App proxy provider
Implement a VPN client for a flow-oriented, custom VPN protocol.
Overview
A virtual private network (VPN) is a form of network tunnel where a VPN client uses the public internet to create a connection to a VPN server and then passes private network traffic over that connection. If you want to build a VPN client that implements a flow-oriented, custom VPN protocol—one that works with the data passing through a transmission control protocol (TCP) connection rather than the packets used to transport that data—create an app proxy provider app extension.
When the system starts a VPN configuration that uses your app proxy provider, it performs the following steps:
Launches your app extension.
Instantiates your proxy provider subclass within that app extension.
Starts forwarding flows to your provider.
Each flow represents either a TCP connection or a conversation over user datagram protocol (UDP). Your provider should to open a tunnel to a VPN server and forward each flow over that tunnel. Similarly, if your provider receives flow data from the tunnel, it should pass that back to the system through the appropriate flow.
App proxy providers are one form of per-app VPN, the other being a Packet tunnel provider in source application mode.
For detailed information about app proxy provider deployment options, see TN3134: Network Extension provider deployment.
Topics
Essentials
App proxy provider
Flow handling
NEAppProxyTCPFlowNEAppProxyUDPFlowNEAppProxyFlowNEFlowMetaDataIn-Provider NetworkingHandling Flow Copying
VPN configuration
NEAppProxyProviderManagerNETunnelProviderManagerNEVPNManagerNETunnelProviderProtocolNEAppRuleVPN On Demand Rules