Swift - Connect to vpn using NEVPNManager

Question

I get .ovpn file from Android and I have username and password and I should connect to vpn server but I am not sure how to do it. I tried something like this:

let manager = NEVPNManager.sharedManager()
manager.loadFromPreferencesWithCompletionHandler { (error) -> Void in
  if manager.`protocol`  == nil {
    let newIPSec = NEVPNProtocolIKEv2()
    newIPSec.serverAddress = "xxx.xxx.xxx.xxx"
    newIPSec.username = "username"
    let keychain = Keychain(service: "com.app.ios")
    let data = keychain[data: "vpnpassword"]
    newIPSec.passwordReference = data
    newIPSec.authenticationMethod = NEVPNIKEAuthenticationMethod.None
    newIPSec.disconnectOnSleep = false

    manager.`protocol` = newIPSec
    manager.enabled = true

    manager.saveToPreferencesWithCompletionHandler({ (error) -> Void in
      print(error)
    })
  }
}

I don't know how to add certificate (between <ca> in .ovpn) info and how to set it. File .ovpn looks like this (I just remove data in <ca> tag and change server address:

client
dev tun
proto udp
remote xx.xx.xx.xx 443
resolv-retry infinite
nobind
persist-key
persist-tun
verb 3

<auth-user-pass>
#username#
#userpass#
</auth-user-pass>

cipher AES-256-CBC
<ca>
-----BEGIN CERTIFICATE-----
xxx
-----END CERTIFICATE-----
</ca> 

Thanks for any help

Answer 1

This is a bit late but you gotta understand that these are two completely different things.

NetworkExtension API as of writing this answer (I have iOS 9.3.4) supports two protocols: - IPSec using IKEv1 - AEP and Certificates (IKEv2)

Your server is an OpenVPN server. There's currently no API for OpenVVPN (if you came upon any, please tell me). So the first question, does your VPN Server support IKEv1 or v2?

There's the client OpenVPN-connect for iOS, but it is propriatery and closed source. You are still able to call it from inside your app and it will pop up to the user, something like the following: ```swift func actConnectButtonPressed(sender: AnyObject) { let app:UIApplication = UIApplication.sharedApplication()

    let alert = UIAlertController(title: "Warning", message: "OpenVPN Connect needs to be installed to process .ovpn configuration files on your device. Go to OpenVPN Connect page in AppStore?", preferredStyle: UIAlertControllerStyle.Alert)

    alert.addAction(UIAlertAction(title: "Yes", style: .Default, handler: { (action: UIAlertAction!) in
        app.openURL(NSURL(string: "https://itunes.apple.com/app/id590379981?mt=8")!)
    }))

    alert.addAction(UIAlertAction(title: "No", style: .Default, handler: { (action: UIAlertAction!) in
        let server:Server = self.api.findServerByName(self.settings.loadValue(SettingsController.keyServerName, defValue: "") as! String)!
        let protocolPort:Int = self.settings.loadValue(SettingsController.keyProtocolPort, defValue: 0) as! Int
        app.openURL(NSURL(string: self.api.getOvpnConfigURL(server, proto: self.protocolAndPorts[protocolPort]))!)
    }))
    presentViewController(alert, animated: true, completion: nil)

}

```

This example is from safejump client. Have a look here https://github.com/proxysh/Safejumper-for-iOS

I myself am still trying to get the IPSec client running programmatically on iOS, and here's what I've learnt - It is recommended to use the shared key method instead of None - The shared key also has to be saved in the key chain - If you use the shared key, then also enable the ExtendedAuthentication - Make sure to save the configurations before initiating the connection

Hope this helps

Answer 2

You are using NEVPNProtocolIKEv2 to connect to an openVPN server. Personal VPN supports only ipsec with ike v1 and v2 (AEP and certificate auth)