I'm pretty newbie in VPN networking so I've got a conceptual question.
My scenario there's a client that connected to VPN with ruleset that tunnels some packets into remote VPN proxy for analysis and forwarding when the destination is permitted.
This tunnel, in case using encryption based protocol, will wrap each incoming packet with an additional layer that will be verified on the other side using certificate (for example).
The tunnel is also represented by a virtual interface, say we'll use utun0.
So my question relates to the case where a tcp/ip session is being established between the client and some remote service. So as for the outgoing packets I can assume that they will be wrapped with the vpn tunnel layer, and then unwrapped by the vpn itself.
But regarding the incoming packets, they will arrive with the vpn layer, so it first need to be verified by the VPN client, and then inner layer will have to be processes, but that happens on another interface (like the regular en0 which hold the ip of the client).
So first, i'd like to know how does the virtual interface utun0 gets its packets - Perhaps it uses specific port ?
And Second, when a tcp/ip incoming packet arrives to utun0, and its being deciphered by the tunnel client. Does it moves on to the regular interface (en0) unwrapped from it's vpn layer ?
Thanks !