Post

Replies

Boosts

Views

Activity

Activating System Extension fails with OSSystemExtensionErrorExtensionNotFound
I am trying to activate a Network System Extension (Packet Tunnel), but all I get is OSSystemExtensionErrorDomain Code=4 "Extension not found in App bundle". Tried passing in different extension identifiers (prefixed with team ID, no team ID, prefixed with app-group, etc) with no luck.I can confirm that the sysex is in app bundle at /Applications/app_name.app/Contents/Library/SystemExtensions/sysex name.systemextensionApp and sysex are signed with Developer ID certificate and Notarized.What am I missing?App entitlements:<key>Entitlements</key> <dict> <key>com.apple.developer.ubiquity-container-identifiers</key> <array> <string>...redacted...</string> <string>...redacted...</string> </array> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> </array> <key>com.apple.application-identifier</key> <string>TEAM_ID.com.company.appabc</string> <key>keychain-access-groups</key> <array> <string>TEAM_ID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAM_ID</string> <key>com.apple.developer.ubiquity-kvstore-identifier</key> <string>TEAM_ID.*</string> <key>com.apple.developer.icloud-services</key> <string>*</string> <key>com.apple.developer.icloud-container-environment</key> <string>Production</string> <key>com.apple.developer.aps-environment</key> <string>production</string> <key>com.apple.developer.icloud-container-identifiers</key> <array> <string>iCloud.com.company.appabc</string> <string>iCloud.com.company.appabc</string> </array> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> </dict>SysEx entitlements:<key>Entitlements</key> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> </array> <key>com.apple.application-identifier</key> <string>TEAM_ID.com.company.appabc.PacketTunnelName</string> <key>keychain-access-groups</key> <array> <string>TEAM_ID.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAM_ID</string> </dict>App Info.plist<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>BuildMachineOSBuild</key> <string>19E287</string> <key>CFBundleDevelopmentRegion</key> <string>en</string> <key>CFBundleDisplayName</key> <string>AppAbc</string> <key>CFBundleExecutable</key> <string>AppAbc</string> <key>CFBundleIconFile</key> <string>macOS_AppIcon</string> <key>CFBundleIconName</key> <string>macOS_AppIcon</string> <key>CFBundleIdentifier</key> <string>com.company.appabc</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>AppAbc</string> <key>CFBundlePackageType</key> <string>APPL</string> <key>CFBundleShortVersionString</key> <string>1.2.3</string> <key>CFBundleSupportedPlatforms</key> <array> <string>MacOSX</string> </array> <key>CFBundleVersion</key> <string>123</string> <key>DTCompiler</key> <string>com.apple.compilers.llvm.clang.1_0</string> <key>DTPlatformBuild</key> <string>11E146</string> <key>DTPlatformVersion</key> <string>GM</string> <key>DTSDKBuild</key> <string>19E258</string> <key>DTSDKName</key> <string>macosx10.15</string> <key>DTXcode</key> <string>1140</string> <key>DTXcodeBuild</key> <string>11E146</string> <key>ITSAppUsesNonExemptEncryption</key> <false/> <key>LSApplicationCategoryType</key> <string>public.app-category.productivity</string> <key>LSBackgroundOnly</key> <false/> <key>LSMinimumSystemVersion</key> <string>10.12</string> <key>LSUIElement</key> <false/> <key>NSHumanReadableCopyright</key> <string>Copyright...</string> <key>NSPrincipalClass</key> <string>NSApplication</string> <key>UIDeviceFamily</key> <array> <integer>1</integer> <integer>2</integer> </array> </dict> </plist>SysEx Info.plist<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>BuildMachineOSBuild</key> <string>19E287</string> <key>CFBundleDevelopmentRegion</key> <string>en</string> <key>CFBundleDisplayName</key> <string>AppAbc. Tunnel</string> <key>CFBundleExecutable</key> <string>AppAbc. Tunnel sysex</string> <key>CFBundleIdentifier</key> <string>com.company.appabc.PacketTunnel-Tunnel</string> <key>CFBundleInfoDictionaryVersion</key> <string>6.0</string> <key>CFBundleName</key> <string>AppAbc. Tunnel sysex</string> <key>CFBundlePackageType</key> <string>SYSX</string> <key>CFBundleShortVersionString</key> <string>1.2.3</string> <key>CFBundleSupportedPlatforms</key> <array> <string>MacOSX</string> </array> <key>CFBundleVersion</key> <string>123</string> <key>DTCompiler</key> <string>com.apple.compilers.llvm.clang.1_0</string> <key>DTPlatformBuild</key> <string>11E146</string> <key>DTPlatformVersion</key> <string>GM</string> <key>DTSDKBuild</key> <string>19E258</string> <key>DTSDKName</key> <string>macosx10.15</string> <key>DTXcode</key> <string>1140</string> <key>DTXcodeBuild</key> <string>11E146</string> <key>LSMinimumSystemVersion</key> <string>10.12</string> <key>LSUIElement</key> <true/> <key>NSHumanReadableCopyright</key> <string>Copyright ...</string> <key>NSSystemExtensionUsageDescription</key> <string>System Extension enables AppAbc app to connect using Tunnel protocol.</string> <key>NetworkExtension</key> <dict> <key>NEMachServiceName</key> <string>TEAM_ID.app_group.PacketTunnel-Tunnel</string> <key>NEProviderClasses</key> <dict> <key>com.apple.networkextension.packet-tunnel</key> <string>AppAbc__Tunnel_sysex.AATunnelPacketTunnelProvider</string> </dict> </dict> <key>UIDeviceFamily</key> <array> <integer>1</integer> <integer>2</integer> </array> </dict> </plist>
7
0
3.4k
May ’20
System Extension app-group entitlement issue
I am trying to run a Network System Extension (Packet Tunnel) that is successfully running as MAS Network Extension, but I'm facing a problem that neither app nor sysex gets app-group entitlement. Probably because of that my sysex can't find keychain items saved by the app.taskgated-helper ConfigurationProfiles Unsatisfied entitlements: com.apple.security.application-groupsI have app-groups configured in xcode for both targets, but provisioning profiles doesn't include them even though I have them selected on app ID's.I'm also getting a bunch of Security errors and NetworkExtension for some reason reports "Signature check failed: invalid signature (code or signature have been modified)"default 17:34:48.935971+0300 sysextd sysextd Extension point confirmed that extension com.company.appAbc.PacketTunnel-OpenVPN is runnable. default 17:34:58.929349+0300 AppAbc Security Adding securityd connection to pool, total now 3 default 17:35:06.957159+0300 AppAbc NetworkExtension Saving configuration AppAbc with existing signature (null) default 17:35:07.168468+0300 AppAbc NetworkExtension Successfully saved configuration AppAbc default 17:35:07.192204+0300 AppAbc NetworkExtension Received a com.apple.neconfigurationchanged notification with token 38 default 17:35:07.308162+0300 AppAbc NetworkExtension Saving configuration AppAbc with existing signature {length = 20, bytes = 0xa032bdd71140be2af6788e2dc77930a115c17b25} default 17:35:07.329977+0300 AppAbc NetworkExtension Received a com.apple.neconfigurationchanged notification with token 38 default 17:35:07.330511+0300 AppAbc NetworkExtension Successfully saved configuration AppAbc default 17:35:07.336086+0300 AppAbc NetworkExtension Saving configuration AppAbc with existing signature {length = 20, bytes = 0x45e64b4ed5b0a1ad6061e3ba5cc05dddd003cd52} default 17:35:07.382735+0300 AppAbc NetworkExtension Received a com.apple.neconfigurationchanged notification with token 38 default 17:35:07.383265+0300 AppAbc NetworkExtension Successfully saved configuration AppAbc default 17:35:07.518667+0300 taskgated-helper ConfigurationProfiles allowing entitlement(s) for com.company.appAbc.PacketTunnel-OpenVPN due to provisioning profile (isUPP: 1) error 17:35:07.526352+0300 taskgated-helper ConfigurationProfiles com.company.appAbc.PacketTunnel-OpenVPN: Unsatisfied entitlements: com.apple.security.application-groups error 17:35:07.526380+0300 taskgated-helper ConfigurationProfiles Disallowing: com.company.appAbc.PacketTunnel-OpenVPN default 17:35:08.781878+0300 secinitd secinitd com.company.appAbc.PacketTunnel-OpenVPN[95856]: root path for bundle "" of main executable "" default 17:35:09.165083+0300 secinitd secinitd com.company.appAbc.PacketTunnel-OpenVPN[95856]: AppSandbox request successful default 17:35:09.240267+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.251136+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.253611+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.255763+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.259015+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.263010+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.267611+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.270637+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.273530+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.277920+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.283042+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.291778+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.296948+0300 com.company.appAbc.PacketTunnel-OpenVPN Security Adding securityd connection to pool, total now 1 default 17:35:09.296956+0300 com.company.appAbc.PacketTunnel-OpenVPN Security got event: Connection invalid default 17:35:09.297116+0300 com.company.appAbc.PacketTunnel-OpenVPN Security Failed to talk to secd after 4 attempts. default 17:35:09.297573+0300 com.company.appAbc.PacketTunnel-OpenVPN Security using system preferences default 17:35:09.299722+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.303518+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.305860+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.308235+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.310523+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.314336+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.318363+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.320930+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.323378+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.325901+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.328656+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.332580+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.346565+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.352010+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.354244+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.356355+0300 com.company.appAbc.PacketTunnel-OpenVPN Security Failed to talk to secd after 4 attempts. default 17:35:09.356903+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:09.360582+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:09.364850+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:09.368221+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CMSDecoderCopySignerStatus failed with kCMSSignerInvalidSignature error (3) default 17:35:09.368253+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -67061 default 17:35:09.369765+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension Signature check failed: invalid signature (code or signature have been modified) default 17:35:09.533751+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: Calling startTunnelWithOptions with options 0x7fb447a0c640 default 17:35:09.636368+0300 kernel Sandbox Sandbox: 7 duplicate reports for com.company.appA deny(1) file-write-data /private/var/db/mds/system/mds.lock default 17:35:13.275423+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: provider set tunnel configuration to (null) default 17:35:13.298472+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: provider set tunnel configuration to { ... } default 17:35:13.760461+0300 com.company.appAbc.PacketTunnel-OpenVPN CoreFoundation Attempting to add source to main runloop, but the main thread has exited. This message will only log once. Break on _CFRunLoopError_MainThreadHasExited to debug. default 17:35:14.230487+0300 com.company.appAbc.PacketTunnel-OpenVPN Security MacOS error: -25337 default 17:35:14.236639+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: 3 unknown error 3=3 default 17:35:14.244544+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:14.249541+0300 com.company.appAbc.PacketTunnel-OpenVPN Security CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR default 17:35:14.300451+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: provider set tunnel configuration to (null) error 17:35:14.315789+0300 com.company.appAbc.PacketTunnel-OpenVPN CocoaLumberjack [Error] [openvpn-adapter.connection] [AAOpenVPNPacketTunnelProvider.swift:304] openVPNAdapter(_:handleError:) > [OVPN] Did recieve fatal error: Error Domain=me.ss-abramchuk.openvpn-adapter.error-domain Code=70 "Failed to establish connection with OpenVPN server" UserInfo={NSLocalizedDescription=Failed to establish connection with OpenVPN server, me.ss-abramchuk.openvpn-adapter.error-key.message=ClientState::attach() can only be called once per ClientState instantiation, me.ss-abramchuk.openvpn-adapter.error-key.fatal=true, NSLocalizedFailureReason=Unknown error.} error 17:35:14.326776+0300 com.company.appAbc.PacketTunnel-OpenVPN CocoaLumberjack [Error] [openvpn-adapter.connection] [AAPacketTunnelProvider.swift:68] cancelTunnelWithError(_:) > Canceling tunnel due to the error: Error Domain=me.ss-abramchuk.openvpn-adapter.error-domain Code=70 "Failed to establish connection with OpenVPN server" UserInfo={NSLocalizedDescription=Failed to establish connection with OpenVPN server, me.ss-abramchuk.openvpn-adapter.error-key.message=ClientState::attach() can only be called once per ClientState instantiation, me.ss-abramchuk.openvpn-adapter.error-key.fatal=true, NSLocalizedFailureReason=Unknown error.} default 17:35:14.351120+0300 com.company.appAbc.PacketTunnel-OpenVPN NetworkExtension [Extension com.company.appAbc]: IPC detached default 17:35:14.357134+0300 AppAbc NetworkExtension Last disconnect error for AppAbc changed from "none" to "Failed to establish connection with OpenVPN server"
5
0
7.4k
Jun ’20
Failed to register Personal IncludeAllNetworks VPN Session NESMIKEv2VPNSession
I am trying to add IncludeAllNetworks to a fully working IKEv2 config but the tunnel fails to start with strange log messages. I've tried removing mentioned enterprise vpn profiles until I reached one I don't want to remove. What is happening? default 19:05:54.374664+0200 nesessionmanager nesessionmanager NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)]: got On Demand start message from pid 97846 default 19:05:54.374756+0200 nesessionmanager nesessionmanager NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)]: Received a start command from com.apple.preference.network.re[97846] default 19:05:54.374818+0200 nesessionmanager nesessionmanager Registering session NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)] info 19:05:54.375046+0200 nesessionmanager nesessionmanager NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)]: enabled = 1 default 19:05:54.375325+0200 nesessionmanager nesessionmanager <NESMServer: 0x7f883ff05e80>: Failed to register Personal IncludeAllNetworks VPN Session NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)] due to Enterprise VPN session NESMLegacySession[SomeVPN:XXXX-***-XXXX-XXXX-XXXXX] default 19:05:54.375399+0200 nesessionmanager nesessionmanager NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)]: Rejected start command from com.apple.preference.network.re[97846] default 19:05:54.375456+0200 nesessionmanager nesessionmanager NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)]: Removing all clients also default 08:51:29.062799+0200 nesessionmanager nesessionmanager <NESMServer: 0x7f883ff05e80>: Failed to register Personal IncludeAllNetworks VPN Session NESMIKEv2VPNSession[Primary Tunnel:SomeVPN_IKEv2:XXXX-XXXXX-XXXX-***:(null)] due to Enterprise VPN session NESMVPNSession[Primary Tunnel:SomeVPN_2:XXXX-XXXXX-XXXX-***:(null)]
7
0
1.8k
Dec ’20