Which minimal version of XCode allowing this functionality??? Trying to find any settings that mentioned in WWDC video and my XCode don't have any of it. The XCode 15.1 15C65 on iMac x86 with Ventura 13.6.7

Additional information for the previous post: Mixing Swift and C++ Setup Cpp-Swift Interoperability using CMake

>> Xcode.DebuggerFoundation.AppExtensionToBundleIdentifierMap.watchOS of plug-in com.apple.dt.IDEWatchSupportCore warning: The CFBundleVersion of an app extension (null) must match that of its containing parent app ('0.1'). This one solved. There need to be added into extension Info.plist: <key>CFBundleVersion</key> <string>${A_PROJECT_VERSION}</string> <key>CFBundleShortVersionString</key> <string>${A_PROJECT_VERSION}</string> The code sample is here Continue reserching other troubles.

Got created CMake project template with NetworkExtension with C++/Qt. The template published here For now fighting with this error in Info.plist and Entitlements but CMake project strucutre is working. And project could be built with Xcode and Qt Creator.

Hello! Look below on details mentined by you: That depends on your specific requirements, and you haven’t really posted a lot of details about what those are. One of the possible cases: The company required to use VPN for customers or employees for accessing resources. But company don't want to care about all of internet traffic that goes from them (at least because of money, they don't want to pay for all of traffic from users). The company just wnat that only cpecified resources passing through VPN but any other passing through default. The list of this resources need to be defined somehow in VPN application and be available for publishing in AppStore without restrictions. For now seeking solution to make kind of Selective VPN solution that alows me to define list of resources that is passing through VPN and ignore all other traffic.

If there using of NEFilterDataProvider, could it be there parsed and handled packets, not just forward? For example additionally encrypt and turn it back to network with rule. Could it be done by NEFilterAction?

Rather, they’re trying to use a packet tunnel provider to build some other type of product, like a content filter. Is it correct that you advising to use another type of extension - NEFilterDataProvider? If yes, what kind of limitations is for NEFilterDataProvider? Especially for deployment and publication in AppStore.

Is it correct that if there need only IPs from list, means need to set something like "exclude all" into excludedRoutes and add to included only list of IPs into includedRoutes? And there will be functionality that allow me to handle in VPN only IPs from list? "Exclude all" came into my brain by analogy of firewall rulles when you prohbiting everythin and open only allowed. For this issue allow everything to pass standard and only from list forward to TUN interface. And every packet that came to TUN must be passed through NEPacketTunnelProvider. Is it correct?

The global idea of all of this matter is not to send to VPN all of traffic. There need to send only selected IP adresses to VPN and other via standard network. Is it possible on MacOS and iOS with NEPacketTunnelProvider. Therefore somehow need to detrmine IP and if IP from list send it to VPN if not in list send it to normal network. Is it possible somehow to get raw IP packet and parse the packet itself like it describedon this schema?

Thx a lot

Is it possible not to use per-app VPN if need to determine only IP? Is it possible to determine IP in "general" version of NE that using NEPacketTunnelProvider?

Hello! Haven’t we had that conversation before? Thx for reply. Haven't seen your last message within explanation of how to. This is what been seeking. Thx a lot. Could you send me the link on "3d part tools" thread? Can't find it on forum.

What if my Application written with C++ and CMake is there any examples of how to add subtarget of NE to main CMakeLists.txt?

NE providers have many limits. - Is there any list of all of limits, not just memory?

As far as it known for me there are classical lifecycle of iOS application For me it's a little shadowed: When in classical lifecycle Network Extension running? What should be done for Network Extension in case of Application is in or out of Active/Inactive/Background/Suspended state? What should be done by Application in case of something wrong in Network Extension and how NE could be noticing about own state? Is there any limits for Network Extension? Memory? CPU usage Time? Access to something? Etc ... Is there any examples of "best practice" of how to orginise communication between Application and Network Extension? If there any info that you can send me to help, it would be greate. My application written on C++ with CMake.