Trusted Network Detection

[PeterMcCaldon-aps]

the VPNutil gives us the option to ignore SSID's but it would be nice if it could also ignore specific network ranges or ideally if it detects an internal resource (ping or https connection)

[Timac]

Interesting. I assume that you never want to connect to the VPN if a ping to a resource success or fail? Do you have a more precise example?

[PeterMcCaldon-aps]

Yes, I'm working on an Always on VPN project which seems very difficult on a Mac. Love the VPNStatus app btw.

I'm trying to get it so the user doesn't need to do anything. So if they are at home the VPN connects but if they are in the office it even doesn't try to connect

If the app could check for a resource before trying to connect that should tell it if they are in the office (not needing the VPN) or outside (needing the VPN)

The resource could be checking for an internal website, so does https://myweb.mydomain.local succeed or can I ping the DC

It's kinda like the ignore SSID in the VPNUtil, if 10.99.99.* is detected don't connect. The above example is how many other AoVPN providers do it.

Thanks

From: Alexandre Colucci @.> Sent: 12 August 2022 09:07 To: Timac/VPNStatus @.> Cc: Peter McCaldon @.>; Author @.> Subject: Re: [Timac/VPNStatus] Trusted Network Detection (Issue #21)

CAUTION: This email originated from outside of aps Events & Media. Do not click links or open attachments unless you recognise the sender and know the content is safe.

Interesting. I assume that you never want to connect to the VPN if a ping to a resource success or fail? Do you have a more precise example?

Reply to this email directly, view it on GitHubhttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FTimac%2FVPNStatus%2Fissues%2F21%23issuecomment-1212843608&data=05%7C01%7C%7Cf1457da8527044d3179308da7c3999ab%7C7ca100591ae14c14a285583c73657bc6%7C0%7C0%7C637958884090216823%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=Y%2BL1xEowIo4yG37tMo%2FluDbDEDrRhYZusmzbYJePTAs%3D&reserved=0, or unsubscribehttps://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fnotifications%2Funsubscribe-auth%2FAZAJSVOKJDE5ZHVQDAX7RMDVYYAZJANCNFSM56KW7AGA&data=05%7C01%7C%7Cf1457da8527044d3179308da7c3999ab%7C7ca100591ae14c14a285583c73657bc6%7C0%7C0%7C637958884090373036%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=xmqWeUOkeRygtQXPAx%2F0vebkQ4Wn2KGrq2wiXxhfkrU%3D&reserved=0. You are receiving this because you authored the thread.Message ID: @.@.>>

[Timac]

@PeterMcCaldon-aps Thanks for the clarification. Such a feature could be implemented in VPNStatus. As a first idea, I would most likely change -(BOOL)shouldPreventAutoConnectOnCurrentSSID to return the BOOL asynchronously in a block. The block would then asynchronously execute [neService connect]; if the resource is available.

The function shouldPreventAutoConnectOnCurrentSSID could be expanded to not only check for the SSIDs to be ignored but also test if the resource is available. Finally a preventConnectIfResourceDetected function containing the list of resources to check could be added similar to ignoredSSIDs:

-(NSArray<NSString *> *)ignoredSSIDs
{
    NSString *ignoredSSIDsString = [[NSUserDefaults standardUserDefaults] stringForKey:kServiceIgnoredSSIDsKey];
    return [ignoredSSIDsString componentsSeparatedByString:@","];
}