Post

Replies

Boosts

Views

Activity

NEPacketTunnelProvider Cannot Be Started
Hi There, I am using NETunnelProviderManager to configure and start a NEPacketTunnelProvider on macOS. Most of time, it works just fine, however, under some edge cases, NEPacketTunnelProvider will not start and NEVPNConnectionStatus changes directly from NEVPNStatusConnecting to NEVPNStatusDisconnected from the NEVPNStatusDidChangeNotification I received. What is the best way to handle this edge case? It seems like normally retry the startVPNTunnelWithOptions:andReturnError: shortly after would just fix the issue somehow. Core logic to start the NEPacketTunnelProvider: ... [manager loadFromPreferencesWithCompletionHandler:^(NSError *loadError) { [self observeConnection:manager.connection]; NSError *error; BOOL success = [manager.connection startVPNTunnelWithOptions:options andReturnError:&error]; NSLog(@"start tunnel succeeded: %d error: %@", success, error); }]; ... - (void)vpnConnectionDidChange:(NSNotification *)notification { NEVPNConnection *connection = (NEVPNConnection *)notification.object; NSLog(@"connection.status: %ld", (long)connection.status); } NEPacketTunnelProvider code to verify the provider is started @implementation MyMacPacketTunnelProvider { - (instancetype)init { NSLog(@"tunnel init"); ... } - (void)startTunnelWithOptions:(NSDictionary<NSString *, id> *)options completionHandler:(void (^)(NSError *_Nullable error))completionHandler { NSLog(@"startTunnelWithOptions called"); Logs when hitting edge case: start tunnel succeeded: 1, andReturnError: (null) connection.status: 2 connection.status: 2 connection.status: 1 connection.status: 1 connection.status: 1 Logs happy path: start tunnel succeeded: 1, andReturnError: (null) connection.status: 2 connection.status: 2 tunnel init startTunnelWithOptions called connection.status: 3 connection.status: 3 In case of an exception, it feels like the VPN service is not enabled. None of the init methods in MyMacPacketTunnelProvider are called. This problem was reported by users. I tested various possible scenarios myself, but none of them reproduced. Users also only have this problem occasionally, and cannot reproduce it stably, nor can they capture related logs. This doesn't look like a code logic problem, is this a bug in the iOS system? Under what circumstances will this problem occur? How can I solve it? Please get back to me with this question ASAP, my client is waiting for me to fix this, thanks.
4
0
622
Apr ’23
VPN cannot start
Sometimes the vpn cannot start on iOS,the key logs : 15:24:30.262377+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Received a start command from LenovoLink[2472] 15:24:30.262402+0800 nesessionmanager Registering session NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)] 15:24:30.262556+0800 nesessionmanager &lt;NESMServer: 0x143e07e40&gt;: Register Enterprise VPN Session: NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)] 15:24:30.262589+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Successfully registered 15:24:30.262638+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)] in state NESMVPNSessionStateUpdating: received start message ... 15:24:51.343767+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: State timer (300 seconds) fired in state NESMVPNSessionStateUpdating 15:24:51.344305+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)] in state NESMVPNSessionStateUpdating: timed out 15:24:51.345617+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Leaving state NESMVPNSessionStateUpdating 15:24:51.348733+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Entering state NESMVPNSessionStateDisposing, timeout 5 seconds 15:24:51.349478+0800 nesessionmanager net.memenet.WeLine[426]: disposing 15:24:51.351587+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: status changed to disconnecting 15:24:51.357284+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Resetting VPN On Demand 15:24:51.358434+0800 nesessionmanager net.memenet.WeLine[426]: Tearing down agent connection 15:24:51.359272+0800 nesessionmanager Found 0 (0 active) registrations for net.memenet.WeLine.provider (com.apple.networkextension.packet-tunnel) 15:24:51.360821+0800 nesessionmanager net.memenet.WeLine[426]: XPC connection went away 15:24:51.362919+0800 nesessionmanager NEVPNTunnelPlugin(net.memenet.WeLine[inactive]): Tearing down plugin connection 15:24:51.408596+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Plugin is installed 15:24:51.408807+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)] in state NESMVPNSessionStateDisposing: plugin NEVPNTunnelPlugin(net.memenet.WeLine[inactive]) dispose complete 15:24:51.408936+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)] in state NESMVPNSessionStateDisposing: all plugins have disposed 15:24:51.409192+0800 nesessionmanager NEVPNTunnelPlugin(net.memenet.WeLine[inactive]): Tearing down plugin connection 15:24:51.409316+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Leaving state NESMVPNSessionStateDisposing 15:24:51.409441+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: Entering state NESMVPNSessionStateIdle 15:24:51.409750+0800 nesessionmanager NESMVPNSession[Primary Tunnel:WeLine SDVN:9A1A565B-4DEA-4ED6-A954-11E04B44CFFC:(null)]: status changed to disconnected, last stop reason Stop command received it seems the packet tunnel provider is not started because of a XPC error?
1
0
518
Jun ’23
Path was denied by NECP policy
When I started to connect to the VPN on iOS, the following error occurred: { kind = 1; new = "\n status = unsatisfied\n reasonCode = 2\n reason = Path was denied by NECP policy\n isViable = NO\n isExpensive = NO\n isConstrained = NO\n clientID = 46C17BDD-6CA1-422D-969C-F504D234E1D4\n mtu = 0"; old = "\n status = satisfied\n reasonCode = 0\n reason = Path is satisfied\n isViable = NO\n isExpensive = YES\n isConstrained = NO\n clientID = 46C17BDD-6CA1-422D-969C-F504D234E1D4\n mtu = 1450"; } “Path was denied by NECP policy”, What does this error mean?
1
0
671
Jun ’23