Release iOS App

[iShift]

Hey, it looks like iOS app is stable, maybe it is possible to release it publicly?

[neilalexander]

It isn’t clear that Apple would accept it onto the App Store due to the use of the VPN APIs.

[iShift]

but a lot of not-realy-vpn VPN apps are in App Store: https://apps.apple.com/us/app/microsoft-defender/id1526737990 (vpn on loopback for traffic analyzing) and https://apps.apple.com/us/app/newnode-vpn/id1473074621 (p2p vpn) and many others.

I think they will accept it, maybe we should try? @neilalexander

[iShift]

... and TailScale also allowed

[neilalexander]

The problem isn't the VPN part, the problem is that we aren't a registered company or organisation, we don't have an Apple Developer account that is set up as an an organisation and Apple seemingly don't allow individual developers to submit VPN apps to the App Store.

https://developer.apple.com/app-store/review/guidelines/#vpn-apps

Apps offering VPN services must utilize the NEVPNManager API and may only be offered by developers enrolled as an organization.

[perguth]

@Thingylabs should be able provide you with an account.

[POMATu]

since yggdrasil actually helps with censorship and by design its ability to take roundabout pathes actually cracks any sort of DPI in a way where i think even chinese can get connected to main segment when few chinese clients "leak" the traffic to outside world i would say iOS client would be good.

A lot of commoners use iphones and while i personally think of em as of people that cant be helped the fact is undeniable: iOS while its being limited to some calculator state and instagram client is still very popular. But to be noted, there are much more limitations rather than just this VPN issues.

First of all you cant even have a proper browser on iOS. Firefox for iOS is not a firefox, its a safari with firefox UI. This is an apple policy which forbids making any browser that is not using their engine (probably to track you?). I have no idea how that shit would behave with yggdrasil ips or yggdrasil domains. It might not be able to connect to it fuck all from the browser side. Due to that you cant setup no any socks configuration inside that browser or install adblocker

Then apple services always go directly and bypass VPN, this is prolly not an issue for yggdrasil specifically but I just added that to display how shit apple is and how their VPN works. You cant do per-app vpn either, you cant whitelist certain apps there is just no such feature init. There is no work profile feature in iOS, you cannot have 2 VPNs running simultaneously

As outcome it looks like iOS client might be not trivial, even if it provides ygg ipv6 no idea if it works out of the box in safari and no idea if it gonna work without ipv6 on carrier network. For alfis domains i think pretty safe to say that they wont work fuck all

I would say if you develop such a client it certainly needs some extra features like few modes: 1) Just yggdrasil ipv6 provision (if it even works like that) 2) just yggdrasil with userspace emulation of VPN where it wiretaps all traffic and routes directly or inside yggdrasil depending on destination 3) yggdrasil + ability to route all VPN traffic to some socks inside yggdrasil or wireguard or openvpn or any other kind of tunnel With 3) that would be a killer app to actually have it enabled all of the time and it could be a better VPN this way, when you dont have to toggle it back and forth

But once again people from The Sect of Apple use iOS as calculator, notepad and to access instagram (because this brick cant do anything else) and everything i described above can be done with just openvpn/wireguard and some VPS with NAT. It seems like there wont be much demand but if anyone gonna do it please merge it with VPN implementation of overlay tunnel like I described above, then such yggdrasil client becomes a bit less useless on iOS and will actually find its narrow audience (ppl who want to have better VPN or bypass censorship).

[iShift]

... recently TailScale released on Apple TV and it looks like it is allowed to be launched 24/7 (as a background service) would be nice to have the same for Yggdrasil

[davay42]

I use yggdrasil to connect to my home server and it would be amazing to be able to open it via RPD from my iPhone or iPad. I've had the the testflght ygg installed, but it seems to have been expired.