iOS 9 SimpleTunnel sample - Starting a new tunnel - ssl

I am trying hard to follow the example of SimpleTunnel given by Apple.
I try to track how they make the customized call.
However I cannot link the relationship between the connect button action with starting a new tunnel.
I tried to track it with PacketTunnelProvider but without success.
I know they are override classes. I cannot find the point where the whole VPN connection starts.
My goal is to create a SSL VPN tunnel.

After asking Apple and a few trial and error, I can finally trigger the extension part.
Prerequisite: (Network Extension permission)
Add a new target -> Packet Tunnel Provider
Trigger the extension by
NEVPNConnection *conn = [manager connection];
NSError *connError;
[conn startVPNTunnelWithOptions:settingsDict andReturnError:&connError];
Debug with the following steps
(1) Build & run the app
(2) Stop the app
(3) Debug > attach to process by PID or name > Enter "PacketTunnel"
(4) Start the app from your iPhone screen and you can debug for the extension
Hope the small steps I experienced can help the others to start.
However, there are more upcoming questions and I need to check!

The sample application and Packet Tunnel provider runs as a separate process. sample application is called as container app and the packet tunnel provider runs as app extension. These two components uses IPC for communication.
In sample application whenever connect toggle button is enabled startVPNTunnel() API will be called and the OS starts the packet tunnel provider which in turn calls your overrided method startTunnelWithOptions(). So this is where you start your connection to the VPN server.
To answer your question link the connect action to a method that invokes startVPNTunnel() which in turn triggers packet tunnel provider. You cannot directly invoke start packet tunnel provider without the container application.
Same gets applied to stop your VPN tunnel
Hope this answer helps you

if you are asking about the connect / enable buttons inside the SimpleTunnel app, then startVPNTunnel() is the call used in startStopToggled() method of StatusViewController.swift file
if you are asking about how the extension handles vpn connection start (after configuration is done), then OS network system calls startTunnelWithOptions() in PacketTunnelProvider.swift depending on how the tunnel is configured. for eg: of on-demand is enabled for this tunnel, OS will try to setup/start the tunnel whenever there is network activity. if not, OS will try to start tunnel, when you go to Settings|VPN and try to switch ON the config. This is similar to the iOS8 personal vpn connection stuff.

Related

Using 'connmanctl config' to set static IP without wired connection

I am currently using 'connmanctl config' to set static and DHCP settings with a wired connection. I'm curious if anyone has been successful with applying settings with the wire unplugged?
I would typically use 'connmanctl services' for a list of services then perform a string.match(blah, "ethernet_%w+_cable") to use that wired service name. I have been able to find and apply that service name with the ethernet cable unplugged BUT now when using 'connmanctl config':
connmanctl config ethernet_f8dc7a04ea82_cable --ipv4 manual 192.168.91.108 255.255.255.0 192.168.91.1 --nameservers 8.8.8.8
I get this error:
Error ethernet_f8dc7a04ea82_cable: Method "SetProperty" with signature "sv" on interface "net.connman.Service" doesn't exist
As you can see I have the service applied to the command and this is the same service name as when the cable is plugged in. This feature would be nice for equipment that needs to be pre-programmed before reaching the customer. I have also researched this error but can't find it being an issue with others the same as it is with my situation. Have also read many blogs, articles, etc...on trying to achieve this with nothing that jumps out at me.
...Any ideas ?
I had to perform this action via back-end with the code that I am using to configure. Just an example...settings are applied to /var/lib/connman/ethernet_?????cable/settings. I created the adapter name with the MAC address because it does not exist until the network is detected, created the directory /ethernet?????_cable then created an empty settings file on the fly. When programming and saving the settings via the equipment I am using I just insert the settings manually. When a network cable is plugged in and detected the settings you have applied work wonderfully.

Mac OS X XPC as IPC between two applications

I have a windowed application and windowless helper, sitting inside the app bundle, and working as login item. App can start and stop the helper, everything woks there. The problem is that I need to create some bidirectional communication channel between them. And it should work in both sandboxed and not sandboxed versions, desirably in OS X 10.7+.
I've investigated the topic and find that XPC can provide peer-to-per connection. I've read related Apple docs, as well as few topics below:
Is possible to use Mac OS X XPC like IPC to exchange messages between processes? How?
Communicate with another app using XPC
http://afewguyscoding.com/2012/07/ipc-easy-introducing-xpc-nsxpcconnection/
https://www.objc.io/issues/14-mac/xpc/
But I can't find any description of how should I organize my XCode project. I have two targets: "Main App" and "Helper App". Now I need to add the third one, taking XPC Service, as a template. OK, but what to do next? Where this XPC bundle should be located to be available for both applications? Note, that helper sits in the main app bundle, as it's a login item. So, I need some clear instruction or just a XCode project sample.
Thanks,
Alex
Alright for anyone that has been struggling with this, I was finally able to 100% get communication working between two application processes, using NSXPCConnection
The key to note is that you can only create an NSXPCConnection to three things.
An XPCService. You can connect to an XPCService strictly through
a name
A Mach Service. You can also connect to a Mach Service
strictly through a name
An NSXPCEndpoint. This is what we're
looking for, to communicate between two application processes.
The problem being that we can't directly transfer an NSXPCEndpoint from one application to another.
It involved creating a machservice Launch Agent (See this example for how to do that) that held an NSXPCEndpoint property. One application can connect to the machservice, and set that property to it's own [NSXPCListener anonymousListener].endpoint
Then the other application can connect to the machservice, and ask for that endpoint.
Then using that endpoint, an NSXPCConnection can be created, which successfully established a bridge between the two applications. I have tested sending objects back and forth, and it all works as expected.
Note that if your application is sandboxed, you will have to create an XPCService, as a middle man between your Application and the Machservice
I'm pretty pumped that I got this working-- I'm fairly active in SO, so if anybody is interested in source code, just add a comment and I can go through the effort to post more details
Some hurdles I came across:
You have to launch your machservice, these are the lines:
OSStatus err;
AuthorizationExternalForm extForm;
err = AuthorizationCreate(NULL, NULL, 0, &self->_authRef);
if (err == errAuthorizationSuccess) {
NSLog(#"SUCCESS AUTHORIZING DAEMON");
}
assert(err == errAuthorizationSuccess);
Boolean success;
CFErrorRef error;
success = SMJobBless(
kSMDomainSystemLaunchd,
CFSTR("DAEMON IDENTIFIER HERE"),
self->_authRef,
&error
);
Also, every time you rebuild your daemon, you have to unload the previous launch agent, with these bash commands:
sudo launchctl unload /Library/LaunchDaemons/com.example.apple-samplecode.EBAS.HelperTool.plist
sudo rm /Library/LaunchDaemons/com.example.apple-samplecode.EBAS.HelperTool.plist
sudo rm /Library/PrivilegedHelperTools/com.example.apple-samplecode.EBAS.HelperTool
(With your corresponding identifiers, of course)

Simulate Access disable feature in Worklight , when worklight server itself is down.

I am trying show end users maintainence window such as "we are down please try later" and disable the application but my problem is what if my worklight server itself is down and not reachable and i cannot use the feature provided by worklight console,
Is there a way i make my app talk to a different server which returns back the below json data when a app is disabled , can i simulate this behaviour is this possible.
json recieved on access disabled in worklight :-
/*-secure-
{"WL-Authentication-Failure":{"wl_remoteDisableRealm":{"message”:”We are down, Please try again soon","downloadLink":null,"messageType":"BLOCK"}}}*/
I have some conceptual problems with this question.
Typically a production environment (simplified) would not consist of a single server serving your end-users... meaning, there would be a cluster of nodes, each node being a Worklight Server, and this cluster would be behind a load balancer that would direct the incoming requests. And so in a situation where a node is down for maintenance like in your scenario there would still be more servers able to serve - there would be no down time.
And thus at this point your suggestion to simulate a Remote Disable by sending it from another(?) Worklight Server seems not so much the correct path to take (it may even be simply wrong). Have you had this second Worklight Server, why wouldn't it just serve the apps business like usual? See again my first paragraph about clustering.
Now lets assume there is still a downtime, that affects all servers. The application's client logic should be able to handle failed connections to the Worklight Server. In such a case you should handle this in the WL.Client.connect()'s onFailure callback function to display a WL.SimpleDialog that looks just like a Remote Disable's dialog... or perhaps via the initOption.js's onConnectionFailure callback.
Bottom line: you cannot simulate the JSON that is sent back for the wl_RemoteDisable realm; it is part of a larger security mechanism.
Additionally though, perhaps a way to better handle maintenance mode on your server is to have the HTTP server return a specific HTTP status code, check for this code and display a proper message based on the returned HTTP status code.
To check for this code in a simple example:
Note: the getStatus method is available starting MobileFirst Platform Foundation 7.0 (formerly "Worklight").
function wlCommonInit(){
WL.Client.connect({onSuccess:success, onFailure:failure});
}
function success(response) {
// ...
}
function failure(response) {
if (response.getStatus() == "503") {
// site is down for maintenance - display a proper message.
} else if ...
}

OpenGTS platform

I have been currently working with OpenGTS platform, I would like to help me with something.
I want to connect a GPS to the platform is the "GPS TRACKER 103ab" this GPS works under the protocol "TK-103". To see if they could help me connect this device to the platform. I followed the documentation to activate the devicenter code heree through SMS to my cell with commands like:
Begin123456 = to start the device.
IMEI123456 = so that the device will return the 15 digits.
adminip123456 109.0.0.9 = 8080 to set the ip + port that I am using.
The problem is that still can not get connect with the platform, help me.
Facts:
Opengts
GPS TRACKER 103ab
Protocol "TK-103"
You can use Traccar GPS server to receive data from your device and integrate it with OpenGTS if you want to access the data from OpenGTS web interface. Traccar supports more communication protocols than OpenGTS.
The correct command to set ADMINIP is :
adminip123456 [xxx.xxx.xxx.xxx] [xxxx]
where the first field is the IP address of your server, must be an address public and accessible from the outside.
and the second field (note that they are only separated by a space) is the port where the server expects the connection , the default is 31272 for tk10x protocol. NEVER 8080 , this is the port where Tomcat listens.
After setting the ' adminp ' , use the command:
fix001m***123456
to start position reports every minute.
it is also necessary to set the APN,APNuser,APNpassword from the mobile service provider's of the device.
use the commands:
apn123456 datos.personal.com
apnuser123456 gprs
apnpasswd123456 gprs
(This is an example using the appropriate data to the service provider's Personal.ar)

WCF with SSL- not finding localhost

I'm trying to get WCF to use SSL with ANYTHING for FIVE DAYS now. I've gone through countless walkthroughs, generated more certificates than a mail order diploma company, even tried hot fixes. After working with MS dev tools since VB1, I am now considering flipping burgers as a career option. WCF, as far as I can see, is a complete lemon.
Anyway, to get to my actual question: If I run through this walkthrough:
http://msdn.microsoft.com/en-us/library/ff648840.aspx
I get to step 11 (adding the service reference) and get "There was an error downloading metadata from the address. Please verify that you have entered a valid address".
Details of the error gives: There was an error downloading 'https://localhost/SSL6/Service.svc'.
Unable to connect to the remote server
No connection could be made because the target machine actively refused it 127.0.0.1:443
I'm using VS2008 on Windows 7 with IIS7. I followed the walkthrough exactly (apart from step 5 which was different on IIS7- I went into "SSL Settings" for the VD), so it shows my config (yes I've used httpsGetEnabled and mexHttpsBinding).
Anyone care to save my sanity and job?
EDIT: If I go into IIS, select the VD in content view, right-click on the svc file and browse, I get "Internet Explorer cannot display the webpage". Chrome gives "Google Chrome could not connect to localhost".
IE troubleshooting gives "the remote device or resource won't accept the connection".
If I browse using the IP address rather than using localhost via http, it says that it's secured with https ok. If I browse using the IP and https, I get HTTP error 503. The service is unavailable.
So it looks to me like a DNS issue combined with... something.
When I try to just run the service site project, I get "Unable to start debugging on the web server. Unable to connect to the web server. Verify that the web server is running and that incoming HTTP requests are not blocked by a firewall". I've checked the firewall and it's ok.
Finally cracked it. There were at least three issues at play.
1) A DNS issue of some kind with localhost. It's still unresolved on my machine, but I can work around it by using the IP addy.
2) Another issue may have been that apparently, WCF doesn't work with IIS 7 OOTB. So you need to run command prompt as administrator, and run the following command -
"%windir%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\ServiceModelReg.exe" -r -y
3) After I got through the certificate stuff I was still getting HTTP error 503, "Service unavailable". That ended up being leftovers from my previous attempts, still listening to ports:
http://blogs.msdn.com/webtopics/archive/2010/02/17/a-not-so-common-root-cause-for-503-service-unavailable.aspx
So to get a hello world level service happening with WCF and SSL took me a whole week, and in my travels I discovered many pilgrims who had taken about the same amount of time. Microsoft: You have failed.
Are you using IIS or self hosting? If you're using IIS, it sounds like it's incorrectly configured, because it seems it's not accepting connections on port 443; I guess you're probably missing a protocol binding (https to port 443). There's a detailed discussion of setting up SSL on IIS7 here that might be useful.
Of course, you could easily verify this using the browser, you should be able to connect to the site using SSL from it.
When I have had this error occur, I have found it very useful to run the service from Visual Studio to get additional information. Right-click on the service, and then select Debug -> Start New Instance from the pop-up menu. VS will launch the service using the WcfTestClient.exe.
WcfTestClient will display all the services and endpoints in your service project. A healthy launch will list your services in the a panel on the left, and provide a Start Page tab in a panel on the right. What will happen in your case, however, is that you'll get a list of services in a panel on the top and an "Additional Information" box along the bottom. Your problem service(s) will have a Status of Error.
Click on a problem service in the upper panel, and the Additional Information box will fill with an error message and stack trace. The message will tell you exactly what that problem mex (metadata exchange) address is. That may be enough of a hint for you to solve the problem. If not, post the Additional Information here and I'll be happy to take a look at it.