Post

Replies

Boosts

Views

Activity

iOS Packet Tunnel Provider saveToPreferencesWithCompletionHandler permission denied
I have a Packet Tunnel Provider that works ok in development, but fails calling NETunnelProviderManager.saveToPreferencesWithCompletionHandler with "permission denied" upon being opened by App Review. If it means anything, I just switched my account from personal to company/organization so I could distribute a VPN app, and the app is signed with an Apple Distribution cert created for the company. The provisioning profiles for the container app and the extension are both signed with this cert and both have Network Extensions and Personal VPN entitlements. What is missing that is preventing the distribution to the App Store from working properly?
3
0
756
May ’22
Message from debugger: Terminated due to code signing error
I got the message in the title when I made a new provisioning profile for this year which has a privileged file operations profile because the old one expired and the Mac app wouldn't build. Before this, I also had to get new Mac installer and Apple distribution certs which I would assume are in the prov profile since I made it after the new certs. After importing the new prov profile, the app builds, but app won't run because of message in title. I also had to do this in 2020 and 2021, but creating a new prov profile and importing it into XCode was all I had to do - everything just worked. In Xcode the 2021 and 2022 profiles look like they have the same content except the 2022 one isn't expired and has the latest cert. So why am I getting "Message from debugger: Terminated due to code signing error" when updating it this year? Larry
0
0
441
Jan ’22
iOS Sandbox: deny(1) network-outbound*:<port #> from network extension
if((sd = socket(PF_INET, SOCK_STREAM, 0)) 1) { perror("Socket Creation"); //log_msg(LOG_ERR, "Socket creation failed"); return ERROR_SOCKET; } if ( connect(sd, addr, sizeof(addr)) == 0 ) { conn_success = 1; break; } else { log_msg(LOG_ERR, "errno = %d, %s", errno, strerror(errno)); } The above chunk of C code is used to open TCP sockets on public and private servers on many platforms including Android and Mac OS. On iOS, it works if the device, an XR running 14.4.2, has an internal IP address when connecting to a public server. However, if the XR has a public IP address as it does when not connected to wifi, it fails with this in the log calling the same public server (or any public server) and errno = 1, Operation not permitted: Sandbox: extension name(5616) deny(1) network-outbound*:port no Why does the network extension, a packet tunnel provider, connect to a public server when the device has a private IP address and denied network outbound access when it has a public IP address?
12
0
2.7k
Apr ’21
iOS NWUDPSession.isViable vs NWUDPSessionState ready
I have a custom PacketTunnelProvider configured to catch all traffic on the 10.0.0 subnet and a server that can handle it listening at port 8080. I can call startTunnel from its containing app, and its completion handler gets called with a NETunnelProviderManager. I can see the NWUDPSession of the extension go from preparing to ready. When it gets to ready, I set the NWUDPSession read handler and have it start handling packets. However, in settings, the VPN is still connecting, and NWUDPSession.isViable is false. When I bring up a browser and go to 10.0.0.1:8080, I can see SYNs and ACKs coming out of the tunnel going to the server and back into the tunnel, and then a http request for a favicon going to the server and its 404 coming back followed by a FIN/ACK out of the tunnel. But the request for the specific resource never gets out. Without the VPN, the browser sends the resource request followed by the favicon request. During this time, the VPN is still connecting, and the browser says there is no internet. What am I missing? It seems there is something else to do to make it connected, but I can't figure out what it is.
11
0
1.3k
Mar ’21