I'm implementing a custom VPN by using iOS9 NetworkExtension framework. The VPN connection has established between my iPhone and the VPN server. But my iPhone still can't access Internet.
I did the following steps:
Reading IP packets from TUN, and sent it to VPN server using UDP:
- (void)startReadingTunPackets{ [self.packetFlow readPacketsWithCompletionHandler:^(NSArray<NSData*> *packets, NSArray<NSNumber*> *protocols) { for(NSData *data in packets){ [self.UpdSession writeDatagram:data completionHandler:^(NSError * error){
}]; } [self startReadingTunPackets]; }];The VPN server received the UDP data, decoded them to IP packet (eg. a TCP SYN packet) and changed its source address to the VPN server's address. Send the fake SYN packet to remote site.
- The remote site responded a TCP SYN/ACK packet to the VPN server.
The VPN server modified the SYN/ACK packet's destination address to iPhone's TUN address(eg. 10.0.1.100), sent it to iPhone.
iPhone used the following code to receive UDP data that contains SYN/ACK packet and sent them to TUN:
[udpSession setReadHandler:^(NSArray<NSData *> * datagrams, NSError * error) { for(NSData *data in datagrams){ NSArray *packet = [[NSArray alloc] initWithObjects:data,nil]; NSArray *protocols = [[NSArray alloc] initWithObjects:@(AF_INET),nil]; //Write to TUN BOOL r = [self.packetFlow writePackets:packet withProtocols:protocols]; }} maxDatagrams:4096];
I thought an ACK packet can be read from TUN in order to complete 'three-way handshake'. But this never happened. Instead, a SYN packet was read from TUN, like TUN has never received the SYN/ACK packet, which as I described in step 5.
I guess something might went wrong with the packet format in step 5. Should it to be a complete ip packet or just payload? Or should I not modify the SYN/ACK's destination address in step 4?
Aucun commentaire:
Enregistrer un commentaire