIdentifier = @"com.example.vpn.vpntunnel";

            NETunnelProviderManager *manager = [[NETunnelProviderManager alloc] init];
            [manager setProtocol:protocol];
            [manager setLocalizedDescription:@"My VPN"];
            [manager setOnDemandEnabled:NO];
            [manager setEnabled:YES];

            [manager loadFromPreferencesWithCompletionHandler:^(NSError * __nullable error) {
                NSLog(@"%@", error);
            }];
        }
    }];

On the line NETunnelProviderManager *manager = [[NETunnelProviderManager alloc] init];, the following message appears in the console app:

6/27/15 5:31:13.845 PM VPNOSX[1403]: Application does not have the required entitlements.

It doesn't say which entitlements and there's no any documentation about it.
I want to try this api on MAC OS 10.11. I understand the reason why I need to ask apple for some permission to publish the app with this api to app store, but I can't believe that I have to ask them for permission to run this api on my development machine.
Sorry, that's a little bit off topic, but that is the only thread that I found in the internet so far.

[clowwindy]

Yes. You need to send an email to Apple to get the entitlements. And I'm waiting for their reply.