Pango Platform
HomeConsole
  • What is Pango Developer Platform
  • Getting started
    • Sign up on the Management Console
    • Create a new project
    • Switch projects
    • Change console settings
    • Edit your profile
    • Try out the demo app
    • Keep exploring
    • Deprecation and Sunset
  • Console details
    • Dashboard
      • General
      • Location loading
    • Users
      • User page
    • Active sessions
    • Network
      • Countries
      • Locations
      • Pools
        • Optimal location
        • Location rules
    • Settings
      • General
        • Project config description (JSON format)
          • Server selector (JSON format)
          • Request selector (JSON format)
      • Authentication methods
        • Auth Plugin requirements
      • VPN
        • General
        • VPN Bypass list
        • Client Networks
      • Member
    • Export Data
    • Log
  • SDK
    • Unified VPN SDK for Android
      • Setup
        • Application Setup
        • Proguard Rules, Notification, and Analytics Configurations
        • Backend URL Configuration
      • Usage
        • Initialization
        • VPN Interface
        • Backend interface
      • Features
        • Hydra Protocol
          • Location profile (Hydra only)
        • Custom sdk dependencies
        • Deferred VPN Service Initialization
        • Authentication
        • Client Network List (CNL)
        • OpenVPN transport
        • Wireguard Transport
        • Reconnection strategy
        • Single Protocol SDK
        • Killswitch
        • Domain route via VPN
        • Process route via VPN
        • Process Bypass
        • Domain Bypass
        • Traffic rules
        • VPN Node DNS Configuration
        • Multihop
          • Optimal Location
      • Exceptions
      • Version migration
      • Changelog
    • Unified VPN SDK for Apple
      • Setup
        • Application Setup
        • Network Extension Setup
          • Network Extension Setup for tvOS
        • Backend URL Configuration
      • Usage
        • Single Protocol SDK
        • Unified SDK
        • Logging
        • Decoding Encoded VPN SDK Logs
      • Features
        • Deferred VPN Service Initialization
        • Authentication
        • Wireguard Transport
        • Reconnection strategy
        • Killswitch
        • Domain Bypass
        • Multihop
          • Optimal Location
        • Client Network List (CNL)
        • Domain route via VPN
      • Changelog
      • API Reference
    • IPSEC VPN SDK for Apple
    • Unified VPN SDK for Windows
      • Setup
        • Backend URL Configuration
        • Service command line arguments
        • ARM Platform Support
      • Usage
        • CoreAPI
        • Events
        • Generating a Unique Device Identifier
        • Error processing
        • Pipe Messaging
      • Features
        • Traffic protection
          • Killswitch
          • Prevent IP Leaks
          • Block Local Networks
        • Other
          • Firewall
            • DNS Monitor
            • Process Bypass
            • Domain Bypass
            • Process route via VPN
            • Domain route via VPN
          • Throttling
          • Optimal Location
          • Common issues
        • Hydra Protocol
          • CustomDNS, UserDNS, MultiHop, VpnProfiles
        • OpenVPN Protocol
        • Wireguard Protocol
        • IPSec Protocol
      • Collecting Debug Logs
      • Changelog
    • Unified VPN SDK for Routers
      • SDK. Shared library.
      • Configuration Interface (CI)
        • Unix Domain Sockets CI
        • REST API CI
    • Unified VPN SDK Feature Comparison By Platform
    • Unified VPN SDK
      • Features
        • Personal Bridge
    • Tunnel Vision and Tunnel Crack Prevention
  • REST API
    • Partner API
  • Sample applications
    • Unified VPN SDK demo for Windows
    • Hydra VPN SDK demo for iOS
    • IPSEC VPN SDK demo for iOS
    • Unified VPN SDK demo for Android
    • Hydra VPN SDK demo for OpenWRT
    • OpenVPN configuration file
  • Resources
    • Use cases
      • Public VPN
      • Business VPN
        • Creating a Business VPN Project
        • Wi-Fi Security for Business
      • Application anti-blocking
    • How-to
      • Create a Firebase project for User Authentication
      • AWS CloudFront Distribution of the Platform URL
      • How can I get Shared Secret key from iTunes Connect for In-App Purchase
  • FAQ
    • General
      • VPN Platform Flow
      • What data is collected by the Platform?
      • What analytic data is collected by your SDK?
      • How the Platform restricts access to our data?
      • Why DNS Leak tests often indicate positive result?
      • Do we need to perform endpoint health checks?
      • How is the VPN exit node found?
      • How are streams re-marked if VPN is enabled/disabled on an active flow?
      • Is there a maximum number of supported devices?
      • Are both IPv4 and IPv6 supported?
      • What is the MTU of the tunnel?
      • Are any redundancy measures in terms of reliability provided?
      • Is there any load balancing?
      • Do you block broadcast and multicast to/from the VPN?
    • List of Open Source libs
Powered by GitBook
On this page
  • API Documentation
  • VPN SDK Integration
  • Step 1: Application Target Setup
  • Step 2: Network Extension Target Setup
  • IPSecSDK Exception
  • Getting Started with the SDK
  • Configure Using HydraSDK
  • Configure Using IPSecSDK
  • Connecting VPN and obtaining status
  • Using On Demand mode
  • On Demand and users with limited traffic
  • Error Handling
  • Crash Reporting

Was this helpful?

  1. SDK
  2. Unified VPN SDK for Apple
  3. Usage

Single Protocol SDK

PreviousUsageNextUnified SDK

Last updated 1 month ago

Was this helpful?

The Single Protocol SDK is the ideal choice when you plan to implement a specific protocol within your application. This SDK is suitable if you intend to utilize a single protocol throughout your app or if you prefer to handle protocol switching manually within your application's codebase.

API Documentation

To view a complete list of of the available APIs, see .

VPN SDK Integration

Integrating a VPN SDK into your application typically involves a two-step process: setting up the application target and configuring the network extension target. This process is consistent across most VPN SDKs, with one notable exception - IPSecSDK.

Step 1:

The first step in the integration process is to configure your application target. This involves modifying your app's build settings, linking necessary libraries, and ensuring that your app has the required permissions and entitlements to utilize the VPN functionality.

Step 2:

The second step is to set up a network extension target. A network extension is a separate process that runs alongside your main application and handles the VPN connection. This step involves creating a new target in your Xcode project, configuring its build settings, and implementing the necessary code to establish and manage the VPN connection.

IPSecSDK Exception

It's worth noting that IPSecSDK is an exception to the typical two-step integration process. IPSecSDK utilizes Apple's internal tunnel implementation, which eliminates the need for you to set up a separate network extension target.

With IPSecSDK, you only need to focus on setting up the application target. The SDK handles the VPN connection internally, simplifying the integration process.

Getting Started with the SDK

To get started with the single protocol SDK, use the configuration below as a starting point. This minimal setup provides the easiest way to initialize the SDK and begin using its features.

When developing for macOS, it is important to note that even though enabling App Groups is not necessary, you must still provide the groupData and ensure that the groupID property has a valid value. The groupID should follow the format "group.example", where "example" is a unique identifier for your app or project.

Configure Using HydraSDK

import VPNApplicationSDK    
// ...

let groupData = VPNGroupData(
    groupID: "group.com.yourcompany.vpnsdk-demo",
    usesSystemExtension: false
)
    
let hydraConfiguration = HydraConfiguration(
    carrierID: "YOUR_CARRIER_ID",
    extensionBundleID: "com.yourcompany.demo-test.app.hydra-extension",
    groupData: groupData,
    fireshieldConfig: FireshieldConfig(
        mode: .disabled,
        groupData: groupData
    )
)

let hydraSDK = HydraSDK(configuration: hydraConfiguration)

Configure Using IPSecSDK

import VPNApplicationSDK
// ...

let iPSecConfiguration = IPSecConfiguration(
    carrierID: "YOUR_CARRIER_ID",
    trafficCountersFetchInterval: 3.0
)

let iPSecSDK = IPSecSDK(configuration: iPSecConfiguration)

In IPSecSDK, providing GroupData is not necessary.

Connecting VPN and obtaining status

To connect VPN use function start(location:completion:) on SDK instance. When VPN is started or an error occurred, completion handler will be called. To obtain VPN connection status you need to subscribe to vpnStateDidChange notification provided by SDK. For example:

NotificationCenter.default.addObserver(forName: .vpnStateDidChange, object: nil, queue: nil) { notification in
    // ...
}

When you receive notification, get updated VPN status from SDK instance state property and handle this status as designed by your app.

While using Hydra you can also switch location using applyLocationIfConnected(:completion:) when VPN is in connected status. It will update location in the same network extension (without killing it and starting new one). This method will return error if VPN is not currently connected.

Using On Demand mode

iOS and macOS, both provide an ability to connect to VPN automatically when certain (preconfigured) coditions are met. This functionality is called On Demand.

VPN SDK can be configured for On Demand mode with corresponding configuration via isOnDemandEnabled and onDemandRules properties. The SDK could be initialized with this parameter.

On Demand and users with limited traffic

If your service provides limited traffic or a transport error occurs (e.g. credentials to VPN nodes are expired), current session will be killed with VPNTunnelError.trafficExceeded error. If On Demand mode conditions are met, the System will try to restart Network Extension process, until it is up and running. Due to NetworkExtension framework's limitation, it is not possible to disable On Demand mode from Custom Tunnel Provider extension upon receiving these errors. This makes System trying endlessly reconnect to VPN, while Network Extension is unable to provide VPN service due to the error.

In order to overcome this issue, VPN SDK disables real tunneling, leaving Network Extension running in Bypass mode. By doing this, iOS can meet On Demand mode conditions while the traffic is routed locally, without VPN server. It means that user will have their real IP address and there will be no traffic protection.

Whenever app starts, it's highly recommended to check if VPN is connected and if user is out of traffic limit. In this case, it's necessary to disconnect current VPN session and optionally show user a message. To check if current VPN connection is running in Bypass mode read isBypassEnabled property from SDK instance.

In order to catch situation when user is out of traffic without main app running, use BaseNetworkExtensionDelegate callback method vpnDidReceiveError(_:).

Error Handling

Most of the SDK instance calls are accepting completion blocks with errors. If some error occurs, you will receive non-nil Error object with an explanation. Some errors types that can be thrown by VPN SDK methods: PartnerAPI.APIError, VPNSDKError, VPNTransportError, VPNTunnelError. If you need localized description make these types conform to LocalizedError protocol and provide var errorDescription: String? property. Then you can use localizedDescription property on returned Error.

If you are just disconnected from VPN session, you could also check lastTunnelError property of SDK instance, if there was an error during network extension initialization or session management system disconnected VPN remotely, there will be VPNTunnelError case here. You can handle such errors and report if appropriate. Pay attention that this property is always nil for IPSecSDK, because we don't have access to internal IPSec implementation.

Crash Reporting

import HydraTunnelProvider

class ProviderDelegate: NSObject, BaseNetworkExtensionDelegate {
    override init() {
        Fabric.with([Crashlytics.self])
    }
}

Some project might consider crash reporting integration (such as, ) for Network Extension side. If your crash reporting framework supports Application Extensions and requires additional code to setup it, put the configuration code inside BaseNetworkExtensionDelegate's -init override:

API reference
Application Target Setup
Network Extension Target Setup
Crashlytics