Support native IKE providers (IPSec/IKEv2)

.jazzy.yaml

@@ -56,6 +56,9 @@ custom_categories:
         - NetworkExtensionVPNConfiguration
         - NetworkExtensionVPNProvider
         - MockVPNProvider
+    - name: Protocols/Native
+      children:
+        - NativeProvider
     - name: Protocols/OpenVPN
       children:
         - OpenVPN

CHANGELOG.md

@@ -7,6 +7,10 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## Unreleased
 
+### Added
+
+- Support for IPSec/IKEv2 providers.
+
 ### Changed
 
 - Avoid caching PEMs on disk (roop). [#213](https://github.com/passepartoutvpn/tunnelkit/pull/213)

README.md

@@ -5,7 +5,7 @@
 
 # TunnelKit
 
-This library provides a simplified Swift/Obj-C implementation of the OpenVPN® protocol for the Apple platforms. The crypto layer is built on top of [OpenSSL 1.1.1][dep-openssl], which in turn enables support for a certain range of encryption and digest algorithms.
+This library provides a generic framework for VPN development and a simplified Swift/Obj-C implementation of the OpenVPN® protocol for the Apple platforms. The crypto layer is built on top of [OpenSSL 1.1.1][dep-openssl], which in turn enables support for a certain range of encryption and digest algorithms.
 
 ## Getting started
 
@@ -161,15 +161,19 @@ Provides a layer on top of the NetworkExtension framework. Most importantly, bri
 This subspec includes convenient classes to control the VPN tunnel from your app without the NetworkExtension headaches. Have a look at `VPNProvider` implementations:
 
 - `MockVPNProvider` (default, useful to test on simulator)
-- `OpenVPNProvider`
+- `NetworkExtensionVPNProvider` (for IPSec/IKEv2)
+
+### Protocols/Native
+
+Here you find `NativeProvider`, a generic way to manage a VPN profile based on the native IPSec/IKEv2 protocols. Just wrap a `NEVPNProtocolIPSec` or `NEVPNProtocolIKEv2` object in a `NetworkExtensionVPNConfiguration` and use it to install or connect to the VPN.
 
 ### Protocols/OpenVPN
 
-Here you will find the low-level entities on top of which an OpenVPN connection is established. Code is mixed Swift and Obj-C, most of it is not exposed to consumers. The module depends on OpenSSL.
+Here are the low-level entities on top of which an OpenVPN connection is established. Code is mixed Swift and Obj-C, most of it is not exposed to consumers. The module depends on OpenSSL.
 
 The entry point is the `OpenVPNSession` class. The networking layer is fully abstract and delegated externally with the use of opaque `IOInterface` (`LinkInterface` and `TunnelInterface`) and `OpenVPNSessionDelegate` protocols.
 
-Another goal of this module is packaging up a black box implementation of a [NEPacketTunnelProvider][ne-ptp], which is the essential part of a Packet Tunnel Provider app extension. You will find the main implementation in the `OpenVPNTunnelProvider` class.
+Another goal of this module is packaging up a black box implementation of a [NEPacketTunnelProvider][ne-ptp], which is the essential part of a Packet Tunnel Provider app extension. You will find the main implementation in the `OpenVPNTunnelProvider` class. On the client side, you manage the VPN profile with the `OpenVPNProvider` class, which is a specific implementation of `NetworkExtensionVPNProvider`.
 
 A debug log snapshot is optionally maintained and shared by the tunnel provider to host apps via the App Group container.
 

TunnelKit.podspec

@@ -38,9 +38,17 @@ Pod::Spec.new do |s|
         p.frameworks            = "NetworkExtension"
 
         p.dependency "SwiftyBeaver"
+        p.dependency "TunnelKit/Core"
     end
 
     s.subspec "Protocols" do |t|
+        t.subspec "Native" do |p|
+            p.source_files          = "TunnelKit/Sources/Protocols/Native/**/*.swift"
+            p.pod_target_xcconfig   = { "SWIFT_INCLUDE_PATHS" => "${PODS_TARGET_SRCROOT}/TunnelKit/Sources/Protocols/Native" }
+
+            p.dependency "TunnelKit/Manager"
+        end
+
         t.subspec "OpenVPN" do |p|
             p.source_files          = "TunnelKit/Sources/Protocols/OpenVPN/**/*.{h,m,swift}"
             p.private_header_files  = "TunnelKit/Sources/Protocols/OpenVPN/**/*.h"
@@ -50,7 +58,6 @@ Pod::Spec.new do |s|
                                         "APPLICATION_EXTENSION_API_ONLY" => "YES" }
 
             p.dependency "OpenSSL-Apple", "~> 1.1.1l.11"
-            p.dependency "TunnelKit/Core"
             p.dependency "TunnelKit/AppExtension"
             p.dependency "TunnelKit/Manager"
         end

TunnelKit.xcodeproj/project.pbxproj

@@ -214,6 +214,8 @@
 		0ECAF84B246697DA00D8266A /* TunnelKit.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 0E17D7F91F730D9F009EE129 /* TunnelKit.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
 		0ECC60D82254981A0020BEAC /* ConfigurationError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECC60D72254981A0020BEAC /* ConfigurationError.swift */; };
 		0ECC60D92254981A0020BEAC /* ConfigurationError.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECC60D72254981A0020BEAC /* ConfigurationError.swift */; };
+		0ECCEA7F2622F2F00007DA28 /* NativeProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */; };
+		0ECCEA802622F2F00007DA28 /* NativeProvider.swift in Sources */ = {isa = PBXBuildFile; fileRef = 0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */; };
 		0ECEB1152252C8E900E9E551 /* tunnelbear.enc.8.ovpn in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEB1132252C8E900E9E551 /* tunnelbear.enc.8.ovpn */; };
 		0ECEB1162252C8E900E9E551 /* tunnelbear.enc.8.ovpn in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEB1132252C8E900E9E551 /* tunnelbear.enc.8.ovpn */; };
 		0ECEB1172252C8E900E9E551 /* tunnelbear.enc.8.key in Resources */ = {isa = PBXBuildFile; fileRef = 0ECEB1142252C8E900E9E551 /* tunnelbear.enc.8.key */; };
@@ -591,6 +593,7 @@
 		0EAC57362494277A00D0FCE0 /* VPN.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = VPN.swift; sourceTree = "<group>"; };
 		0EB03E0E2290CF52006D03A0 /* module.modulemap */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = "sourcecode.module-map"; path = module.modulemap; sourceTree = "<group>"; };
 		0ECC60D72254981A0020BEAC /* ConfigurationError.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ConfigurationError.swift; sourceTree = "<group>"; };
+		0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NativeProvider.swift; sourceTree = "<group>"; };
 		0ECEB1132252C8E900E9E551 /* tunnelbear.enc.8.ovpn */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.enc.8.ovpn; sourceTree = "<group>"; };
 		0ECEB1142252C8E900E9E551 /* tunnelbear.enc.8.key */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.enc.8.key; sourceTree = "<group>"; };
 		0ECEB11A2252CDAD00E9E551 /* tunnelbear.crt */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; path = tunnelbear.crt; sourceTree = "<group>"; };
@@ -938,6 +941,7 @@
 		0E23B3E022982AF800304C30 /* Protocols */ = {
 			isa = PBXGroup;
 			children = (
+				0ECCEA7D2622F2D30007DA28 /* Native */,
 				0E23B3E122982AF800304C30 /* OpenVPN */,
 			);
 			path = Protocols;
@@ -1057,6 +1061,14 @@
 			path = Manager;
 			sourceTree = "<group>";
 		};
+		0ECCEA7D2622F2D30007DA28 /* Native */ = {
+			isa = PBXGroup;
+			children = (
+				0ECCEA7E2622F2F00007DA28 /* NativeProvider.swift */,
+			);
+			path = Native;
+			sourceTree = "<group>";
+		};
 		0EE2F9DD22918DA100F56F49 /* AppExtension */ = {
 			isa = PBXGroup;
 			children = (
@@ -2056,6 +2068,7 @@
 				0E23B48522982AF800304C30 /* ReplayProtector.m in Sources */,
 				0E7F3F6A246ABA0F006BE77F /* IPHeader.swift in Sources */,
 				0E23B44122982AF800304C30 /* OpenVPNSession+PIA.swift in Sources */,
+				0ECCEA7F2622F2F00007DA28 /* NativeProvider.swift in Sources */,
 				0E23B42D22982AF800304C30 /* ControlChannelSerializer.swift in Sources */,
 				0EE2F9F622918DA100F56F49 /* NEUDPSocket.swift in Sources */,
 				0E94E8EA25BACEBD0040BC30 /* DNSProtocol.swift in Sources */,
@@ -2150,6 +2163,7 @@
 				0E23B48622982AF800304C30 /* ReplayProtector.m in Sources */,
 				0E7F3F6B246ABA0F006BE77F /* IPHeader.swift in Sources */,
 				0E23B44222982AF800304C30 /* OpenVPNSession+PIA.swift in Sources */,
+				0ECCEA802622F2F00007DA28 /* NativeProvider.swift in Sources */,
 				0E23B42E22982AF800304C30 /* ControlChannelSerializer.swift in Sources */,
 				0EE2F9F722918DA100F56F49 /* NEUDPSocket.swift in Sources */,
 				0E94E8EB25BACEBD0040BC30 /* DNSProtocol.swift in Sources */,