问题
I am making a VPN connection that requires the certificate to authentication.
The code below is how i set the configuration that VPN requires. The parameter identityData is where i put my certificate as Data.
func setupVPN(){
guard let vpnManager = NEVPNManager.shared() else { return }
vpnManager.loadFromPreferences { error in
var hasProtocolConfig = false;
if #available(iOS 9, *) {
hasProtocolConfig = self.vpnManager.protocolConfiguration != nil
} else {
hasProtocolConfig = self.vpnManager.`protocol` != nil
}
if hasProtocolConfig == true {
let p = NEVPNProtocolIKEv2()
// All preferences here
if let vpnData = self.vpnData {
p.serverAddress = vpnData.getePDGAddress() // "X.X.X.X"
p.localIdentifier = vpnData.getlocalIdentifier() // "XXXYYYZZWWWWWWWWWW@pppp.ppp.pppppp.pppppp.ppppppppppp.org"
p.remoteIdentifier = vpnData.getAPN() // "gggggg.uuuuuuuuuuu"
p.identityData = vpnData.getUserCertificateData() // User Certificate as Data
}
p.ikeSecurityAssociationParameters.integrityAlgorithm = NEVPNIKEv2IntegrityAlgorithm.SHA256
p.ikeSecurityAssociationParameters.encryptionAlgorithm = NEVPNIKEv2EncryptionAlgorithm.algorithmAES128
p.ikeSecurityAssociationParameters.diffieHellmanGroup = NEVPNIKEv2DiffieHellmanGroup.group14
p.serverCertificateIssuerCommonName = "TEST SubCA"
p.serverCertificateCommonName = "TEST SubCA"
p.authenticationMethod = NEVPNIKEAuthenticationMethod.certificate
if #available(iOS 9, *) {
self.vpnManager.protocolConfiguration = p
} else {
self.vpnManager.`protocol` = p
}
self.vpnManager.isEnabled = true
self.vpnManager.saveToPreferences { error in
if let e = error{
print("[VPN] error saving: " + e.localizedDescription)
} else {
print("[VPN] vpn saved")
Timer.scheduledTimer(timeInterval: 5, target: self, selector: #selector(self.connectVPN), userInfo: nil, repeats: false)
}
return
}
}
}
}
One example of that certificate encoded in base 64:
MIIFqTCCA5GgAwIBAgIQKLf5dlFRabt3cAe9ax2kXjANBgkqhkiG9w0BAQsFADBgMRwwGgYDVQQDDBNURVNUIFZGQ1ogRVBDIFN1Yk ... wdWJsaWMgYS5zLjELMAkGA1UEBhMCQ1owggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDNgTmc6uQ9Md
And then the parse to Data is done that way:
CaCertificateData = Data(base64Encoded: "Base64StringEncoded_Here")
When all set, i start the VPN tunnel that way:
do {
try vpnManager.connection.startVPNTunnel()
} catch let error {
print("Error starting VPN Connection \(error.localizedDescription)");
}
I can see the status of VPN and VPN starts Connecting and then becomes Disconnected. The 3 algorithm that we can see above are correct.
Someone can notice what i am doing wrong? I have some .pcap files from some different tests I have made. In all .pcap files I don't send the message "Client Hello" that is required. I think the problem is with certificate.
回答1:
you can use .ovpn files. You can easily integrate certificates inside ovpn file. Look this article https://medium.com/better-programming/how-to-build-an-openvpn-client-on-ios-c8f927c11e80
来源:https://stackoverflow.com/questions/47032511/connect-to-a-vpn-with-certificate-ios-swift