Hi, I have an app that works fine with packet-tunnel-provider network extension. But I am not able to distribute it with developer ID signing, so I followed the instructions below https://developer.apple.com/forums/thread/125508?answerId=402187022#402187022 I was able to sign/distribute/notarize my app, but the packet tunnel provider piece of it fails to start because it says "signature check failed: code failed to satisfy specified code requirement(s)" / "Validation of the extension failed". I am attaching a screenshot here. Note that I did not really make any code changes, I just followed the steps by eskimo verbatim - so the question is should I call stuff like "OSSystemExtensionRequest.activationRequest(" from the mainApp or the network extension old style will continue to work as is? I just want to be able to developer sign a simple packet tunnel app thats about it. But I guess the code signing errors are not related to whether I call activationRequest or not

Hi, I use rvictl, but that seems to capture only on PHYSICAL interfaces. I am using a vpn client and I want to capture packets on the virtual tun interface that directs packets to the vpn app. Is there any way to do that ? Something equivalent of tcpdump -i utun2 on macos for example Rgds, Gopa.

So I want to route *every* packet though my software, so I set packetTunnelProvider default route to attract everything to me. And then I terminate tcp/udp, parse the payload, and based on the parsing result, some of the sessions I send to my vpn server at a specific IP, but the rest I just open a socket to the destination that the packet was originally going to, and send the data out via that socket. So for example lets say I get packets to both 1.1.1.1:443 and 2.2.2.2:443 via the packet tunnel provider. I terminate both and decide that I want to send 1.1.1.1:443 to my vpn server, but I send 2.2.2.2:443 on its way by opening a socket to 2.2.2.2:443 and sending the terminated payload out on that socket. So the thing I am not clear from docs or threads is whether 2.2.2.2:443 will get routed back to my packetTunnelProvider again or not ? In the thread below, @eskimo says that "we specifically go out of our way to ensure that traffic from the packet tunnel provider does not go through any other VPN interface" -- and if thats true, thats *awesome*, thats exactly what I want. But at the same time its written that on macos thats not the case. Can someone confirm if thats the case across all apple OSes please ? https://developer.apple.com/forums/thread/76711 Android has this call addDisallowedApplication("app-name") where I can add my own app to that list and it will basically do the same as what @eskimo is referring to above. And thats the functionality I am looking for.