2

I am working on an iOS app that is configured to work with Pulse Secure VPN. I have subscribed to the reachability change notification to log network down scenarios. The below code in AppDelegate.m is working fine as it is. If per app VPN is enabled, it does not recognize network change(LTE to Airplane Mode and vice versa).

-(BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
{
    self.reachability = [Reachability reachabilityForInternetConnection];
    [self.reachability startNotifier];

    [[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(reachabilityChanged:) name:kReachabilityChangedNotification object:nil];
}

- (void) reachabilityChanged:(NSNotification *)note
{
    Reachability* curReach = [note object];
    NetworkStatus netStatus = [reachability currentReachabilityStatus];
    switch (netStatus)
    {
        case NotReachable:
        {
            break;
        }
        case ReachableViaWWAN:
        {
            break;
        }
        case ReachableViaWiFi:
        {
            break;
        }
    }
}

It would be helpful to know if I need to do extra configuration for VPN enabled app. I cannot use reachabilityWithHostName: since the app connects to various domains.

KrishnaKumar
  • 188
  • 10

1 Answers1

3

Interesting. I happen to be the author of a VPN app which uses the Reachability class, so I was able to set some breakpoints and see what's going on.

My app supports both OpenVPN and IKEv2. I tried both, and here's what I found:

IKEv2 (via Apple's NetworkExtension framework): Reachability messages are delivered correctly, even while a VPN connection is active. (Verified by pulling ethernet cable).

OpenVPN: Reachability messages are not delivered while the VPN is connected. Pulled plug, re-plugged, no notifications came in until I disconnected the VPN from within the app.

It wasn't immediately clear from their website which backend Pulse VPN uses. If they're using OpenVPN you might be outta luck.

The way OpenVPN works is by injecting itself into your network traffic via the "tun" and "tap" devices (think tunnel and wiretap). In doing this, it might suppress whatever Apple uses for reachability notification generation. You'd probably need to talk to Apple for that level of specificity, though.

The heavy-handed solution would be to do an HTTP GET to a server somewhere, on a timer. That's as inelegant as it gets, so use with caution and only in the most dire of circumstances.

TyR
  • 718
  • 4
  • 9
  • Thanks for the reply. We don't have any explicit code to connect to Pulse VPN. The VPN config is added on top of the build to communicate with Pulse VPN app. Will have to talk to Pulse support to get the details on VPN framework they use. – KrishnaKumar Sep 19 '16 at 15:23