• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Network Service Configuration - SystemConfiguration
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Network Service Configuration - SystemConfiguration

  • Subject: Re: Network Service Configuration - SystemConfiguration
  • From: Robert Davis <email@hidden>
  • Date: Tue, 30 Apr 2013 14:54:08 +0000
  • Thread-topic: Network Service Configuration - SystemConfiguration
Allan,

That is great information.  Thank you.  I failed to mention where it was failing but you picked it right up.  It fails when i try to save the configuration.  I will take your advice here and test it out.  Thank you very much and ill let you know if it works!

TYVM

RD

On Apr 30, 2013, at 9:01 AM, Allan Nathanson <email@hidden>
 wrote:


On Apr 29, 2013, at 6:25 PM, Robert Davis <email@hidden> wrote:

Hello,

I am trying to programmatically configure a VPN in OSX 10.8.3.  I have been able to create the the ipv4 interface and the ipsec interface but cannot figure out how to apply the configuration or if i am doing it right.

What specifically "is" and "is not" working?

Not many sources for NetworkConfiguration and VPNs.  The ones on the internet are apparently very outdated.  MoreSCF and MoreIsBetter is no longer viable examples and are very hard to find.  Can anyone guide me to what i am doing wrong or where to find what i need?  The SYstemconfiguration and NetworkConfiguration documentation on Apple's website seems to be grossly lacking in examples and details.

Here is the pertinent code i have so far…..

Comments below.

- Allan


-(NSString *)createOSXVPNConnection:(NSString *)pcfFilename
{
  NSArray *pcfFileContents = [self readFile:pcfFilename];
  CSCOPCFINFO info = [self getPcfVpnDetails:pcfFileContents]; // My own struct in another file...

  NSString *vpnServiceName = [[pcfFilename lastPathComponent] stringByDeletingPathExtension];
  NSString *vpnDescription = @"";
  NSString *vpnGWAddress = @"";
  NSString *vpnGrpName =@"";
  NSString *vpnGrpPwd = @"";
  NSString *vpnUsrName = @"";
  NSString *vpnUsrPwd = @"";
  
  int szLen = 0;
  szLen = (int)strlen(info.vpnDescription);
  if( szLen != 0 )
    vpnDescription = [NSString stringWithUTF8String:info.vpnDescription];
  
  szLen = 0;
  szLen = (int)strlen(info.vpnGatewayAddress);
  if( szLen != 0)
    vpnGWAddress = [NSString stringWithUTF8String:info.vpnGatewayAddress];
  
  szLen = 0;
  szLen = (int)strlen(info.vpnGroupUsername);
  if( szLen != 0)
    vpnGrpName = [NSString stringWithUTF8String:info.vpnGroupUsername];
  
  szLen = 0;
  szLen = (int)strlen(info.vpnGroupPasswordPlain);
  if( szLen != 0)
    vpnGrpPwd = [NSString stringWithUTF8String:info.vpnGroupPasswordPlain];
  
  szLen = 0;
  szLen = (int)strlen(info.vpnUsername);
  if( szLen != 0)
    vpnUsrName = [NSString stringWithUTF8String:info.vpnUsername];
  
  szLen = 0;
  szLen = (int)strlen(info.vpnPasswordPlain);
  if( szLen != 0)
    vpnUsrPwd = [NSString stringWithUTF8String:info.vpnPasswordPlain];
  
  // Authority
  AuthorizationRef auth = NULL;
  AuthorizationFlags rootFlags =
  kAuthorizationFlagDefaults              |
  kAuthorizationFlagExtendRights          |
  kAuthorizationFlagInteractionAllowed    |
  kAuthorizationFlagPreAuthorize;
  
  AuthorizationCreate(NULL, kAuthorizationEmptyEnvironment,
                      rootFlags, &auth);

  
  //SCPreferencesRef prefs = SCPreferencesCreate(NULL,(__bridge CFStringRef)vpnServiceName, NULL);
  SCPreferencesRef prefs = SCPreferencesCreateWithAuthorization(NULL,CFSTR("CSCOVPNCFG"), NULL, auth);
  SCPreferencesLock(prefs, TRUE);
  
  SCNetworkInterfaceRef ipsecIfRef = SCNetworkInterfaceCreateWithInterface (kSCNetworkInterfaceIPv4,   kSCNetworkInterfaceTypeIPSec);
  SCNetworkInterfaceRef netIfRef = SCNetworkInterfaceGetInterface( ipsecIfRef );

Possibly not relevant but you to not appear to be using "netIfRef".

  SCNetworkServiceRef vpnSrvcRef = SCNetworkServiceCreate(prefs, ipsecIfRef);
  SCNetworkServiceSetName(vpnSrvcRef, (__bridge CFStringRef)vpnServiceName);
  
  CFStringRef keysIPSec[9]  = { NULL, NULL, NULL ,NULL, NULL, NULL ,NULL, NULL, NULL };
  CFStringRef valsIPSec[9]  = { NULL, NULL, NULL ,NULL, NULL, NULL ,NULL, NULL, NULL };
  CFIndex numkeys       = 0;
  
  keysIPSec[numkeys]    = kSCPropNetIPSecAuthenticationMethod;
  valsIPSec[numkeys++]  = kSCValNetIPSecAuthenticationMethodSharedSecret;
  
  keysIPSec[numkeys]    = kSCPropNetIPSecLocalIdentifier;
  valsIPSec[numkeys++]  = (__bridge CFStringRef)vpnGrpName;
  
  keysIPSec[numkeys]    = kSCPropNetIPSecLocalIdentifierType;
  valsIPSec[numkeys++]  = kSCValNetIPSecLocalIdentifierTypeKeyID;
    
  keysIPSec[numkeys]    = kSCPropNetIPSecRemoteAddress;
  valsIPSec[numkeys++]  = (__bridge CFStringRef)vpnGWAddress;

  keysIPSec[numkeys]    = kSCPropNetIPSecSharedSecret;
  valsIPSec[numkeys++]  = (__bridge CFStringRef)vpnGrpPwd;

  keysIPSec[numkeys]    = kSCPropNetIPSecSharedSecretEncryption;
  valsIPSec[numkeys++]  = kSCValNetIPSecSharedSecretEncryptionKeychain;
  
  keysIPSec[numkeys]    = kSCPropNetIPSecXAuthName;
  valsIPSec[numkeys++]  = (__bridge CFStringRef)vpnUsrName;
  
  keysIPSec[numkeys]    = kSCPropNetIPSecXAuthPassword;
  valsIPSec[numkeys++]  = (__bridge CFStringRef)vpnUsrPwd;
  
  keysIPSec[numkeys]    = kSCPropNetIPSecXAuthPasswordEncryption;
  valsIPSec[numkeys]  = kSCValNetIPSecXAuthPasswordEncryptionPrompt;
  

  CFDictionaryRef ipsecOptions
        = CFDictionaryCreate
            (NULL, (const void **)&keysIPSec,
            (const void **)&valsIPSec, numkeys,
            &kCFTypeDictionaryKeyCallBacks,
            &kCFTypeDictionaryValueCallBacks);
  
  BOOL success = SCNetworkInterfaceSetConfiguration (ipsecIfRef, ipsecOptions);

OK.  Here's one gotcha / nuance.  In order to update the configuration of an interface associated with a network service you need to start off with an interface that was acquired from that service.  In this case, you can replace the line above with the following :

CFRelease(ipsecIfRef); // don't leak the IPSec interface
ipsecIfRef = SCNetworkServiceGetInterface(vpnSrvcRef); // fetch the service's [IPSec] interface
BOOL success = SCNetworkInterfaceSetConfiguration (ipsecIfRef, ipsecOptions); // update the service's interface configuration
 
  if (SCNetworkServiceEstablishDefaultConfiguration(vpnSrvcRef))
  {
    SCNetworkSetRef set = SCNetworkSetCopyCurrent (prefs);
    BOOL setSuccess = SCNetworkSetAddService (set, vpnSrvcRef);
    
    if (set && setSuccess)
    {
      SCPreferencesCommitChanges(prefs);
      SCPreferencesApplyChanges(prefs);
      SCPreferencesSynchronize(prefs);

It would be good to check the result of your calls to SCPreferencesCommitChanges and SCPreferecesApplyChanges.  If either returns FALSE, log the value returned by SCError().

Also, the call to SCPreferencesSynchronize() is not needed.

    }
  }
  
  SCPreferencesUnlock(prefs); 
  CFStringRef srvcID = SCNetworkServiceGetServiceID (vpnSrvcRef);

Not sure what you're doing with srvcID.

  return vpnServiceName;
}

RD

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

_______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Macnetworkprog mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Network Service Configuration - SystemConfiguration (From: Robert Davis <email@hidden>)
 >Re: Network Service Configuration - SystemConfiguration (From: Allan Nathanson <email@hidden>)

  • Prev by Date: Re: Network Service Configuration - SystemConfiguration
  • Previous by thread: Re: Network Service Configuration - SystemConfiguration
  • Next by thread: a little off-topic -- getting a kernel dump
  • Index(es):
    • Date
    • Thread