Post

Replies

Boosts

Views

Activity

NEPacketTunnel Provider Leaking Traffic
We are using an NEPacketTunnel provider for our custom VPN solution, and doing so we are setting NEPacketTunnelNetworkSettings with setting IPv4 and IPv6 default routes. We are then setting DNS networkSettings.dnsSettings?.matchDomains = [""] However, apps like FaceTime still go around the VPN. Once you set setTunnelNetworkSettings is there no way to ask the system to return what the current saved configuration? Testing, Ive also tried turning off IPv6 on my home network and cell data to force all traffic to my IPv4 default routes. Ive seen FaceTime work on one session, relaunch the app and never again. Note: IncludeAllNetworks does work, but comes with a lot of downsides too. Our goal is to securely and redundantly help with video calls , streaming apps etc.
6
0
494
Jun ’24
MDNS Peer to Peer + Network Extension
I have an app that utilizes the Network Extension ( Packet Tunnel Provider ), but also uses MDNS to find local devices for data transfer via Network Extensions. However, once connected over Peer to Peer using AWDL0 or NWConnections, it works as expected until a user shuts the screen down. It looks like there's a difference in behavior when the device is plugged in vs when it's on just battery alone. So we can be happily sending data over p2p ( awdl0 ) then a screen shuts off and it kills the connection. Is this expected behavior and if so is there documentation? Also, Network Extensions do not appear to be able to discover over P2P, they can only connect to endpoints directly. Is this expected behavior? My thoughts; If a user allows both the Network Extension Permission and Local Network Permissions that the Network Extension should be able to discover peers via p2p. The connections ( if not asleep ) should stay active while in use.
1
0
482
May ’24
SIGTRAP Crash
I'm having some issues tracking down the reason for the crash. It's affecting a ton of users but it seems to be a Swift runtime issue in Apples library. Can anyone help me out? Exception Type: EXC_BREAKPOINT (SIGTRAP) Exception Codes: 0x0000000000000001, 0x00000001e920823c Exception Note: EXC_CORPSE_NOTIFY Termination Reason: SIGNAL 5 Trace/BPT trap: 5 Terminating Process: exc handler [5315] Triggered by Thread: 0 Kernel Triage: VM - Compressor failed a blocking pager_get Thread 0 name: Thread 0 Crashed: 0 BaseBoard 0x00000001e920823c -[_BSActionResponder action_sendResponse:] + 600 (BSActionResponder.m:127) 1 BaseBoard 0x00000001e9208234 -[_BSActionResponder action_sendResponse:] + 592 (BSActionResponder.m:127) 2 BaseBoard 0x00000001e9200e0c -[BSAction sendResponse:] + 92 (BSAction.m:311) 3 UIKitServices 0x00000001e8bea830 -[UISFetchContentInBackgroundAction sendResponse:] + 104 (UISFetchContentInBackgroundAction.m:53) 4 UIKitCore 0x00000001e6fd68b0 __91-[UIApplication _handleNonLaunchSpecificActions:forScene:withTransitionContext:completion:]_block_invoke_3 + 76 (UIApplication.m:10725) 5 UIKitCore 0x00000001e639cd38 -[_UIAfterCACommitBlock run] + 72 (_UIAfterCACommitQueue.m:137) 6 UIKitCore 0x00000001e62b00c8 -[_UIAfterCACommitQueue flush] + 192 (_UIAfterCACommitQueue.m:228) 7 UIKitCore 0x00000001e61d98e8 _runAfterCACommitDeferredBlocks + 644 (UIApplication.m:3038) 8 UIKitCore 0x00000001e61da00c _cleanUpAfterCAFlushAndRunDeferredBlocks + 132 (UIApplication.m:3002) 9 UIKitCore 0x00000001e61da1bc _afterCACommitHandler + 60 (UIApplication.m:3053) 10 CoreFoundation 0x00000001e3c45bb4 __CFRUNLOOP_IS_CALLING_OUT_TO_AN_OBSERVER_CALLBACK_FUNCTION__ + 36 (CFRunLoop.c:1804) 11 CoreFoundation 0x00000001e3c14b70 __CFRunLoopDoObservers + 592 (CFRunLoop.c:1917) 12 CoreFoundation 0x00000001e3c0fc2c __CFRunLoopRun + 1052 (CFRunLoop.c:2979) 13 CoreFoundation 0x00000001e3c236b8 CFRunLoopRunSpecific + 600 (CFRunLoop.c:3268) 14 GraphicsServices 0x00000001ffcbd374 GSEventRunModal + 164 (GSEvent.c:2200) 15 UIKitCore 0x00000001e6588e88 -[UIApplication _run] + 1100 (UIApplication.m:3511) 16 UIKitCore 0x00000001e630a5ec UIApplicationMain + 364 (UIApplication.m:5064) 17 Speedify 0x00000001047fb268 main + 88 (main.m:14) 18 dyld 0x0000000104b79ce4 start + 520 (dyldMain.cpp:879) [2022-04-20_14-33-40.1406_+0430-6f4f1f1ef853d8feea4fcea2cab39dba1183a769.crash](https://developer.apple.com/forums/content/attachment/f6a77cce-1618-4b7b-a027-368340a6ab7f)
1
1
1k
Apr ’22
Embed Widget in Network Extension
I have a VPN app that has an embedded Network Extension. I wish to create a Widget based on the Network Extensions status. i.e Connect and what server/Country. If I take the traditional route of embedding the widget in the main app and call WidgetCenter.shared.reloadTimelines in the extension it works as expected, but ONLY if the parent app is still alive. The minute the parent app goes away calling WidgetCenter.shared.reloadTimelines does nothing. I have tried embedding the plugin inside of the Network Extension plugin but this as expected does not work. Is this a limitation of WidgetKit ( No ability to be updated from a running plugin)? Or is there a better way to update this widget
4
1
1.8k
Feb ’21
Hotspot Helper waking app up
My app registers with the Hotspot helper entitlement and it works as expected. However I notice that the app launches in the background each time the hotspot helper handler is invoked. It wakes up and hits (BOOL)application:(UIApplication *)application willFinishLaunchingWithOptions:(NSDictionary<UIApplicationLaunchOptionsKey,id> *)launchOptions and (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions However the launch keys do not indicate a reason. Is it possible for my app not to wake up and hit the application delegate methods and only execute whats in the Hotspot helper handler?
3
0
982
Nov ’20
Problem with Network Extension & System Extension
I have a Mac VPN app which I'd like to distribute in the Mac Store and on my website. I need to Sign my app with a Developer ID in order to get it notarized so was following along this thread https://developer.apple.com/forums/thread/125508?page=1 I performed all of the changes suggested by Quinn, notarized the app , stapled it and installed from a .dmg. Upon launching I get the VPN permission with a profile successfully installed but neagent still won't launch bc its signed with a developer id. error 16:49:08.750262-0400 NEVPNTunnelPlugin([476]): Validation of the extension failed nesessionmanagerdefault 16:49:08.750966-0400 NESMVPNSession[Primary Tunnel::7BB4FF26-2EAD-47AF-85F7-880749561AD0:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin([476]) started with PID 0 error (null) nesessionmanagererror 16:49:08.750013-0400 Rejecting app extension provider PacketTunnel because it is signed with a Developer ID certificate neagent I checked the embedded profile security cms -D -i  /Applications/MYAPP.app/Contents/embedded.provisionprofile &lt;key&gt;Entitlements&lt;/key&gt; &lt;dict&gt; &lt;key&gt;com.apple.developer.system-extension.install&lt;/key&gt; &lt;true/&gt; &lt;key&gt;com.apple.developer.networking.networkextension&lt;/key&gt; &lt;array&gt; &lt;string&gt;packet-tunnel-provider-systemextension&lt;/string&gt; &lt;string&gt;app-proxy-provider-systemextension&lt;/string&gt; &lt;string&gt;content-filter-provider-systemextension&lt;/string&gt; &lt;string&gt;dns-proxy-systemextension&lt;/string&gt; &lt;string&gt;dns-settings&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.application-identifier&lt;/key&gt; &lt;string&gt;BUNDLEID&lt;/string&gt; &lt;key&gt;keychain-access-groups&lt;/key&gt; &lt;array&gt; &lt;string&gt;TEAM.*&lt;/string&gt; &lt;/array&gt; &lt;key&gt;com.apple.developer.team-identifier&lt;/key&gt; &lt;string&gt;TEAM&lt;/string&gt; &lt;key&gt;com.apple.developer.associated-domains&lt;/key&gt; &lt;string&gt;*&lt;/string&gt; &lt;/dict&gt; default 09:50:39.422703-0400 Signature is valid and has the correct designated requirement neagent default 09:50:39.422930-0400 Provider is signed with a Developer ID certificate neagent error 09:50:39.422957-0400 Rejecting app extension provider com.appid.PacketTunnel because it is signed with a Developer ID certificate neagent default 09:50:39.423849-0400 [u 1B062A81-6FE9-44B0-851E-BCF4FE7FAD8A:m (null)] [&lt;private&gt;(&lt;private&gt;)] terminating neagent I'm running macOS 15.6 Here's output from the notarization &#9;"logFormatVersion": 1, &#9;"jobId": "ac025b03-d4ff-4a10-97f5-85b43e6b4f3f", &#9;"status": "Accepted", &#9;"statusSummary": "Ready for distribution", &#9;"statusCode": 0, &#9;"archiveFilename": "MyApp.dmg", &#9;"uploadDate": "2020-08-07T14:03:00Z", &#9;"sha256": "92349106a42dece6ae4298677aeaaf17aa02b1a431acf5594ab1fc700916a6bb", &#9;"ticketContents":[ ], &#9;"issues": null ^^ I stripped the ticketContents
6
0
2.5k
Aug ’20
AppleScript in Sandboxed App
We have an AppleScript that clears up old files for a user. We went from a self distributed app using the Privledged Helper to now utilizing the Mac App Store. When a user updates to the new Mac Store App we have an optional function to save and run an Apple Script to remove the old helper plist files. We use NSOpenPanel to ask a user to select the Apple Scripting directory which is assigned to our app and then using NSUserAppleScriptTask we are able to execute it. All while the user consents along the way. In order to do this we need the entitlement com.apple.security.files.user-selected.read-write which is being denied by the App review team as they say its meant for PDF's, Images etc and NOT scripts. If that entitlement is not meant for this situation, how are we able to get around this in a sandboxed app?
0
0
782
Oct ’20
XPC via NEMachServiceName
I am looking at the code from SimpleExtensionFirewall and notice that it's using XPC to communicate. Is this available on iOS for PacketTunnel Providers and if so does it bring a greater benefit than using sendMessageToExtension? Also macOS, using the Network Extension (Not system extension) is this available also? I am looking back at the SimpleTunnel example but it seems very dated. Thanks!
3
0
1.8k
Oct ’20
Code=513 couldn’t be copied because you don’t have permission to access “Group Containers”."
I am working on a macOS application in sandbox mode. I have enabled App groups and I can see the app group folder gets created. I am attempting to move a file from the app directory to the shared group but im see a permission error. Error moving files Error Domain=NSCocoaErrorDomain Code=513 "“Container_1595437210.503603.txt” couldn’t be copied because you don’t have permission to access “Group Containers”." Any ideas?
1
0
1k
Jul ’20
Network Extension fails to open 4/10 times
I am noticing if I try to send a provider a message before the extension state reads "Connected" then iOS creates the extension but no delegate calls get hit such as startTunnel. Here is a log excerpt of this happening default 12:37:08.312268-0400 Hello, I'm launching as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = &lt;private&gt; PacketTunnel default 12:37:08.341916-0400 Initializing connection PacketTunnel default 12:37:08.342000-0400 Removing all cached process handles PacketTunnel default 12:37:08.342094-0400 Sending handshake request attempt #1 to server PacketTunnel default 12:37:08.342180-0400 Creating connection to com.apple.runningboard PacketTunnel default 12:37:08.344130-0400 Handshake succeeded PacketTunnel default 12:37:08.344213-0400 Identity resolved as xpcservice&lt;com.connectify.Speedify.PacketTunnel([daemon<com.apple.neagent-ios&gt;:465:465])> PacketTunnel default 12:37:08.344544-0400 Bootstrapping; Bootstrap complete. Ready for handshake from host. PacketTunnel default 12:37:08.345705-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B] [(null)((null))] Prepare received as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = &lt;private&gt; PacketTunnel default 12:37:08.346919-0400 [u 44649B2D-4F65-42A6-B5A0-F06D8485AC86] [&lt;private&gt;(&lt;private&gt;)] Set sole personality. PacketTunnel default 12:37:08.349163-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [&lt;private&gt;(&lt;private&gt;)] Begin using sent as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = &lt;private&gt; neagent default 12:37:08.349301-0400 [u 44649B2D-4F65-42A6-B5A0-F06D8485AC86] [&lt;private&gt;(&lt;private&gt;)] Begin using received as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = &lt;private&gt; PacketTunnel default 12:37:08.349770-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [&lt;private&gt;(&lt;private&gt;)] plugin loaded and ready for host neagent default 12:37:08.352305-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [&lt;private&gt;(&lt;private&gt;)] invalidating startup assertion neagent default 12:37:08.358165-0400 networkd_settings_read_from_file initialized networkd settings by reading plist directly PacketTunnel default 12:37:08.358421-0400 networkd_settings_read_from_file initialized networkd settings by reading plist directly PacketTunnel default 12:37:08.359343-0400 nw_path_evaluator_start [03899CDE-17CB-40AF-994C-9CB574C85AB9 &lt;NULL&gt; &lt;private&gt;] path: &lt;private&gt; PacketTunnel error 12:37:14.358639-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [&lt;private&gt;(&lt;private&gt;)] Connection to plugin interrupted while in use. neagent default 12:37:14.358740-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [&lt;private&gt;(&lt;private&gt;)] all extension sessions ended neagent error 12:37:14.359680-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 667BD5AC-E1D2-4DCA-830D-9DB3A75B1A22] [&lt;private&gt;(&lt;private&gt;)] Connection to plugin invalidated while in use. neagent error 12:37:14.359800-0400 Extension com.connectify.Speedify.PacketTunnel died unexpectedly neagent default 12:37:14.360268-0400 Scheduing timer for extension failure/exit for EAAE0434-8F26-40D8-B6B8-6D7612294AFA neagent error 12:37:19.082446-0400 Handle extension failure/exit for EAAE0434-8F26-40D8-B6B8-6D7612294AFA - disconnect session neagent default 12:37:19.712008-0400 [d &lt;private&gt;] &lt;PKHost:0x10550a770&gt; Completed discovery. Final of matches: 1 neagent default 12:37:19.725009-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B:m 67B025FA-3D50-499F-B89A-4470CB9EC46A] [&lt;private&gt;(&lt;private&gt;)] Ready plugins sent as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = &lt;private&gt; neagent default 12:37:19.754544-0400 Hello, I'm launching as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = &lt;private&gt; PacketTunnel default 12:37:19.760018-0400 Initializing connection PacketTunnel default 12:37:19.760129-0400 Removing all cached process handles PacketTunnel default 12:37:19.760195-0400 Sending handshake request attempt #1 to server PacketTunnel default 12:37:19.760349-0400 Creating connection to com.apple.runningboard PacketTunnel default 12:37:19.761770-0400 Handshake succeeded PacketTunnel default 12:37:19.761861-0400 Identity resolved as xpcservice&lt;com.connectify.Speedify.PacketTunnel([daemon<com.apple.neagent-ios&gt;:465:465])> PacketTunnel default 12:37:19.762029-0400 Bootstrapping; Bootstrap complete. Ready for handshake from host. PacketTunnel default 12:37:19.762160-0400 [u 306E80FE-8F0A-4992-8781-524E5D9B2C0B] [(null)((null))] Prepare received as euid = 501, uid = 501, personaid = 1000, type = DEFAULT, name = &lt;private&gt; PacketTunnel default 12:37:19.763830-0400 [u 23AB4268-BF73-465C-B08F-50E5D000A7E4] [&lt;private&gt;(&lt;private&gt;)] Set sole personality. PacketTunnel error 12:37:24.626741-0400 Handle extension failure/exit for 6DE9DD7A-424A-43A3-BB43-82A73F609600 - disconnect session neagent default 12:37:25.130323-0400 [d &lt;private&gt;] &lt;PKHost:0x10550a770&gt; Beginning discovery for flags: 0, point: com.apple.networkextension.packet-tunnel neagent
1
0
1.2k
Jun ’20