eduvpn / apple

app for iOS and macOS
Other
62 stars 18 forks source link

TunnelKit: Don't disconnect when network goes down #280

Closed roop closed 1 year ago

roop commented 4 years ago

This is a proof-of-concept that shows how TunnelKit can be modified to keep the tunnel process running when the network goes down, and wait for the network to come back up. The tunnel process uses NWPathMonitor to figure out when the network is back.

Consequently, connect on demand is turned off.

Being a draft PR, this only modifies the in-repo version of TunnelKit. The Podfile is unchanged.

jeroenleenarts commented 4 years ago

@roop I added my commit on a branch with the same name as on this repository. Can you pick that commit up in your branch? Should be a matter of resetting your branch to the origin one with the same name.

roop commented 4 years ago

The eduVPN/apple:tunnelkit_keep_tunnel_when_network_is_down branch had a couple of other commits not related to this PR, which I did not pick up.

joosth9n commented 4 years ago

Nice work, I only wonder how quick network change detection is done by NWPathMonitor (I assume it's instant though..), we might have to add fire-walling to prevent data leaking after a network comes available and before a reconnection is triggered. The OS probably takes care of it as soon as startTunnel is called, but I can imagine there is some time between when a network comes up and the detection of it by NWPathMonitor. I will test this and let know.

roop commented 4 years ago

@joosthoogendoorn NWPathMonitor's detection takes a good number of seconds -- it's not instant. With this PR, the tunnel doesn't go down and up even if the link goes down and up -- the tunnel is "reasserting" while the link is down. The OS does not call stopTunnel / startTunnel during this time. As far as I know, there's no data leak.