is com.apple.managed.vpn.sharedt entitelment required for NEAppProxyProvider? n how to enable this?
Post
Replies
Boosts
Views
Activity
I Have activated the NEAppProxyProvider . now i want to start it running.Since NETransparentProxyManager just has loadAllFromPreferencesWithCompletionHandler and no SAVE i am using NEVPNManager.i am trying to load it using the follwing steps:[NEVPNManager sharedManager]loadFromPreferencesWithCompletionHandler:vpnmanager.enabled = YES;saveToPreferencesWithCompletionHandleri am not getting called at NEAppProxyProvider's startProxyWithOptions.^^^^^^^^^^any pointer would help.
As part of setTunnelNetworkSettingsthe docs say that:If you are implementing an App Proxy Provider, pass a NETunnelNetworkSettings containing DNS settings and proxy settings.is it mandatory to set DNS and proxy settings for Transparent App Proxy ?
In the transparent app proxy once i get called at handleNewFlow. then i call openWithLocalEndpointi have few questions:thereafter do i have to keep calling send, receive just like normal socket program?if yes, which apis are to be used ?how is the function readDataWithCompletionHandler used in this context ?this is as good as implementing a complete proxy .is my above understanding right ?i have a simple use case is of redirecting all the http traffic to my local application (different then the system extension) which will act like a proxy. is it possible to redirect this flow transparently to my application proxy running on localhost ?
We already have a proxy implemented in user mode .
Now with new Network Extension on Catalina we are implementing a Transparent App Proxy .
with this, should we reimplement the full user mode proxy code inside this Transparent App Proxy .
Is there a simple way were I can simply redirect the flow to the existing proxy ?
Once I have the flow received in handleNewFlow I call openWithLocalEndpoint
create a thread in which I read through the local endpoint flow and send the data to server
return YES so to handle the flow .
but readDataWithCompletionHandler is not returning neither success nor failure .
I have passed the flow to the thread properly . is it like the flow has become invalid since my reads are on a separate thread ?
should I have to call any API to keep the flow alive ?
On MACOS Catalina, I have written the Transparent App Proxy and am able to redirect the flow to my application. That application in turn opens the flow to remote server . I want to avoid any processing on the traffic coming from this application which is connecting to same port as the original client application and hence falling into same rule and landing back in my handleNewFlow .
I am not sure how to ignore these flows originating from my own application . since returning NO from handleNewFlow closes that connection .
this appears to be a common problem with any proxy application . any pointers, API or mechanism which will help me ?
I am writing Transparent app proxy on macOS and using startVPNTunnelAndReturnError .
the result of this API are rather inconsistent. sometime I am able to start the tunnel sometime it doesn't .
any race condition which I need to handle .
also I see during boot many times the tunnel is not started ?
In my Mac OS Transparent App proxy code
I activate the extension
LoadAllPref
Set NETunnelProviderProtocol & NETransparentProxyManager configurations
SavePref
Again LoadAllPref
get the connection object
startVPNTunnelAndReturnError
This is working good in most of the case . sometimes I see 2 entries of my extension in Network Preferences and both the entries are yellow (not connected ).
is there any known issue around this or any way to workaround this issue ?
On macOS Catalina for transparent app proxy, can setTunnelNetworkSettings be called outside the context of startProxyWithOptions:completionHandler: ?
or is it mandatory that this call be made only from startProxyWithOptions:completionHandler .
my use case is to change the tunnel network settings on some trigger .
As i read Driverkit can be used to write the device driver.
But, I want to filter a device.
can Driverkit be used for filtering a particular device?