We are not seeing any traffic from iOS to App-Proxy extension. We have a Safari domains specified in the per App App Proxy VPN configuration which is pushed to our device. When we tap on the safari and start loading one of these domains, safari will not load any websites with these domains. But if we load any other websites with any other domain, the websites are loaded properly. But the same behavior works fine and app receives traffic on iOS 17.5.1 and older iOS versions. The issue is observed only on iOS 18 Beta versions.

There is new porperty introduced in iOS 18 Beta for VPN i.e CellularSliceUUID But there is no description available for the same. Could you please let us know how this property can impact VPN? https://developer.apple.com/documentation/devicemanagement/vpn?changes=latest_major&language=objc

[iOS 17] We are trying to configure below Tunnel Provider configuration and we are saving it in NETunnelProviderManager preferences before calling startTunnelWithOptions tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; We are adding an IP in the excludeRoutes which belongs to server address[10.97.6.244]. Please refer the below network settings for VPN IPv4Settings = { configMethod = manual addresses = ( 10.97.4.188, ) subnetMasks = ( 255.255.255.255, ) includedRoutes = ( { destinationAddress = 0.0.0.0 destinationSubnetMask = 0.0.0.0 }, ) excludedRoutes = ( { destinationAddress = 10.97.6.244 destinationSubnetMask = 255.255.255.255 }, ) overridePrimary = NO } Issue: when we are trying to access server address, it's getting tunneled because of that few of our APIs are sending failure and we are unable to connect to VPN. Expected Results : excludedRoutes IPs should go via physical interface. STEPS TO REPRODUCE Configure VPN packet tunnel provider config as mentioned above and add some IPs in excludeRoutes Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” Try to connect to VPN excludeRoutes are tunneled via VA

Requirement: We need to update below tunnel provider properties once VPN is up. Is it possible? includeAllNetworks excludeLocalNetworks enforceRoutes When is the standard time to configure and save the below properties in system preferences? Is it possible to save these properties in system preference when VPN is up? saveToPreferencesWithCompletionHandler If we can change these properties in VPN connected state, When these tunnel provider properties will come into effect?

We are trying to configure split tunnel with tunnel routes with the below Tunnel Provider configuration tunnelProvider.protocolConfiguration.includeAllNetworks = NO; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = YES; We are adding some IPs in the excludeRoutes[10.168.10.182 and 192.168.10.65]. Please refer the below network settings for VPN IPv4Settings = { configMethod = manual addresses = ( 10.168.10.68, ) subnetMasks = ( 255.255.255.255, ) includedRoutes = ( { destinationAddress = 0.0.0.0 destinationSubnetMask = 0.0.0.0 }, ) excludedRoutes = ( { destinationAddress = 192.168.10.65 destinationSubnetMask = 255.255.255.255 }, { destinationAddress = 10.168.10.182 destinationSubnetMask = 255.255.255.255 }, ) overridePrimary = NO } Issue: when we are trying to access excludedRoute's IP [10.168.10.182 and 192.168.10.65] , it's getting tunneled. Expected Results : excludedRoutes IPs should go via physical interface.

iOS 17 issue: I am connecting to VPN connection with configuration as full tunnel which is tunneling all the traffic generated on my device which is expected. This is for Full Tunnel and Tunnel routes: //Below is the NEPacketTunnelProvider configuration tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked until I restart the device. NOTE: This behavior is not seen with iOS 16 and below and things work smooth. Kindly update as soon as possible.

I am connecting to VPN connection with NEPacketTunnelProvider configuration as IncludeAllNetworks=YES; ExcludeLocalNetwork=NO; which is tunneling all the traffic generated on my device which is expected. But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked unless I restart the device. This behavior is not seen with iOS 16 and things work smooth. Kindly update as soon as possible

How to programatically access System Root certificates from non admin account ? The below code throws -25300 error. NSDictionary *query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassCertificate, (__bridge id)kSecAttrLabel: @"somelabel", (__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitAll, (__bridge id)kSecReturnRef: @YES }; CFArrayRef result = NULL; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);

I am using secItemCopyMatching API to find certificates in login, system and System root keychain, But it's not returning me System Root certificates. I am new to this, Could you please guide? NSDictionary *query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassCertificate, (__bridge id)kSecAttrLabel: @"somelabel", (__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitAll, (__bridge id)kSecReturnRef: @YES }; CFArrayRef result = NULL; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);

I have a internet password stored in my keychain with below details: Internet Password Item: Account: user Server: some Ip address(Let's say w.x.y.z) Protocol: htpx But when I use the below code, I receive item not found. But when I remove kSecAttrProtocol attribute from my dictionary, it works. The document says kSecProtocolTypeHTTPProxy corresponds to htpx. Not sure what I am doing wrong, Please guide. I have a dependency on SecProtocolType in my code to look for an internet password in keychain. https://developer.apple.com/documentation/security/secprotocoltype/ksecprotocoltypehttpproxy/ NSString *account = @"user"; NSString *server = @"w.x.y.z"; SecProtocolType protocol = kSecProtocolTypeHTTPProxy; NSDictionary *query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassInternetPassword, (__bridge id)kSecAttrAccount: account, (__bridge id)kSecAttrServer: server, (__bridge id)kSecAttrProtocol:@(protocol), (__bridge id)kSecReturnAttributes: (__bridge id)kCFBooleanTrue, (__bridge id)kSecReturnData: (__bridge id)kCFBooleanFalse, (__bridge id)kSecMatchLimit: (__bridge id)kSecMatchLimitOne }; CFDictionaryRef result = NULL; OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result); if (status == errSecSuccess) { NSDictionary *passwordItem = CFBridgingRelease(result); NSLog(@"Internet Password Item Found:"); } else if (status == errSecItemNotFound) { NSLog(@"Internet Password Item Not Found"); } else { NSLog(@"Error retrieving Internet password: %d (%@)", (int)status, CFBridgingRelease(SecCopyErrorMessageString(status, NULL))); }

With the deprecated SecTrustGetResult API , It used to return a cert chain and cert trust status chain as well for each certificate in the chain. How can we achieve the same using SecTrustGetTrustResult. for cert chain -> there is an API SecTrustCopyAnchorCertificates to retrieve cert chain But no API is there to get cert trust chain. How can we achieve the same? SecTrustGetResult https://developer.apple.com/documentation/security/1396077-sectrustgettrustresult?language=objc SecTrustGetTrustResult https://developer.apple.com/documentation/security/1524331-sectrustgetresult/ SecTrustCopyAnchorCertificates https://developer.apple.com/documentation/security/1401507-sectrustcopyanchorcertificates?language=objc

I am new to security framework. I want to access items only in dynamic keychain for smartCards. And just user keychains in case of some other scenario. But SecKeychainOpen,SecKeychainGetPath and SecKeychainCopyDomainSearchList are deprecated. How do I make sure the secItemCopyMatching only looks for items in specific type of keychain.

I need to store some data of my application in system keychain which should to accessible to all the users in the system. Here is the below sample code : // Create a SecAccessControlRef for a keychain item with access control SecAccessControlRef accessControl = SecAccessControlCreateWithFlags( kCFAllocatorDefault, kSecAttrAccessibleWhenUnlocked, kSecAccessControlUserPresence, NULL ); // Define a query dictionary for a keychain item NSDictionary *query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, (__bridge id)kSecAttrService: @"MyService", (__bridge id)kSecAttrAccount: @"MyAccount", (__bridge id)kSecValueData: [@"MyPassword" dataUsingEncoding:NSUTF8StringEncoding], (__bridge id)kSecAttrAccessControl: (__bridge_transfer id)accessControl, }; // Add the keychain item to the default keychain (login keychain) OSStatus status = SecItemAdd((__bridge CFDictionaryRef)query, NULL); if (status != errSecSuccess) { NSLog(@"Error adding keychain item: %d", (int)status); } I tried using SecKeychainOpen to access the system keychain but SecKeychainOpen is deprecated and I could not find any equivalent latest API to support that. SecKeychainRef systemKeychain; OSStatus status = SecKeychainOpen("/Library/Keychains/System.keychain", &systemKeychain); if (status != errSecSuccess) { NSLog(@"Error opening system keychain: %d", status); } else { SecAccessControlRef accessControl = SecAccessControlCreateWithFlags( kCFAllocatorDefault, kSecAttrAccessibleWhenUnlocked, kSecAccessControlUserPresence, NULL ); NSDictionary *query = @{ (__bridge id)kSecClass: (__bridge id)kSecClassGenericPassword, (__bridge id)kSecAttrService: @"MyService", (__bridge id)kSecAttrAccount: @"MyAccount", (__bridge id)kSecValueData: [@"MyPassword" dataUsingEncoding:NSUTF8StringEncoding], (__bridge id)kSecUseKeychain: (__bridge id)systemKeychain, (__bridge id)kSecAttrAccessControl: (__bridge_transfer id)accessControl, }; // Add the keychain item to the system keychain status = SecItemAdd((__bridge CFDictionaryRef)query, NULL); if (status != errSecSuccess) { NSLog(@"Error adding keychain item to system keychain: %d", (int)status); } if (systemKeychain) { CFRelease(systemKeychain); } } ANY suggestions will be helpful, Please help!

Why kVK_F2 is not equivalent to constant NSF2FunctionKey for F2 key press event, What is equivalent constant of kVK_F2, since carbon framework is deprecated. When I printed the keyCode, The [Event keyCode] against NSF2FunctionKey is 63237(0xF705) whereas for kVK_F2, it prints is 120 which is 0x78. 0x78 seems to be the standard keyboard value for F2 key. Sample code : //@property (nonatomic, strong) id eventMonitor; NSEvent* (^handler)(NSEvent*) = ^(NSEvent *theEvent) { NSEvent *result = theEvent; NSUInteger flags = [theEvent modifierFlags] & NSEventModifierFlagDeviceIndependentFlagsMask; if ((flags & NSEventModifierFlagFunction) && (flags & NSEventModifierFlagCommand) && ([theEvent keyCode] == NSF2FunctionKey)) { NSLog(@"Command + F2 key pressed."); } return result; }; _eventMonitor = [NSEvent addLocalMonitorForEventsMatchingMask:(NSEventModifierFlagFunction | NSEventMaskKeyDown) handler:handler];

I use scode 13 on my local machine and have downloaded xcframeworks and added them manually in my project. I pushed it on github and now when Someone else checks out my branch and have some other xcode version, these frameworks are not building and compilation error is coming for swift compiler. How can I fix it?