1

I'm trying to find out what's the difference between the two. I get the NETunnel is for ssl-vpn's and custom vpn's, but can they still be used interchangeably? Can I use NETunnel to connect to an IPSec VPN?

My main need is to set my dns for the VPN, but I can't seem to do it with NEVPN

Ahad Cove
  • 323
  • 3
  • 12

1 Answers1

1

NEVPNManager is designed to control VPNs based on one of the built-in VPN plug-in types. NETunnelProviderManager is designed to control custom VPN plug-ins (and requires a special entitlement for those plug-ins).

Normally, with most VPNs, you would change the DNS on the other end of the VPN tunnel, by having the actual VPN server send a list of DNS server IPs to the client, this making that a server configuration detail, rather than something the app itself would need to control. NETunnelProviderManager offers that ability because it is designed to handle arbitrary VPN types that might not work that way.

dgatwood
  • 10,129
  • 1
  • 28
  • 49
  • Thank you, so I guess I will have to start merging to NETunnel. Would you happen to have any examples in objective c for NETunnel, I can't seem to find any that I can use. And would I be able to connect to a simple IPSec with IPTunnel similarly to how i use nevpn? – Ahad Cove Dec 08 '17 at 01:18
  • 1
    AFAIK, no, NETunnelProvider is *only* for VPNs that you build yourself. So the only way you could use an IPSec VPN would be if you A. got the source code for an IPSec implementation, B. integrated it into a custom VPN extension, and C. applied to Apple for permission to ship a custom VPN package, which they won't grant unless you have a really good reason (and almost certainly won't grant for just another IPSec VPN). These are not the droids you're looking for. As I said, you should change your server's configuration to tell the client what IP addresses to use for DNS. – dgatwood Dec 08 '17 at 07:38
  • Oh wow, thank you. Okay, yeah the problem with that was that we couldn't force it, but that makes sense. I guess we don't have a choice anymore – Ahad Cove Dec 08 '17 at 11:28