We have configured VPN for Safari domains on iOS. Facebook.com is configured as Safari domain. So ideally VPN should be triggered when Facebook.com is opened. But we found that as soon as Safari is launched with any site, VPN icon appears although traffic is not sent to VPN. E.g. We opened Safari and opened cnn.com and it launched VPN.This gives end user feel that all Safari traffic is being processed. Our expectation is that VPN icon should display only for safari search domains. Is this expected as per Apple design or should I file a bug with Apple?
Post
Replies
Boosts
Views
Activity
We use Packet Tunnel under network extension framework on iOS for traffic forwarding. Deployment is per app vpn through MDM.
When there is captive portal network, we clear all include routes(virtual ip is still there) so that end user can authenticate with captive portal network. But to our surprise, traffic is still coming to virtual ip.
Is this expected? Shouldn't traffic go direct when there is no include routes there?
I want to implement Content Filter( NEFilterDataProvider & NEFilterControlProvider ) on iOS. When I tried to configure it Apple Configurator, it says its supported on Supervised devices only.See below screenshot
Has anyone achieved it on Non Supervised devices? If yes, can you please share details?
Is it achievable on MDM managed(Non supervised though) devices only?
While loading preferences from NETunnelProviderManager with API loadAllFromPreferencesWithCompletionHandler , I get error Error Domain=NEVPNErrorDomain Code=5 "IPC failed" UserInfo={NSLocalizedDescription=IPC failed}. This happens very rarely. Any idea what could be leading to this IPC failure.
Sys diagnostics around same time
com.apple.networkextension default 3374 2023-03-31 13:52:27.010705 -0700 TestApp Received a com.apple.neconfigurationchanged notification with token 105
com.apple.networkextension default 3374 2023-03-31 13:52:27.010720 -0700 TestApp Lost connection to nehelper: Connection interrupted
com.apple.networkextension error 3374 2023-03-31 13:52:27.010752 -0700 TestApp Failed to send a 6 message to nehelper: <dictionary: 0x25c06da80> { count = 1, transaction: 0, voucher = 0x0, contents =
"XPCErrorDescription" => <string: 0x25c06dc18> { length = 18, contents = "Connection invalid" }
}
com.apple.networkextension default 3374 2023-03-31 13:52:27.010855 -0700 TestApp Clearing FE1912DC-BC59-4C99-AE90-F5BBB32AA0C0 from the loaded configurations
com.apple.LocalAuthentication default 266 2023-03-31 13:52:27.010965 -0700 coreauthd ACMRequirement of type:1, state:1, flags:0 -> MechanismPasscode[1607]
com.apple.LocalAuthentication default 266 2023-03-31 13:52:27.011014 -0700 coreauthd ACMRequirement of type:3, state:1, flags:0 -> MechanismPearl[1608]
com.apple.BiometricKit default 266 2023-03-31 13:52:27.011023 -0700 coreauthd BKDevice::extendedBioLockoutState:forUser: 0x16f351318 501 (_cid 3711427250)
com.apple.networkextension error 3374 2023-03-31 13:52:27.011158 -0700 TestApp Failed to load configurations: Error Domain=NEConfigurationErrorDomain Code=11 "IPC failed" UserInfo={NSLocalizedDescription=IPC failed}
I am using Safari View Controller for IDP authentication. IDP being used is Microsoft and two factor auth is being used through MFA iOS app.When we approve from from MFA app and our app is in background then after "Approve" Safari redirections are not successful. On the other hand if we approve by interactive notification then redirections are successful which is understandable as app stays in foreground.This issue comes only when app is in background. Both the behaviours are captured in attached video.Please late me know if anything else is needed.
When we try to update our beta app from Testflight then Testflight gets stuck after downloading the ipa. This behaviour is consistent on iOS 13 while on previous versions of iOS its working fine.I debugged through Charles Proxy and found that download ipa is fine but then there is an API(https://testflight.apple.com/v1/apps/intvalue/intvalue/install/status) request to update status of install, that API is not called here.This update fails whether we intercept the traffic or not.Even whole traffic is going direct even then it fails.