This is a completely fresh implementation of the iCepa app.

Overview

iCepa Restart

This is a completely fresh implementation of the iCepa app.

It is a testbed for Network Extension experiments for advanced VPN-style apps.

It was originally developed for use with Tor by Conrad Kramer, hence the name ("Cepa" means onion in Latin), but can be used as a base for all other sorts of proxies now and also with Pluggable Transports.

Features

  • Container app for installing and controlling the Network Extension and displaying log output for easier debugging.
  • App Group storage to share files between the app and the extension.
  • iOS and MacOS implementation.
  • Basic messaging implementation to show how to communicate between app and extension.
  • Easy build configuration via xcconfig file.
  • Clean encapsulation of NE code in VpnManager and BasePTProvider classes.
  • Clean implementation of a TorManager to show usage of Tor.framework.
  • Tor.framework integrated as a git submodule for easy debugging.
  • Proxy can be run in extension and in app and easily switched.
  • Glue code for different tun2socks implementations to try out.

Different tun2socks implementations

Since a lot of existing proxy code can't handle IP packets directly (like Tor), a big part of the experiment is/was trying out different projects which go in between. Code for these is kept around for demonstration purposes, but is disabled, except the last (called leaf), which currently seems to be the best option.

The following libraries were tried and might be of interest to you:

  • OBTun2Socks A stab at packaging a C tun2socks implementation in a CocoaPod.

  • GoTun2Socks A Go implementation of tun2socks. Discontinued.

  • outline-go-tun2socks A Go tun2socks implementation by the Outline project.

  • tun2tor A Rust implementation of tun2socks specifically written for Tor with support for its DNS resolution. (slightly updated to fix compilation issues, but still outdated and discontinued)

  • leaf A flexible proxy framework written in Rust with support for SOCKS, HTTP CONNECT, ShadowSocks and many more with highly configurable routing options.

Getting started

git clone --recursive [email protected]:iCepa/iCepa.git
cd iCepa
pod install # or `update`
open iCepa.xcworkspace

Network Extensions can only be run on a real device. You will also need a paid Apple Developer subscription to be able to manually create the development certificates needed.

Don't edit project.pbxproj (the project configuration) directly, instead use Config.xcconfig, where all signing-related info is kept out of the way.

You will need to create 3 identifiers here: https://developer.apple.com/account/resources/identifiers/list

  • A group identifier.
  • An app bundle identifier for the app itself.
  • An app bundle identifier used for the Network Extension.

Both app IDs need the capabilities "App Groups" and "Network Extensions". Add the created group ID to the "App Groups" capability.

Put these IDs in the respective fields in Config.xcconfig.

The devloper team ID can be found on the aforementioned page in the top right.

Create 2 iOS development profiles here for the app and the extension: https://developer.apple.com/account/resources/profiles/list

Put their "names" as their specifiers in Config.xcconfig.

In Xcode, go to "Preferences" -> "Accounts" -> select your Apple ID -> "Download Manual Profiles"

Now, you should be able to compile and run on a real device.

Author, License

Benjamin Erhart, Die Netzarchitekten e.U.

Under the authority of Guardian Project.

Licensed under MIT

Icon

Icon taken from

https://thenounproject.com/term/onion/35969/

By Brennan Novak, Public Domain

Comments
  • Building the project fails

    Building the project fails

    I tried building the project but it fails with these errors:

    • iCepa-master/iOS/ViewController.swift:21:9: Type 'NETunnelProviderManager' has no member 'loadOrCreateDefaultWithCompletionHandler'
    • could not find Cargo.toml in iCepa-master/Extension/tun2tor or any parent directory fatal error: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: target/x86_64-apple-ios/debug/libtun2tor.a (No such file or directory)

    I have followed the exact steps mentioned in README.

    opened by al-ht10 18
  • Build fails Tor framework from Carthage

    Build fails Tor framework from Carthage

    In the cartfile, I wrote github "iCepa/Tor.framework" "master" and ran carthage update. The build fails with the following error: *** Building scheme "Tor-Mac" in Tor.xcodeproj ** BUILD FAILED **

    The following build commands failed: ExternalBuildToolExecution openssl-Mac (1 failure) A shell task failed with exit code 65: ** BUILD FAILED **

    The following build commands failed: ExternalBuildToolExecution openssl-Mac (1 failure)

    I don't know what I'm doing wrong.

    Please help. Thanks

    opened by al-ht10 15
  • Installation issues

    Installation issues

    Hey Conrad,

    Was checking out the project, was having issues setting up the project.

    1. You've included the Tor.framework as a submodule and through Carthage. Was that Intentional?
    2. Build script for lipo is failing. It's assuming that libtun2tor.a has been built, but it appears that it is not the case? (/Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/lipo: can't open input file: target/x86_64-apple-ios/release/libtun2tor.a (No such file or directory)
    opened by AndrewSB 6
  • Not Building

    Not Building

    error: could not find Cargo.toml in /Users/"myuser"/Downloads/iCepa-master/Extension/tun2tor or any parent directory

    I have completed all build steps

    opened by Taherismail17 5
  • What is serverAddress in NETunnelProviderProtocol confuguration?

    What is serverAddress in NETunnelProviderProtocol confuguration?

    Hello, I found config.serverAddress = "somebridge" in the permissionViewController.swift file. I added the server address "127.0.0.1" there. But it disconnected. Can you please guide me what server address I need to put there to connect TOR-VPN. Thank you!

    opened by simform-solutions 4
  • Build falied

    Build falied

    I am trying to build the project for iOS but it is saying that you done have archtecture for arm64. Error is as follows: 62571858-67d69c80-b860-11e9-9f5a-b36936493c1e

    Somebody suggested that I didn't install all Rust targets. But I have as you can see from the screenshot: 62575682-4a5a0080-b869-11e9-8c87-9073b640c0b9

    opened by Ahmedbutt 4
  • Build is broken

    Build is broken

    Something about the Xcode's script environment being different enough to mess up cargo.

    Temporary workaround is to build the library separately from Xcode, and then Build and Run from Xcode:

    $ cd Extension/tun2tor
    $ cargo build --lib --target aarch64-apple-ios
    
    bug 
    opened by conradev 4
  • Special Network Extension request no longer needed?

    Special Network Extension request no longer needed?

    Hey! I've been getting a dev environment set up — excited to potentially contribute to this project.

    I shot off an email to Apple to get access to the proper Network Extension entitlement, and got this lovely autoreply email:

    Thank you for requesting information about the Network Extension framework. Please note that as of November 10, 2016 this process is not required for developers who wish to use App Proxy, Content Filter, or Packet Tunnel APIs. To use these services please navigate to your Developer Account at https://developer.apple.com/account/ and select the Network Extension capability for the App ID you will be using for your app.

    If you are requesting an entitlement for Hotspot Helper APIs and have already filled out the request questionnaire then your request will be addressed at our earliest convenience. Otherwise please visit https://developer.apple.com/contact/network-extension/ and enter the required information.

    I assume this project is likely not using Network Extension framework APIs other than the Packet Tunnel APIs, and that thus manually emailing Apple might not be necessary any more to run on-device?

    I still don't have a working dev environment (banging my head against Rust tun2tor issues — may open an issue here once it becomes obvious it isn't trivially user error), so I can't confirm yet, but this does seem promising. Figured I'd bring this to your attention, since it seems like such a recent policy change.

    opened by lazerwalker 4
  • Error: Could not start manager: Error Domain=NEVPNErrorDomain Code=1

    Error: Could not start manager: Error Domain=NEVPNErrorDomain Code=1 "(null)"

    On macOS

    iCepa[44972:615295] Error: Could not start manager: Error Domain=NEVPNErrorDomain Code=1 "(null)"
    

    (There are quite a few Swift 3 errors getting iCepa to run, but I believe I resolved them all correctly...)

    opened by ghazel 4
  • Can you provide a binary for self-signing?

    Can you provide a binary for self-signing?

    Kodi makes available ios binaries that one can sign with Xcode 7 and install on iOS 9 without needing to sign up as a developer with Apple. See http://kodi.wiki/view/HOW-TO:Install_Kodi_for_iOS (near the bottom of the page) and http://dantheman827.github.io/ios-app-signer/.

    Any chance this project could do the same thing? It seems building from source is quite some chore. Making binaries would enable more people to install and test the software.

    opened by MarkCallow 4
  • Release build broken

    Release build broken

    Release build fails with

    Ld /Users/dodo/Library/Developer/Xcode/DerivedData/iCepa-cjffkldphkgpqraghzyrjxmzcvrs/Build/Products/Release-iphoneos/Tor.framework/Tor normal (in target 'Tor-iOS' from project 'Tor')
        cd /Users/dodo/Work/CloneOuts/iCepa/Tor.framework
        /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/clang -target arm64-apple-ios11.0 -dynamiclib -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS15.2.sdk -L/Users/dodo/Library/Developer/Xcode/DerivedData/iCepa-cjffkldphkgpqraghzyrjxmzcvrs/Build/Products/Release-iphoneos -F/Users/dodo/Library/Developer/Xcode/DerivedData/iCepa-cjffkldphkgpqraghzyrjxmzcvrs/Build/Products/Release-iphoneos -filelist /Users/dodo/Library/Developer/Xcode/DerivedData/iCepa-cjffkldphkgpqraghzyrjxmzcvrs/Build/Intermediates.noindex/Tor.build/Release-iphoneos/Tor-iOS.build/Objects-normal/arm64/Tor.LinkFileList -install_name @rpath/Tor.framework/Tor -Xlinker -rpath -Xlinker @loader_path/.. -Xlinker -rpath -Xlinker @executable_path/Frameworks -Xlinker -rpath -Xlinker @loader_path/Frameworks -Xlinker -object_path_lto -Xlinker /Users/dodo/Library/Developer/Xcode/DerivedData/iCepa-cjffkldphkgpqraghzyrjxmzcvrs/Build/Intermediates.noindex/Tor.build/Release-iphoneos/Tor-iOS.build/Objects-normal/arm64/Tor_lto.o -fembed-bitcode-marker -fobjc-arc -fobjc-link-runtime -fapplication-extension -ltor -lssl -lcrypto -levent -levent_core -levent_extra -levent_pthreads -llzma -lz -Xlinker -dependency_info -Xlinker /Users/dodo/Library/Developer/Xcode/DerivedData/iCepa-cjffkldphkgpqraghzyrjxmzcvrs/Build/Intermediates.noindex/Tor.build/Release-iphoneos/Tor-iOS.build/Objects-normal/arm64/Tor_dependency_info.dat -o /Users/dodo/Library/Developer/Xcode/DerivedData/iCepa-cjffkldphkgpqraghzyrjxmzcvrs/Build/Products/Release-iphoneos/Tor.framework/Tor
    
    ld: library not found for -ltor
    clang: error: linker command failed with exit code 1 (use -v to see invocation)
    

    Debug build works OK.

    Also, the build instructions in the README don't mention that you also need to install Rust, cbindgen and ffi. Also, if using M1 Macs, tor.sh, xz.sh and libevent.sh needs to be modified and /usr/local/... changed to /opt/homebrew/....

    opened by DoDoENT 3
Owner
The iCepa Project
Building better Tor for iOS
The iCepa Project
iOS implementation of OmniEdge VPN

Overview This repository contains the open source OmniEdge Evalution Version iOS Client code. No

OmniEdge 50 Nov 22, 2022
Easy to use SMJobBless, along with a full Swift implementation of the Authorization Services and Service Management frameworks

Leverage SMJobBless functionality with just one function call: let message = "Example App needs your permission to do thingamajig." let icon = Bundle.

null 20 Dec 23, 2022
Swift implementation of WalletConnect v.2 protocol for native iOS applications

Wallet Connect v.2 - Swift Swift implementation of WalletConnect v.2 protocol for native iOS applications. Requirements iOS 13 XCode 13 Swift 5 Usage

WalletConnect 142 Jan 4, 2023
DICOM implementation written in Swift

DcmSwift DcmSwift is a (partial, work in progress) DICOM implementation written

OPALE 6 Dec 1, 2022
A slim implementation of a websocket server using Swift and Vapor 4.0.

Swift Websocket Server Example using Vapor 4.0 This project includes a minimum working example for a websocket server written in Swift. To interact wi

Adrian Hupka 5 Sep 22, 2022
Swift implementation of libp2p, a modular & extensible networking stack

Swift LibP2P The Swift implementation of the libp2p networking stack Table of Contents Overview Disclaimer Install Usage Example API Contributing Cred

null 19 Dec 18, 2022
Cross-platform JsonRPC client implementation with HTTP and WebSocket support

JsonRPC.swift Cross-platform JsonRPC client implementation with HTTP and WebSocket support Getting started Installation Package Manager Add the follow

Tesseract 5 Oct 19, 2022
This generic SOAP client allows you to access web services using a your iOS app, Mac OS X app and AppleTV app.

This generic SOAP client allows you to access web services using a your iOS app, Mac OS X app and Apple TV app. With this Framework you can create iPh

Prioregroup.com 479 Nov 22, 2022
StatusBarOverlay will automatically show a "No Internet Connection" bar when your app loses connection, and hide it again. It supports apps which hide the status bar and The Notch

StatusBarOverlay StatusBarOverlay will automatically show a "No Internet Connection" bar when your app loses connection, and hide it again. It support

Idle Hands Apps 160 Nov 2, 2022
Securely synchronize any CareKit 2.1+ based app to a Parse Server Cloud. Compatible with parse-hipaa.

ParseCareKit Use at your own risk. There is no promise that this is HIPAA compliant and we are not responsible for any mishandling of your data This f

Network Reconnaissance Lab 31 Nov 24, 2022
A network extension app to block a user input URI. Meant as a network extension filter proof of concept.

URIBlockNE A network extension app to block a user input URI. Meant as a network extension filter proof of concept. This is just a research effort to

Charles Edge 5 Oct 17, 2022
Native ios app to download tiktoks localy made in swift with SwiftUI

sequoia Native ios app to download tiktoks localy made in swift with SwiftUI without external dependencies. features save video localy view saved vide

fleur 9 Dec 11, 2022
Official ProtonVPN iOS and macOS app

ProtonVPN for iOS and macOS Copyright (c) 2021 Proton Technologies AG Dependencies This app uses CocoaPods for most dependencies. Everything is inside

ProtonVPN 121 Dec 20, 2022
Scrcpy-iOS.app is a remote control tool for Android Phones

Scrcpy-iOS About Scrcpy-iOS.app is a remote control tool for Android Phones based on [https://github.com/Genymobile/scrcpy]. Features: Connect remote

Ethan 198 Jan 5, 2023
Request adapter for URL requests from "MovieLister" demo app (Swift for Good book, a chapter by Ben Scheirman)

RequestAdapter Request adapter for URL requests from "MovieLister" demo app (Swift for Good book, a chapter by Ben Scheirman) The code is taken from:

Mihaela Mihaljevic Jakic 0 Nov 22, 2021
Simple iOS app in Swift to show AQI for some cities using websocket using Combine + MVVM

AQI Simple iOS app in Swift to show AQI for some cities using websocket using Combine + MVVM This app follows MVVM This app uses combine framework The

Amey Vikkram Tiwari 2 Nov 6, 2022
ADVANCED APP DESIGN The main goal of this mini project is to inspire you on what we can accomplish with the SwiftUI framework.

Restart-App.0.2 ADVANCED APP DESIGN The main goal of this mini project is to inspire you on what we can accomplish with the SwiftUI framework. COMPLEX

Noye Samuel 1 Dec 11, 2021
A simple app to hit the NY Times Most Popular Articles API

MostPopularArticles A simple app to hit the NY Times Most Popular Articles API a

null 0 Dec 18, 2021
Apple watch app to interface with Transmission Client

TransmissionWatch Apple watch app to interface with Transmission Client Currrent

Aayush 2 Dec 23, 2021