hongru · November 10, 2015 15:33
diff --git a/IPSecDemo.m b/IPSecDemo.m
 - (void)viewDidLoad
 {
    [super viewDidLoad];

    // init VPN manager
    self.vpnManager = [NEVPNManager sharedManager];

    // load config from perference
    [_vpnManager loadFromPreferencesWithCompletionHandler:^(NSError *error) {

        if (error) {
            NSLog(@"Load config failed [%@]", error.localizedDescription);
            return;
        }
        
        NEVPNProtocolIPSec *p = _vpnManager.protocol;
        
        if (p) {
            // Protocol exists.
            // If you don't want to edit it, just return here.
        } else {
            // create a new one.
            p = [[NEVPNProtocolIPSec alloc] init];
        }
        
        // config IPSec protocol        
        p.username = @"[Your username]";
        p.serverAddress = @"[Your server address]";;

        // get password persistent reference from keychain
        p.passwordReference = [self searchKeychainCopyMatching:@"VPN_PASSWORD"];

        // PSK
        p.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret;
        p.sharedSecretReference = [self searchKeychainCopyMatching:@"PSK"];
        
        /*
        // certificate
        p.identityData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"client" ofType:@"p12"]];
        p.identityDataPassword = @"[Your certificate import password]";
        */

        p.localIdentifier = @"[VPN local identifier]";
        p.remoteIdentifier = @"[VPN remote identifier]";
        
        p.useExtendedAuthentication = YES;
        p.disconnectOnSleep = NO;
        
        _vpnManager.protocol = p;
        _vpnManager.localizedDescription = @"IPSec Demo";

        [_vpnManager saveToPreferencesWithCompletionHandler:^(NSError *error) {
            NSLog(@"Save config failed [%@]", error.localizedDescription);
        }];
    }];
 }

 - (IBAction)startVPNConnection:(id)sender {
    //[[VodManager sharedManager] installVPNProfile];
    
    NSError *startError;
    [_vpnManager.connection startVPNTunnelAndReturnError:&startError];
    if (startError) {
        NSLog("Start VPN failed: [%@]", startError.localizedDescription);
    }
 }

 static NSString * const serviceName = @"im.zorro.ipsec_demo.vpn_config";

 - (NSData *)searchKeychainCopyMatching:(NSString *)identifier {
    NSMutableDictionary *searchDictionary = [[NSMutableDictionary alloc] init];
        
    NSData *encodedIdentifier = [identifier dataUsingEncoding:NSUTF8StringEncoding];
    
    searchDictionary[(__bridge id)kSecClass] = (__bridge id)kSecClassGenericPassword;
    searchDictionary[(__bridge id)kSecAttrGeneric] = encodedIdentifier;
    searchDictionary[(__bridge id)kSecAttrAccount] = encodedIdentifier;
    searchDictionary[(__bridge id)kSecAttrService] = serviceName;

    searchDictionary[(__bridge id)kSecMatchLimit] = (__bridge id)kSecMatchLimitOne;
    searchDictionary[(__bridge id)kSecReturnPersistentRef] = @YES;
    
    CFTypeRef result = NULL;
    SecItemCopyMatching((__bridge CFDictionaryRef)searchDictionary, &result);
    
    return (__bridge_transfer NSData *)result;
 }
	- (void)viewDidLoad
	{
	[super viewDidLoad];

	// init VPN manager
	self.vpnManager = [NEVPNManager sharedManager];

	// load config from perference
	[_vpnManager loadFromPreferencesWithCompletionHandler:^(NSError *error) {

	if (error) {
	NSLog(@"Load config failed [%@]", error.localizedDescription);
	return;
	}

	NEVPNProtocolIPSec *p = _vpnManager.protocol;

	if (p) {
	// Protocol exists.
	// If you don't want to edit it, just return here.
	} else {
	// create a new one.
	p = [[NEVPNProtocolIPSec alloc] init];
	}

	// config IPSec protocol
	p.username = @"[Your username]";
	p.serverAddress = @"[Your server address]";;

	// get password persistent reference from keychain
	p.passwordReference = [self searchKeychainCopyMatching:@"VPN_PASSWORD"];

	// PSK
	p.authenticationMethod = NEVPNIKEAuthenticationMethodSharedSecret;
	p.sharedSecretReference = [self searchKeychainCopyMatching:@"PSK"];

	/*
	// certificate
	p.identityData = [NSData dataWithContentsOfFile:[[NSBundle mainBundle] pathForResource:@"client" ofType:@"p12"]];
	p.identityDataPassword = @"[Your certificate import password]";
	*/

	p.localIdentifier = @"[VPN local identifier]";
	p.remoteIdentifier = @"[VPN remote identifier]";

	p.useExtendedAuthentication = YES;
	p.disconnectOnSleep = NO;

	_vpnManager.protocol = p;
	_vpnManager.localizedDescription = @"IPSec Demo";

	[_vpnManager saveToPreferencesWithCompletionHandler:^(NSError *error) {
	NSLog(@"Save config failed [%@]", error.localizedDescription);
	}];
	}];
	}

	- (IBAction)startVPNConnection:(id)sender {
	//[[VodManager sharedManager] installVPNProfile];

	NSError *startError;
	[_vpnManager.connection startVPNTunnelAndReturnError:&startError];
	if (startError) {
	NSLog("Start VPN failed: [%@]", startError.localizedDescription);
	}
	}

	static NSString * const serviceName = @"im.zorro.ipsec_demo.vpn_config";

	- (NSData )searchKeychainCopyMatching:(NSString )identifier {
	NSMutableDictionary *searchDictionary = [[NSMutableDictionary alloc] init];

	NSData *encodedIdentifier = [identifier dataUsingEncoding:NSUTF8StringEncoding];

	searchDictionary[(__bridge id)kSecClass] = (__bridge id)kSecClassGenericPassword;
	searchDictionary[(__bridge id)kSecAttrGeneric] = encodedIdentifier;
	searchDictionary[(__bridge id)kSecAttrAccount] = encodedIdentifier;
	searchDictionary[(__bridge id)kSecAttrService] = serviceName;

	searchDictionary[(__bridge id)kSecMatchLimit] = (__bridge id)kSecMatchLimitOne;
	searchDictionary[(__bridge id)kSecReturnPersistentRef] = @YES;

	CFTypeRef result = NULL;
	SecItemCopyMatching((__bridge CFDictionaryRef)searchDictionary, &result);

	return (__bridge_transfer NSData *)result;
	}