Skip to content

Implement the CoderVPN NetworkExtension #2

Closed
@spikecurtis

Description

@spikecurtis

To implement the CoderVPN feature, we'll use a Network Extension PacketTunnelProvider. It extends the abstract base class NEPacketTunnelProvider. From this process, we will contact the Coder Server and download a dynamic library (dylib), written in Go using cgo for C FFI bindings (coder/coder#14734)

Image

After downloading the CoderVPN library, we should check the digital signature on it before exec’ing it. We should verify the following fields:

After verifying the digital signature, the NetworkExtension creates a pair of pipes to communicate with the CoderVPN library (via #1 ), and opens the library via dlopen. Then it starts the VPN, passing the pipes.

Over the CoderVPN Protocol it receives

  • Peer status updates, which it sends to the user application
  • Logs, which it sends to the system log via native APIs
  • Network Settings (IP and DNS config) which it uses to configure networking via setTunnelNetworkSettings()

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions