Tag: ios

Posted on

How to tunnel all traffic from your iOS device to your own server via IPSec

TL;DR: A DigitalOcean droplet, strongSwan, and a custom Configuration Profile for iOS routes all the traffic from my iPhone via my droplet. Why? Just because I can.

Note: This setup does not require you to download Apple Configurator and switch your iPhone into Supervised mode (we will create a configuration profile by hand instead, and install it on the iPhone).

Configure strongSwan by following all the instructions here

  1. Ignore the part about configuring the firewall, we’ll do this later
  2. Ensure strongswan starts on boot via chkconfig 
    chkconfig --add strongswan
chkconfig strongswan on
# Verify
chkconfig --list strongswan
  3. You don’t need to install any certificates on your iPhone/iPad/Mac as we’re using a pre-shared key (PSK) instead of a certificate based client authentication mechanism

Allow traffic to be forwarded from your server by adding the two iptables rules here

Be sure to modify the network in the two iptables commands (it should match the one specified in your strongSwan config)

Save the two rules which you’ve just added

service iptables save

Open up UDP ports 500 and 4500 for your instance if required (AWS/DigitalOcean/etc)

Adapt the following Configuration Profile for your iOS device


<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>UserDefinedName</key>
<string>MY_PROFILE_NAME</string>
<key>PayloadDisplayName</key>
<string>MY_PROFILE_NAME</string>
<key>PayloadIdentifier</key>
<string>MY_DOMAIN.vpn.always</string>
<key>PayloadUUID</key>
<string>84590314-C064-4E06-85DB-B5F6B2B7C71F</string>
<key>VPNType</key>
<string>IPSec</string>
<key>IPSec</key>
<dict>
<key>RemoteAddress</key>
<string>MY_STRONGSWAN_SERVER_IP_ADDRESS</string>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>XAuthEnabled</key>
<integer>1</integer>
<key>XAuthName</key>
<string>MY_ACCOUNT_NAME</string>
<key>XAuthPassword</key>
<string>MY_ACCOUNT_PASSWORD</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
</dict>
<key>OnDemandEnabled</key>
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Connect</string>
</dict>
</array>
<key>OverridePrimary</key>
<true/>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>VPN Configuration</string>
<key>PayloadIdentifier</key>
<string>MY_INITIALS.488B9D52-412A-458B-9701-92A5DA7CDA16</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>CF1A90EC-2A3E-4C88-B935-045C5882621D</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>

view raw

VPNProfile.xml

hosted with ❤ by GitHub

Replace the following variables with reasonable values for your setup:

MY_PROFILE_NAME                  - Only used for display purposes
MY_DOMAIN                        - Just for scoping
MY_STRONGSWAN_SERVER_IP_ADDRESS  - Your server's IPv4 address
MY_ACCOUNT_NAME                  - See /etc/strongswan/ipsec.secrets
MY_ACCOUNT_PASSWORD              - See /etc/strongswan/ipsec.secrets
MY_INITIALS                      - Your initials (eg: JP)

Once you’ve updated the content of the XML file above, rename the file to VPNConfig.mobileconfig. Then, either AirDrop it to your iPhone/iPad, or transfer it by some other means.

Since we’re using a PSK, as soon as you install the profile, it’ll prompt you for the PSK. This can again be found in /etc/strongswan/ipsec.secrets.

All done! :)

Cheers on your newly established, always on VPN tunnel between your iOS device and your server!

The Configuration Profile was inspired from Thomas’s blog post here.

Posted on

A letter to Tim Cook regarding iOS 10, with love for Apple

Tim, iOS has always been known for it’s user interface, until recently. Your new take on notifications have not only made them very loud, and unsettling, but do not flow with the entire look and feel of Apple:

No Mr. Tim, no. My notifications will not be waiting for me. They're crying out for my attention.

No Mr. Tim, no. My notifications aren’t waiting for me. They’re crying out for my attention.
 

See that white background? While you’ve done a good job of highlighting the content, it breaks continuity. There was nothing wrong to start with. The way notifications used to render on my iPhone was simply perfect! The content did not need to be highlighted the way you’ve done so in iOS 10. I really loved iOS for not cluttering my life, and making it simpler, compared to Android (the new style does look like inspiration from Android, doesn’t it?).

Comparing this to iOS 9, what you’ve lost is absolute ingenuity:

Yes Tim, the beauty of your beloved platform has been lost, and Steve is waiting for you.

See? Nothing was ever wrong.
 

I’ve been using the beta version of iOS 10 for a little more than a few hours now, and the Today screen has also been ruined. Oh! I almost forgot – what you’ve done to the control centre is horrible. Do you know what this reminds me of? It reminds me of the Red Wedding – Lord Bolton murdering the King of the North, Robb Stark. That was truly gruesome, wasn’t it?

Tim, iOS 9 was the epitome of creation.

I truly hope that this letter talks solely about iOS 10 preview, and that it doesn’t speak for iOS 10 final.

 

Sincerely,
Jude

Posted on

Discover – my second iOS app

iTunes Genius is a great feature. However, it lacks music discovery outside your own music library. Sure, you can always do a Google search for similar tunes, but let’s face it – who has time to do this anymore?

There weren’t any great music discovery apps on the App Store either. All of them either looked ugly, or had to be opened by the user. The content wasn’t available readily.

Then I thought of Discover. I wrote this app keeping in mind that the app would never have to be opened by the user, to see any content. Instead, why not present it in the Today screen itself? This way, the widget can refresh it’s content quickly and present it, in a beautiful manner.

Unobtrusive. Simply genius, isn’t it?

How can this be made any better? Provide buttons which directly search the iTunes Store or YouTube for the song recommended. This way, it’s easy for the user to try out new songs, with zero effort. Eureka! The effort of typing on the device is now gone!

I’ve submitted the app on the App Store for review, and I hope it will be accepted and published soon. Here’s a sneak peak of it:

Highlights of Discover
Highlights of Discover

Discover took a total of one month to complete. Although it was a simple app, I couldn’t give it much time day to day.

I love what it’s turned into. There’s so much that I’ve learned about iOS – auto layout, GCD, and the language itself.