Some APP want to hide their real server domain and IP, avoid DDoS attack or something else, so we build a proxy server , running inside app, proxy app's network traffic, but this is not enough.
We want this proxy server become the real search to app, and handshake with the APP, so need a domain to make dns resolve to localhost (127.0.0.1).
Post
Replies
Boosts
Views
Activity
the full log is :
Nov 25 09:40:47 nesessionmanager[194] <Notice>: <NESMServer: 0x100a04550>: Register Enterprise VPN Session: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Successfully registered
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: status changed to connecting
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)] in state NESMVPNSessionStateIdle: received start message
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Leaving state NESMVPNSessionStateIdle
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Entering state NESMVPNSessionStatePreparingNetwork
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Leaving state NESMVPNSessionStatePreparingNetwork
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Entering state NESMVPNSessionStateStarting
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.wangsu.securelink[inactive]) started with PID 0 error (null)
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Leaving state NESMVPNSessionStateStarting
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Entering state NESMVPNSessionStateStopping, timeout 20 seconds
Nov 25 09:40:47 nesessionmanager[194] <Notice>: <NESMServer: 0x100a04550>: Request to uninstall session: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: status changed to disconnecting
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Updated network agent (inactive, compulsory, not-user-activiated, not-kernel-activated)
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Leaving state NESMVPNSessionStateStopping
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Entering state NESMVPNSessionStateDisposing, timeout 5 seconds
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)] in state NESMVPNSessionStateDisposing: plugin NEVPNTunnelPlugin(com.wangsu.securelink[inactive]) dispose complete
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)] in state NESMVPNSessionStateDisposing: all plugins have disposed
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Leaving state NESMVPNSessionStateDisposing
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: Entering state NESMVPNSessionStateIdle
Nov 25 09:40:47 nesessionmanager[194] <Notice>: NESMVPNSession[Primary Tunnel:SecureLink:28390857-B967-4AC2-BEDC-8EC6198F0A43:(null)]: status changed to disconnected, last stop reason Plugin failed
The iOS version is 14.0.1, and most of the device has this problem is 14.0.1
And this the system log about VPN:
Nov 25 15:31:27 mediaserverd(AudioToolbox)[33] <Notice>: SSServerImp.cpp:1242:SystemSoundServerKillSoundsForPID: pid 361(PacketTunnelApp)
Nov 25 15:31:27 mediaserverd(AudioToolbox)[33] <Notice>: SSServerImp.cpp:1242:SystemSoundServerKillSoundsForPID: pid 361(PacketTunnelApp)
Nov 25 15:31:27 ReportCrash[352] <Notice>: osa_update: Pid 361 'PacketTunnelApp' CORPSE: Parsing KCData
Nov 25 15:31:27 osanalyticshelper(OSAnalytics)[283] <Notice>: Process PacketTunnelApp [361] killed by jetsam reason per-process-limit
Nov 25 15:31:27 ReportCrash[352] <Notice>: osa_update: Pid 361 'PacketTunnelApp' CORPSE: Extracting
Nov 25 15:31:27 ReportCrash[352] <Notice>: osa_update: Pid 361 'PacketTunnelApp' CORPSE: Capture Complete
Nov 25 15:31:27 ReportCrash[352] <Notice>: Formulating fatal report for corpse[361] PacketTunnelApp
Finally, I fix this problem. After delete some Third-party libraries and remove some unnecessary classes,
The IPA from the testflight work find ( this bug won't show by debug mode or local install IPA)
Could you tell me, is there any way to avoid this problem happen again( like how many OC classes in VPN process is safe, or should keep the VPN pack below a specific size)。
Not work for me to ,
[[NSNotificationCenter defaultCenter] addObserver:self selector:@selector(__onRadioAccessTechonologyDidChanged) name:CTServiceRadioAccessTechnologyDidChangeNotification object:nil];
__onRadioAccessTechonologyDidChanged not called, when i switch 5G to 4G in IOS Setting
The trick here is to have the user trigger a sysdiagnose log as soon as they see the problem. Then can then pass this on to your for analysis. For more information about this, see Your Friend the System Log.
this can get entire iOS system log ? I don't find the way to do this after I read the documents.
I said before:
because APP can't get the iOS system log
means, the log of my app is no useful, because the APP seems ok.
The job to start the NetworkExtension Process is not the host APP( MY APP).
Host APP only setup the configuration and call the system API, and the log of my app show nothing wrong here.
The log of my APP shows: when after call startVPNTunnelWithOptions: success, the NEVPNStatus change from NEVPNStatusDisconnected to NEVPNStatusConnecting (from NEVPNStatusDidChangeNotification) but long time (about 1 mins) the VPN Process not created, and status change to disconnect.
So I think if i want to known why the VPN process not create success, I need to got the entiry iOS system log, this may show why the iOS system start the process fail.
Thanks for your help, I got a issue log
the issue log
It seems to be stuck by nw_path_necp_update_evaluator_block_invoke
could you tell me what is this, and how can I avoid this.
What platform are you testing on?
iOS
I’m confused by your goal here. If an app creates a connection to a peer that’s directly connected to the local Wi-Fi, why does your VPN need to get involved?
Because our APP not only provides a VPN service to users, but also provides a safe access environment.
So we need access control for the device.
So we don't want any traffic from the device to bypass our VPN and go straight out.
OK, so you see, this is why Matt wrote TN3120 Expected use cases for Network Extension packet tunnel providers. When you try to use a packet tunnel provider as a content filter, you will run into all sorts of weird and wonderful problems. This is just one example of such problems.
Thanks. I understand, so if we want both VPN and traffic control, we must use different provider to achieve it.
Please ignore or delete this post. I intended to publish something else, but after clicking the submit button, there was no response, so I tested by posting this message.
I have found the reason why it didn't work. It seems that the content cannot contain Apple's domain name.
The user is unwilling to cooperate in obtaining the logs. We only have information that the user's iOS system is 16.0.3 and the device model is iPhone13,4. We hope this helps you.
After explaining the purpose of the VPN to the reviewer, it has been approved. The End....
How does your SDK work? Does it implement a HTTP proxy? Or is it using an NSURLProtocol subclass? Or something else?
This SDK listens to 2 ports and implements an HTTP/HTTPS proxy locally.
Then, NSURLSession is asked to proxy requests through by setting the proxy configuration of NSURLSessionConfiguration.
Currently, we are not using NSURLProtocol.
This issue, specifically, tends to occur after the first launch of an installed APP.