Post

Replies

Boosts

Views

Activity

NEVPNManager + NEDNSSettingsManager - "permission denied" Error
My app is used to manage a Personal VPN configuration with NEVPNManager and a DNS settings configuration with NEDNSSettingsManager. Both configurations work as expected when used separately, but after DNS settings configuration is saved, saving Personal VPN configuration returns an error: Error Domain=NEConfigurationErrorDomain Code=10 "permission denied"  In a different order, when DNS configuration is saved and enabled after saving the VPN configuration, disconnecting VPN disables previously enabled DNS configuration. Tested on: iOS 14.4 iOS 14.5 Beta 2 Source code: https://github.com/jurajhilje/DOHIKEv2Demo
6
0
2.0k
Feb ’21
Apple Services not available when connected to VPN with Custom DoH/DoT DNS
When a device is connected to VPN using NEPacketTunnelProvider, and configured with encrypted custom DNS (NEDNSOverHTTPSSettings), some Apple Services (e.g. Siri) are unavailable. The same configuration but with clear text custom DNS (NEDNSSettings) works as expected. Inspecting network traffic while using Siri revealed SSL shutdown packets and TCP termination packets. Device: iOS 14.4.2 Network Extension APIs: NEPacketTunnelProvider, NEPacketTunnelNetworkSettings, NEDNSOverHTTPSSettings Attachments: com.apple.siri-network-traffic-packets.txt - https://developer.apple.com/forums/content/attachment/feaa0e1c-7791-4732-9323-c49efae2395ccom.apple.siri-console-app-logs.txt - https://developer.apple.com/forums/content/attachment/92449f94-c8ba-422a-b3ea-27033c276c48
5
0
1.9k
Apr ’21
URLComponent does not accept IPv6 address as host in iOS 16
iOS 16 introduced "Internationalized Domain Name" support for URLComponent. As a result, URLComponent does not accept IPv6 address as host in iOS 16. Is this expected behaviour or a bug, and what would be the best workaround in this case? // IPv4 URL var ipv4URLComponents = URLComponents() ipv4URLComponents.scheme = "https" ipv4URLComponents.host = "66.94.29.13" if let url = ipv4URLComponents.url {     print("IPv4 URL:", url) } // IPv6 URL var ipv6URLComponents = URLComponents() ipv6URLComponents.scheme = "https" ipv6URLComponents.host = "2001:0000:3238:dfe1:0063:0000:0000:fefb" if let url = ipv6URLComponents.url {     print("IPv6 URL:", url) } Output on iOS 15.5 device: IPv4 URL: https://66.94.29.13 IPv6 URL: https://2001%3A0000%3A3238%3Adfe1%3A0063%3A0000%3A0000%3Afefb Output on iOS 16 device: IPv4 URL: https://66.94.29.13 IPv6 URL: https: Related thread: https://developer.apple.com/forums/thread/709284
4
0
1.8k
Jul ’22
App upgrade on iOS 16 while VPN connected routes traffic outside VPN tunnel
Description There seems to be an issue with VPN tunnels using NEPacketTunnelProvider on iOS 16. When app is upgraded while VPN is connected, the NEPacketTunnelProvider VPN tunnel is restarted. On iOS 16 devices VPN appears to reconnect successfully after app upgrade, however inspecting device traffic reveals that all traffic is routed outside VPN tunnel, as it would when VPN is disconnected. This only affects devices running iOS 16. Environment iOS 16.0 Device: iPhone 13 Pro
4
0
796
Sep ’22
The ‘NEVPNProtocol.includeAllNetworks’ is not working on iOS 16+
https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks The ‘includeAllNetworks’ property was introduced in iOS 14 to allow VPN configuration on iOS to force all network traffic through the VPN tunnel, to prevent any leaks outside the tunnel. Older version of this document said:
 "A Boolean value that indicates whether the system sends all network traffic over the tunnel." Current documentation says: "A Boolean value that indicates whether the system sends most network traffic over the tunnel." There are a few issues with this change: The change in functionality was introduced without any notice or change in developer documentation. The documentation was updated almost a year after the change in functionality. The property should have been deprecated in iOS 16, and the new property should have been introduced. I would suggest a more accurate name - ‘includeMostNetworks’ instead of ‘includeAllNetworks’. After reading the updated documentation, it is not clear what the ‘includeAllNetworks’ actually does, as when it is disabled, the VPN also sends most network traffic over the tunnel. In iOS 16 and above, there is no way to configure a VPN tunnel without iOS bypassing the tunnel and leaking traffic to Apple servers.
1
0
484
Aug ’23
Issues with StoreKit2 and TestFlight
Transaction.updates When testing on TestFlight, Transaction.updates emits payments that occur on the same device (usually within 1min after payment is finished), contradicting the docs: The asynchronous sequence that emits a transaction when the system creates or updates transactions that occur outside of the app or on other devices. Transaction.unfinished When testing on TestFlight, Transaction.unfinished contains finished payments from a different device (same App Store account). Docs: A sequence that emits unfinished transactions for the user. Both issues do not happen when testing with Xcode. Xcode 15.2, iOS 17.3, 17.4
0
0
446
Feb ’24