/iCepa

iOS system-wide VPN based Tor client

Primary LanguageSwift

iCepa

iCepa is an iOS system-wide VPN Tor client. It uses Tor.framework to manage its Tor instance, and tun2tor to bridge VPN traffic to Tor. The project does not work yet, and is in progress.

Requirements

  • iOS 10.0 beta 2 or later
  • Xcode 8.0 or later

Building

Because the network extension depends on tun2tor, building this application requires the Rust compiler. You can install it using rustup:

curl https://sh.rustup.rs -sSf | sh
rustup install stable
rustup target add aarch64-apple-ios
rustup target add armv7s-apple-ios
rustup target add armv7-apple-ios

Installation

Installing this application on your own iOS device requires special Network Extension entitlements from Apple. Email networkextension@apple.com to request access to these entitlements.

Once you have been granted these entitlements, you are going to have to provision the app:

  1. Pick a bundle identifier and generate an App ID for that bundle identifier on Apple's developer portal.
  2. Append a new component to that bundle identifier to form the extension's bundle identifier, and generate an App ID for that new bundle identifier.
  3. Create an App Group, and set that App Group on both of the App IDs that you just created.
  4. Create two new provisioning profiles, one for each App ID, and enable the Network Extension entitlements on both.
  5. Put the App Group and both App IDs in iCepa-iOS.xcconfig

Contributing

iCepa is separated into two components. The UI is written in Swift, and provides a basic interface to start, stop and configure the Tor network extension. The network extension is also written in Swift, and bridges traffic to Tor using an NEPacketTunnelProvider and tun2tor. An NEPacketTunnelProvider is analogous to a utun (userspace network tunnel) interface. Tor.framework is used to communicate with and start the tor instance from both the app and the extension.

Things that need work:

  • tun2tor parses packets and handles DNS traffic correctly, but does not forward TCP streams over SOCKS to tor. Reach out to @conradev if you are interested in helping with tun2tor.
  • The UI is neither designed nor implemented. It will be one screen with very simple controls. Taking mockups/pull requests for either! Create Github issues for now.
  • There is no icon or any branding (the name is not even final).
  • Tor currently exceeds the 5 MB memory limit set on packet provider extensions by Apple (rdar://26908158). Until this is fixed, iCepa's extension will crash. If you have a jailbroken device, you can circumvent this with jetsamctl. Possible solutions include increasing the use of memory mapping in tor. The memory limit was raised to 15 MB in iOS 10 beta 2.