We are using an NEPacketTunnel provider for our custom VPN solution, and doing so we are setting NEPacketTunnelNetworkSettings with setting IPv4 and IPv6 default routes. We are then setting DNS
networkSettings.dnsSettings?.matchDomains = [""]
However, apps like FaceTime still go around the VPN.
Once you set setTunnelNetworkSettings is there no way to ask the system to return what the current saved configuration?
Testing, Ive also tried turning off IPv6 on my home network and cell data to force all traffic to my IPv4 default routes.
Ive seen FaceTime work on one session, relaunch the app and never again.
Note: IncludeAllNetworks does work, but comes with a lot of downsides too. Our goal is to securely and redundantly help with video calls , streaming apps etc.
Post
Replies
Boosts
Views
Activity
I have an app that utilizes the Network Extension ( Packet Tunnel Provider ), but also uses MDNS to find local devices for data transfer via Network Extensions.
However, once connected over Peer to Peer using AWDL0 or NWConnections, it works as expected until a user shuts the screen down. It looks like there's a difference in behavior when the device is plugged in vs when it's on just battery alone.
So we can be happily sending data over p2p ( awdl0 ) then a screen shuts off and it kills the connection.
Is this expected behavior and if so is there documentation?
Also, Network Extensions do not appear to be able to discover over P2P, they can only connect to endpoints directly. Is this expected behavior?
My thoughts;
If a user allows both the Network Extension Permission and Local Network Permissions that the Network Extension should be able to discover peers via p2p. The connections ( if not asleep ) should stay active while in use.
How can I hide "App Frameworks" documentation? Seems like it's just cluttering my documentation, especially since I want to host on a website. O just want my imported documentation.
I want to hide this:
I'm having some issues tracking down the reason for the crash. It's affecting a ton of users but it seems to be a Swift runtime issue in Apples library. Can anyone help me out?
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001e920823c
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL 5 Trace/BPT trap: 5
Terminating Process: exc handler [5315]
Triggered by Thread: 0
Kernel Triage:
VM - Compressor failed a blocking pager_get
Thread 0 name:
Thread 0 Crashed:
0 BaseBoard 0x00000001e920823c -[_BSActionResponder action_sendResponse:] + 600 (BSActionResponder.m:127)
1 BaseBoard 0x00000001e9208234 -[_BSActionResponder action_sendResponse:] + 592 (BSActionResponder.m:127)
2 BaseBoard 0x00000001e9200e0c -[BSAction sendResponse:] + 92 (BSAction.m:311)
3 UIKitServices 0x00000001e8bea830 -[UISFetchContentInBackgroundAction sendResponse:] + 104 (UISFetchContentInBackgroundAction.m:53)
4 UIKitCore 0x00000001e6fd68b0 __91-[UIApplication _handleNonLaunchSpecificActions:forScene:withTransitionContext:completion:]_block_invoke_3 + 76 (UIApplication.m:10725)
5 UIKitCore 0x00000001e639cd38 -[_UIAfterCACommitBlock run] + 72 (_UIAfterCACommitQueue.m:137)
6 UIKitCore 0x00000001e62b00c8 -[_UIAfterCACommitQueue flush] + 192 (_UIAfterCACommitQueue.m:228)
7 UIKitCore 0x00000001e61d98e8 _runAfterCACommitDeferredBlocks + 644 (UIApplication.m:3038)
8 UIKitCore 0x00000001e61da00c _cleanUpAfterCAFlushAndRunDeferredBlocks + 132 (UIApplication.m:3002)
9 UIKitCore 0x00000001e61da1bc _afterCACommitHandler + 60 (UIApplication.m:3053)
10 CoreFoundation 0x00000001e3c45bb4 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 36 (CFRunLoop.c:1804)
11 CoreFoundation 0x00000001e3c14b70 __CFRunLoopDoObservers + 592 (CFRunLoop.c:1917)
12 CoreFoundation 0x00000001e3c0fc2c __CFRunLoopRun + 1052 (CFRunLoop.c:2979)
13 CoreFoundation 0x00000001e3c236b8 CFRunLoopRunSpecific + 600 (CFRunLoop.c:3268)
14 GraphicsServices 0x00000001ffcbd374 GSEventRunModal + 164 (GSEvent.c:2200)
15 UIKitCore 0x00000001e6588e88 -[UIApplication _run] + 1100 (UIApplication.m:3511)
16 UIKitCore 0x00000001e630a5ec UIApplicationMain + 364 (UIApplication.m:5064)
17 Speedify 0x00000001047fb268 main + 88 (main.m:14)
18 dyld 0x0000000104b79ce4 start + 520 (dyldMain.cpp:879)
[2022-04-20_14-33-40.1406_+0430-6f4f1f1ef853d8feea4fcea2cab39dba1183a769.crash](https://developer.apple.com/forums/content/attachment/f6a77cce-1618-4b7b-a027-368340a6ab7f)
Users can now access the WiFi settings right from the control center and by long pressing the WiFi icon. I noticed when a user accesses the WiFi list in this manner the Hotspot Helper callback functions do not get invoked.
Is this intended behavior?
Thank you for your time
I'm not quite understanding why my application would be receiving this error
Error Domain=NEHotspotConfigurationErrorDomain Code=13 "already associated." UserInfo={NSLocalizedDescription=already associated.}
The helper seems to work but when this error occurs the command and network list is nil
Any help would be appreciated, thank you!
I have a VPN app that has an embedded Network Extension. I wish to create a Widget based on the Network Extensions status. i.e Connect and what server/Country.
If I take the traditional route of embedding the widget in the main app and call WidgetCenter.shared.reloadTimelines in the extension it works as expected, but ONLY if the parent app is still alive. The minute the parent app goes away calling WidgetCenter.shared.reloadTimelines does nothing.
I have tried embedding the plugin inside of the Network Extension plugin but this as expected does not work.
Is this a limitation of WidgetKit ( No ability to be updated from a running plugin)? Or is there a better way to update this widget
My app registers with the Hotspot helper entitlement and it works as expected.
However I notice that the app launches in the background each time the hotspot helper handler is invoked. It wakes up and hits
(BOOL)application:(UIApplication *)application willFinishLaunchingWithOptions:(NSDictionary<UIApplicationLaunchOptionsKey,id> *)launchOptions
and
(BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions
However the launch keys do not indicate a reason. Is it possible for my app not to wake up and hit the application delegate methods and only execute whats in the Hotspot helper handler?
We have an AppleScript that clears up old files for a user. We went from a self distributed app using the Privledged Helper to now utilizing the Mac App Store. When a user updates to the new Mac Store App we have an optional function to save and run an Apple Script to remove the old helper plist files.
We use NSOpenPanel to ask a user to select the Apple Scripting directory which is assigned to our app and then using NSUserAppleScriptTask we are able to execute it. All while the user consents along the way.
In order to do this we need the entitlement com.apple.security.files.user-selected.read-write which is being denied by the App review team as they say its meant for PDF's, Images etc and NOT scripts.
If that entitlement is not meant for this situation, how are we able to get around this in a sandboxed app?
I am looking at the code from SimpleExtensionFirewall and notice that it's using XPC to communicate.
Is this available on iOS for PacketTunnel Providers and if so does it bring a greater benefit than using sendMessageToExtension?
Also macOS, using the Network Extension (Not system extension) is this available also?
I am looking back at the SimpleTunnel example but it seems very dated.
Thanks!
I have a Mac VPN app which I'd like to distribute in the Mac Store and on my website.
I need to Sign my app with a Developer ID in order to get it notarized so was following along this thread
https://developer.apple.com/forums/thread/125508?page=1
I performed all of the changes suggested by Quinn, notarized the app , stapled it and installed from a .dmg.
Upon launching I get the VPN permission with a profile successfully installed but neagent still won't launch bc its signed with a developer id.
error 16:49:08.750262-0400 NEVPNTunnelPlugin([476]): Validation of the extension failed nesessionmanagerdefault 16:49:08.750966-0400 NESMVPNSession[Primary Tunnel::7BB4FF26-2EAD-47AF-85F7-880749561AD0:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin([476]) started with PID 0 error (null) nesessionmanagererror 16:49:08.750013-0400 Rejecting app extension provider PacketTunnel because it is signed with a Developer ID certificate neagent
I checked the embedded profile
security cms -D -i /Applications/MYAPP.app/Contents/embedded.provisionprofile
<key>Entitlements</key> <dict> <key>com.apple.developer.system-extension.install</key> <true/> <key>com.apple.developer.networking.networkextension</key> <array> <string>packet-tunnel-provider-systemextension</string> <string>app-proxy-provider-systemextension</string> <string>content-filter-provider-systemextension</string> <string>dns-proxy-systemextension</string> <string>dns-settings</string> </array> <key>com.apple.application-identifier</key> <string>BUNDLEID</string> <key>keychain-access-groups</key> <array> <string>TEAM.*</string> </array> <key>com.apple.developer.team-identifier</key> <string>TEAM</string> <key>com.apple.developer.associated-domains</key> <string>*</string> </dict>
default 09:50:39.422703-0400 Signature is valid and has the correct designated requirement neagent
default 09:50:39.422930-0400 Provider is signed with a Developer ID certificate neagent
error 09:50:39.422957-0400 Rejecting app extension provider com.appid.PacketTunnel because it is signed with a Developer ID certificate neagent
default 09:50:39.423849-0400 [u 1B062A81-6FE9-44B0-851E-BCF4FE7FAD8A:m (null)] [<private>(<private>)] terminating neagent
I'm running macOS 15.6
Here's output from the notarization
	"logFormatVersion": 1,
	"jobId": "ac025b03-d4ff-4a10-97f5-85b43e6b4f3f",
	"status": "Accepted",
	"statusSummary": "Ready for distribution",
	"statusCode": 0,
	"archiveFilename": "MyApp.dmg",
	"uploadDate": "2020-08-07T14:03:00Z",
	"sha256": "92349106a42dece6ae4298677aeaaf17aa02b1a431acf5594ab1fc700916a6bb",
	"ticketContents":[
],
	"issues": null
^^ I stripped the ticketContents
I am working on a macOS application in sandbox mode. I have enabled App groups and I can see the app group folder gets created. I am attempting to move a file from the app directory to the shared group but im see a permission error.
Error moving files Error Domain=NSCocoaErrorDomain Code=513 "“Container_1595437210.503603.txt” couldn’t be copied because you don’t have permission to access “Group Containers”."
Any ideas?
Am I able to add a subscriber inside of my Network Extension to receive reports?
I am noticing if I try to send a provider a message before the extension state reads "Connected" then iOS creates the extension but no delegate calls get hit such as startTunnel.
Here is a log excerpt of this happening
default 12:37:08.312268-0400 Hello, I'm launching as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private> PacketTunnel
default 12:37:08.341916-0400 Initializing connection PacketTunnel
default 12:37:08.342000-0400 Removing all cached process handles PacketTunnel
default 12:37:08.342094-0400 Sending handshake request attempt #1 to server PacketTunnel
default 12:37:08.342180-0400 Creating connection to com.apple.runningboard PacketTunnel
default 12:37:08.344130-0400 Handshake succeeded PacketTunnel
default 12:37:08.344213-0400 Identity resolved as xpcservice<com.connectify.Speedify.PacketTunnel([daemon<com.apple.neagent-ios>:465:465])> PacketTunnel
default 12:37:08.344544-0400 Bootstrapping; Bootstrap complete. Ready for handshake from host. PacketTunnel
default 12:37:08.345705-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B] [(null)((null))] Prepare received as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private> PacketTunnel
default 12:37:08.346919-0400 [u 44649B2D-4F65-42A6-B5A0-F06D8485AC86] [<private>(<private>)] Set sole personality. PacketTunnel
default 12:37:08.349163-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [<private>(<private>)] Begin using sent as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private> neagent
default 12:37:08.349301-0400 [u 44649B2D-4F65-42A6-B5A0-F06D8485AC86] [<private>(<private>)] Begin using received as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private> PacketTunnel
default 12:37:08.349770-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [<private>(<private>)] plugin loaded and ready for host neagent
default 12:37:08.352305-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [<private>(<private>)] invalidating startup assertion neagent
default 12:37:08.358165-0400 networkd_settings_read_from_file initialized networkd settings by reading plist directly PacketTunnel
default 12:37:08.358421-0400 networkd_settings_read_from_file initialized networkd settings by reading plist directly PacketTunnel
default 12:37:08.359343-0400 nw_path_evaluator_start [03899CDE-17CB-40AF-994C-9CB574C85AB9 <NULL> <private>]
path: <private> PacketTunnel
error 12:37:14.358639-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [<private>(<private>)] Connection to plugin interrupted while in use. neagent
default 12:37:14.358740-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [<private>(<private>)] all extension sessions ended neagent
error 12:37:14.359680-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [<private>(<private>)] Connection to plugin invalidated while in use. neagent
error 12:37:14.359800-0400 Extension com.connectify.Speedify.PacketTunnel died unexpectedly neagent
default 12:37:14.360268-0400 Scheduing timer for extension failure/exit for EAAE0434-8F26-40D8-B6B8-6D7612294AFA neagent
error 12:37:19.082446-0400 Handle extension failure/exit for EAAE0434-8F26-40D8-B6B8-6D7612294AFA - disconnect session neagent
default 12:37:19.712008-0400 [d <private>] <PKHost:0x10550a770> Completed discovery. Final of matches: 1 neagent
default 12:37:19.725009-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 67B025FA-3D50-499F-B89A-4470CB9EC46A] [<private>(<private>)] Ready plugins sent as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private> neagent
default 12:37:19.754544-0400 Hello, I'm launching as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private> PacketTunnel
default 12:37:19.760018-0400 Initializing connection PacketTunnel
default 12:37:19.760129-0400 Removing all cached process handles PacketTunnel
default 12:37:19.760195-0400 Sending handshake request attempt #1 to server PacketTunnel
default 12:37:19.760349-0400 Creating connection to com.apple.runningboard PacketTunnel
default 12:37:19.761770-0400 Handshake succeeded PacketTunnel
default 12:37:19.761861-0400 Identity resolved as xpcservice<com.connectify.Speedify.PacketTunnel([daemon<com.apple.neagent-ios>:465:465])> PacketTunnel
default 12:37:19.762029-0400 Bootstrapping; Bootstrap complete. Ready for handshake from host. PacketTunnel
default 12:37:19.762160-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B] [(null)((null))] Prepare received as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = <private> PacketTunnel
default 12:37:19.763830-0400 [u 23AB4268-BF73-465C-B08F-50E5D000A7E4] [<private>(<private>)] Set sole personality. PacketTunnel
error 12:37:24.626741-0400 Handle extension failure/exit for 6DE9DD7A-424A-43A3-BB43-82A73F609600 - disconnect session neagent
default 12:37:25.130323-0400 [d <private>] <PKHost:0x10550a770> Beginning discovery for flags: 0, point: com.apple.networkextension.packet-tunnel neagent
I am on Xcode 12, and during build I double tapped the debug navigator and Xcode correctly created a tab. When I tap on the tab it doesn't open.
Is there any useful information I can send over?