Post

Replies

Boosts

Views

Activity

iOS 17: VPN configured as Full tunnel with Tunnel routes blocking the internet connection across the device. Need to restart the device to bring internet connection back
Issue Description: When VPN packet tunnel provider is configured as Full tunnel with Tunnel routes as below, tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; and saved to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” After saving the configuration to preferences and after receiving the NEVPNConfigurationChangeNotification we are starting the tunnel using “startVPNTunnelWithOptions”. Not able to connect to VPN only from iOS 17 and above devices and internet is getting blocked throughout the device after trying to the start tunnel. Once this issue is occurred, need to restart the device to get the internet connection back. On iOS 16 and Below: Able to successful connect and start VPN tunnel. On iOS 17 and Later: Not able to connect to VPN. VPN tunnel status is getting changed from connecting to disconnected. Internet on the device is getting blocked after VPN gets disconnected. Need to restart the device to get the internet connection back. We can see the below device console logs: After applying the above NETunnelProviderManager preferences and starting the tunnel, we can see that the VPN status is changed to connecting, 14:59:22.599515+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to connecting Later we can see the status is getting changed to Disconnected: 14:59:23.588634+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to disconnected, last stop reason None 14:59:23.589042+0530. nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: Updated network agent (inactive, compulsory, not-user-activiated, not-kernel-activated) After this receiving the NEVPNStatusChanged notification in our application and NEVPNStatus is changed to Disconnected. When checked the reason for disconnect using “fetchLastDisconnectErrorWithCompletionHandler” on NEVPNConnection, we can see below Error string : The VPN session failed because an internal error occurred Error code : 12 After sometime I see that the VPN status is again changed back to connecting, 14:59:24.615125+0530 nesessionmanager NESMVPNSession[Primary Tunnel:bng-pcs-gateway.pulsesecure.net/pulse:24711A15-54C6-44C7-987D-65B7BFF3F294:(null)]: status changed to connecting But by this time there is no internet connection across device. Steps to reproduce: Configure VPN packet tunnel provider as Full tunnel with Tunnel routes(as mentioned above) Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” Try to connect to VPN From iOS 17 and above its observed that, not able to connect to VPN and internet connection in the device is getting blocked Queries: From the above observation my queries are, Why are we receiving the Disconnected state during connection? Why is this issue occurring only with iOS 17 and above device? What changes specifically done around tunnel from iOS 17 and above?
1
0
656
Mar ’24
VPN Tunnel is moved to Disconnected state after 5 mins in Reasserting state when no network
Issue Description: I have an iOS VPN application. When VPN tunnel is in connected state and network goes off, it’s designed to stay in reasserting state until network is back. But with iOS 17 and later tunnel is moved to disconnected state after 5 mins in reasserting state when no network. Logs on iOS 16 and Below: Upto iOS 16 and below, When tunnel is in connected state and network goes off, VPN state is moved to reasserting state and it stays in this state until network is back. We can see below device console logs: Entering state NESMVPNSessionStateReasserting status changed to reasserting Logs on iOS 17 and Later: But from iOS 17 and later, When tunnel is in connected state and network goes off, VPN state is moved to reasserting state and it stays in this state for 5 mins and later moved to disconnected state when no network. We can see below device console logs: Entering state NESMVPNSessionStateReasserting, timeout 300 seconds status changed to reasserting We can see a timeout of 300 secs added from iOS 17 and later. Because of this new change in iOS 17 and later, end users using my application have to connect back to VPN when network is back(Since tunnel is in disconnected state). Steps to reproduce: Connect to VPN when network is reachable Turn off network (WiFi, Mobile data) Application is moved to reasserting state. It will be in reasserting state for 5 mins Later application is moved to disconnected state. Queries: From the above observation my queries are, Is there a way to keep VPN tunnel in reasserting state even after 5 mins when no network from iOS 17 and later ? (To get the same behaviour as iOS 16 and below) Why is the timeout of 300 secs added from iOS 17 and later ? What benefit this is giving ? Is there any document related to this timeout change added from iOS 17 and later ?
3
1
992
Jan ’24
File Sharing: ‘Open in App’ option is not available along with Share extension from iOS 16 and above
Hi, My iOS app used to import say abc.xyz file using ‘Open in App’ option which is achieved using Uniform Type Identifiers(UTI). This abc.xyz file was attached and shared via an email client. [Note: My app also has Share extension to import other file type] Upto iOS 15, When I try to import this file to my app I can see 2 options(Expected behaviour): Open in app Share with app But from iOS 16 and above(latest iOS 17 beta 4), I can only see below option, Share with app To debug further, I created a project(iOS 17 beta 4) and added UTI support for abc.xyz file format(Same as above). When the same file is attached in email client and try to import to app, I can see below option, Copy to app When this file is saved locally(on device) and later try to import from the Files folder, I can see below option, Open in app But the moment I add Share extension(Which is the requirement of my app), the only option to import file is Share with app From the above observation my queries are, Why there is behavioural change from iOS 16 and above when showing the options to import file ? Has “Open in app” option removed when Share extension is present in app from iOS 16 and above ? Does that mean when Share extension target is added in project the only way to import files is via Share extension from iOS 16 and above ? Or can you please suggest if any extra parameters to be added to info.plist from iOS 16 and above to support both options i.e., Open in app & Share with app ?
0
1
1.1k
Aug ’23
Proxy set on IPv4 Split tunnel includedRoutes are not going via proxy
Hi, I have Split tunnel and Proxy configured in Network extension as below, I have three IPv4 Split tunnel addresses say as x.x.x.x, y.y.y.y and z.z.z.z set as includedRoutes in IPv4Settings on NEPacketTunnelNetworkSettings. I have configured Automatic proxy using NEProxySettings where proxy server is running at my-proxy.com:8080. My PAC file is written in such a way that when traffic matches the Split tunnel IPv4 address say as y.y.y.y (which is one of the includedRoutes) to go via proxy. Below are the observations made, Traffic matching these includedRoutes x.x.x.x, y.y.y.y and z.z.z.z are routed through the virtual interface used by the VPN tunnel (which is as expected). But IPv4 address y.y.y.y (which is inside the VPN Split tunnel) which was supposed to go via proxy is not actually going via proxy. So, How is Proxy set on Split tunnel rule expected to work? or How is traffic excepted to route when Proxy is set on one or many of the includedRoutes in NEPacketTunnelNetworkSettings? I am using Safari browser for accessing resources.
2
0
1.5k
Mar ’21
Automatic proxy in NEProxySettings is bypassed when proxy server is down.
Hi, I am trying to configure either Manual or Automatic proxy in Network extension using NEProxySettings in NEPacketTunnelNetworkSettings. Below are my observations made when proxy is configured, Manual proxy When Proxy server is reachable: resources are accessible When Proxy server is not reachable: resources are inaccessible (expected behaviour). Automatic proxy either using javascript(proxyAutoConfigurationJavaScript) or URL(proxyAutoConfigurationURL) When Proxy server is reachable: resources are accessible When Proxy server is not reachable: proxy is bypassed and resources are accessible To check this behaviour, I tried configuring proxy in Wi-Fi Settings and when proxy server is down below are the observations made, Manual proxy: resources are inaccessible Automatic proxy: When PAC URL is reachable: resources are inaccessible When PAC URL is not reachable: resources are accessible Which is having different behaviour compared to Network extension’s proxy settings. How is Automatic proxy designed to work in NEProxySettings when proxy server is down? How can I get the same behaviour as Manual proxy(not bypassing proxy) in Automatic proxy when proxy server is down? I am using Safari browser for accessing resources.
10
0
2.8k
Mar ’21