Post

Replies

Boosts

Views

Activity

iOS VPN: Loss of Internet Connectivity on iOS Device post Packet Tunnel Crashes
Title: Loss of Internet Connectivity on iOS Device When Packet Tunnel Crashes Feedback ticket: https://feedbackassistant.apple.com/feedback/14162605 Product: iPhone 12 Version: iOS - 17.5.1 Configuration: NETunnelProviderManager Configuration Description: We are developing an iOS VPN client and have configured our packet tunnel provider according to Apple's guidelines. The configuration is as follows: includeAllNetworks = YES excludeLocalNetworks = NO enforceRoutes = NO This setup works as expected when the VPN successfully connects. However, we encounter a blocker issue where the device loses internet connectivity if the packet tunnel crashes. Steps to Reproduce: Configure the NETunnelProviderManager with the above settings. Connect the VPN, which successfully establishes a connection. Verify that resources are accessible and internet connectivity is functional. Packet tunnel to crash unexpectedly.Observe that the NE process (Packet Tunnel) restarts automatically, as expected and attempts to reconnect the VPN; however, the device now lacks internet connectivity, preventing VPN reconnection. Try accessing resources using Safari or any other internet-dependent app, resulting in an error indicating the device is not connected to the internet. Actual Results: The device loses internet connectivity after the packet tunnel crashes and fails to regain it automatically, preventing the VPN from reconnecting. Expected Results: The device should maintain internet connectivity or recover connectivity to allow the VPN to reconnect successfully after the packet tunnel process restarts. Workaround - iPhone device needs a restart to regain internet connectivity .
0
0
384
Jul ’24
iOS VPN Issue -Disconnecting VPN from Packet Tunnel Network Extension Causes Loss of Internet Connectivity
Feedback Ticket: FB13812251 Problem Statement: We are currently facing internet connectivity issue with our VPN application where we try to disconnect the VPN from the Packet Tunnel Network Extension using - (void)cancelTunnelWithError:(nullable NSError *)error. Which API to use to disconnect the VPN from Packet Tunnel as VPN app is not running such that device retains its internet connectivity as soon as VPN disconnects. Configuration: We have configured PacketTunnelProvider with the following settings: (NETunnelProviderManager *)tunnelProvider.protocolConfiguration.includeAllNetworks = YES; (NETunnelProviderManager *)tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; (NETunnelProviderManager *)tunnelProvider.protocolConfiguration.enforceRoutes = NO; These settings are applied from the VPN app and allow us to successfully establish a VPN connection, with all traffic being routed through the tunnel as expected.We are setting above properties to address local net attack. Issue we are facing: However, we encounter a problem when we attempt to disconnect the VPN from. When we call the following method from PacketTunnel network extension: (void)cancelTunnelWithError:(nullable NSError *)error Upon calling this method, the VPN disconnects as expected, but the device loses all internet connectivity and is unable to access any resources. This is not the desired behavior. Observation : Interestingly, when we call the following method from the app side. The VPN disconnects and the device retains its internet connectivity. [enabledConfig.connection stopVPNTunnel]; We would like to achieve the same behavior when disconnecting the VPN from the Network Extension. So we are looking for an API that could be called from NE without causing any internet connectivity issue. Any guidance on how to resolve this issue would be greatly appreciated.
2
0
409
Jun ’24
iOS VPN Issue - Internet Unavailability Post VPN Disconnection with Full Tunnel configuration
Experiencing an internet connectivity issue on iPhone device with one of iOS VPN configuration in PacketTunnelProvider. We have set up a full tunnel route configuration as follows: _pcktTunProvider.protocolConfiguration.includeAllNetworks = YES; _pcktTunProvider.protocolConfiguration.excludeLocalNetworks = NO; _pcktTunProvider.protocolConfiguration.enforceRoutes = NO; With these settings, the VPN successfully establishes a connection, and all traffic is routed through the tunnel as expected. Issue we are facing: However, we encounter a problem when we attempt to disconnect the VPN. When we call the following method from PacketTunnel network extension: (void)cancelTunnelWithError:(nullable NSError *)error The VPN disconnects, but the device loses all internet connectivity and is unable to access any resources. What we have tried: We have also tried using the following method with the same result:       - (void)stopTunnelWithReason:(NEProviderStopReason)reason completionHandler:(void (^)(void))completionHandler Interestingly, when we call the following method from the app side. The VPN disconnects and the device retains its internet connectivity. [enabledConfig.connection stopVPNTunnel]; But for our use case we cant call stopVPNtunnel from App if App is not running so looking for a solution that could clear the tunnel from NE as cancelTunnelWithError Api causes internet blocker issue. One more similar ticket here: https://forums.developer.apple.com/forums/thread/730689
2
1
469
May ’24
Compatibility of Low-Level Socket APIs with Mapped IPv6 Addresses
I am currently working on an application that communicates with an IPv4 node in an IPv6-only network. During DNS resolution for the server node on JIO and T-Mobile networks, I am receiving IPv4 and mapped IPv6 addresses. In my application, I am using these mapped IPv6 addresses in two different contexts: For high-level API calls on the app side, I am using URLSession API (in either Objective-C or Swift). For another target(c/c++), I am making low-level socket API calls(bind etc). These calls use the address passed from the app layer. As node is resolved to IPV4 and mapped IPv6 addresses My question is: Are low-level Socket APIs(bind etc) compatible with these mapped IPv6 addresses (example 64:ff9b::103.135.122.10)? Mapped IPv6 with Well know perfix(64:ff9b) Please provide the document/rfc reference for the same. Any guidance or resources on this topic would be greatly appreciated.
3
1
467
Jan ’24
BSD Sockets APIs compatibility with IPv4-mapped IPv6 addresses
I'm interested in whether SOCKET APIS like bind, accept, and connect can seamlessly work with a mapped IPv6 address like 64:ff9b::103.135.122.10 or any other IPv4-mapped IPv6 addresses? I've consulted the following thread for reference and it is stated: We do not support under-the-sockets bump-in-API (RFC 3338) and we do not support 464XLAT... https://developer.apple.com/forums/thread/5643. If it can support, what is above thread about?
1
0
385
Feb ’24
Inquiry about Address Ordering in CFHostGetAddressing Function
I have a query regarding the CFHostGetAddressing function that I'm using to retrieve addresses from a host. Specifically, I am curious about the predefined order of IPs in the array returned by this function when multiple IPs are present for a host. Here are my questions: In the case where both IPV6 and IPV4 addresses are present for a host, does the CFHostGetAddressing function return the addresses array with IPV6 at the 0th index and IPV4 following it? If a mapped IPv6 address is present along with an IPV4 address, does the function prioritize placing the mapped IPv6 address first in the addresses array, followed by the IPV4 address? I would appreciate it if someone could provide insights into any defined order for these scenarios. Additionally, if there is documentation or a reference page specifying this order, kindly point me in the right direction. Thank you in advance for your assistance.
2
0
406
Jan ’24
Launch Native iOS from Third party App with Url Session data
Hello everyone, I am working on an iOS app that can be launched from a third party app using a URL scheme. I have implemented this feature and I am able to receive the URL in the openURL method of my app delegate. However, I am facing an issue where the source app identifier is missing in the URL. I would like to know if there is any way to receive the source app identifier along with the URL when launching my app from a third party app. Additionally, I am trying to share session DSID cookies from the third party app to my iOS app. This works fine for Safari, but I am unable to receive the DSID cookies when launching my app from a third party app on iOS 13 and above. I would like to know if there have been any security changes related to DSID cookies in iOS 13 or later that might be affecting my app's ability to receive the cookies. Specifically, are there any changes that impact third-party apps and their ability to share DSID cookies with other apps? I would appreciate any suggestions or advice on how to solve these issues. For context, I am using iOS version 16.4. Thank you in advance for your help.
0
0
260
May ’23