Hi,
We are building a VPN application with a packet tunnel network extension. The NE (network extension) provides the VPN itself (obviously) alongside some VPN related functionalities. The VPN does not intends to capture all the network, instead it just give access to one or several remote network (aka we are only routing some subnet to the NE).
The issue is that for some functionalities, we would need the NE to create network connection that might need to be routed through the tunnel. The issue is that the routes that we declared with the NE are not applied to the network traffic emanating from the NE itself.
I do understand that this is a requirement to avoid VPN loop, moreover with VPN that capture all the traffic. But in our case we know we will avoid collision since we only route some networks.
What solution do we have ? Is there an option somewhere to for the application of all route to the NE ?
We thought about binding the socket to the tun interface
Right. With BSD Sockets that’s the path forward.
Note that you don’t have to use bind for this. Rather, use the IP_BOUND_IF (IPv4) or IPV6_BOUND_IF (IPv6) socket options.
Of could, you still have to know what interface to bind to. Nowadays that’s pretty straightforward. Fetch the virtualInterface property and get its index property [1].
On older systems things are significantly less convenient. The best option I’ve seen is to get the interface list (getifaddrs) and look for the interface that has the same address setup that you configured on your tunnel.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] In C, the virtualInterface property is of type nw_interface_t, and you call the nw_interface_get_index function to get its index.