halo
commented
7 years ago Hi, thank you for your question. And a very good question, too :)
The way macosvpn works, is by using the SCNetwork​Configuration API to create VPN network configurations. Literally just as if the user went into "System Preferences" manually and created the VPN connections there by hand. This process is certainly out of the scope of what sandboxed applications distributed by the App Store are "allowed" to do. In fact, macosvpn will only work if you provide your administrator password, because the API is so low-level that it won't run unless you have root permissions.
Guess what, there is no documentation by Apple on how to do this. It was pretty much a trial-and-error progress (I just happened to be the first one to succeed and publish the resulting source code, I know that companies have succeeded in this before in their proprietary apps, such as USB stick modem vendors).
And if there is no documentation by Apple for something, it most probably means, that Apple doesn't like the API it created. And since they cannot change any existing API, they may simply introduce a new API, have them both alive at the same time and, at some point in the future, drop the old one. I have the impression that the new NEVPNManager, which you mentioned, is just that potential replacement. It's new and shiny and was introduced in iOS 8, but became generally usable in iOS 9.
Most importantly, the NEVPNManager does not require special permissions to create one VPN. So it works even for apps distributed on the App Store. Notice how I say "one" VPN. Every iOS app is allowed to create exactly one VPN configuration and have control over it.
That's at least what I gathered from this video here which was very helpful to me.
So, the answer to your question is: no. You won't be able to use the internals of macosvpn because it uses an API that is "old" and requires root permissions. You will, however, be able to use the NEVPNManager to create a VPN on iOS, but just like you say, only IPSec and IKEv2.
Fun fact: IKEv2 does not even exist in the old SCNetworkConfiguration protocol. That's why I'm going to close https://github.com/halo/macosvpn/issues/24 :) This is another indicator for Apple completely going over to the new and shiny API.
Now, I haven't used NEVPNManager yet, so I cannot tell you how to create a custom protocol. And I'm sure not keen to go through another trial-and-error adventure :D Even though I assume that the new API is considerably better documented.
As an alternative you might want to look at this article because I'm sure that those mobileconfigs support L2TP on iOS.
Good luck! I'm going to close this issue soon, but feel free to re-open it or create a new one any time.
serjooo
Hello! I see that your application supports L2TP/IPSEC configurations. Would the solution you have provided work to implement the same on iOS? As you might know iOS only provides solutions to only 2 protocols for VPN, that being IPSEC and IKEV2. I want to create a mobile application that would allow users to easily add a L2TP/IPSEC configuration, and connect to it through the application, by just selecting one of the servers provided in the app.
I researched a lot about this, and the only way this is possible is to develop a custom Protocol for L2TP/IPSEC and extending NetworkExtension and using NETunnelProvider and unfortunately I have no idea how to do this, and there are not enough resources to be found to help me learn to accomplish this. Then I stumbled across your project and I found that you support L2TP/IPSEC configurations on MacOS was wondering if the same would work for iOS.