Post

Replies

Boosts

Views

Activity

MDM auto-approve NETransparentProxyManager configuration
Hi Team, We are trying to set MDM with NETransparentProxyManager to auto-approve the proxy, but it did not work. We have tried the below Apple document for NETransparentProxyManager. https://developer.apple.com/documentation/devicemanagement/vpn/transparentproxy. Attached is the config file. ApplicationProxy.VPN.mobileconfg.txt could you please suggest how to configure NETransparentProxyManager via MDM?
3
0
522
Jul ’24
[macOS]: DNSServiceQueryRecord is not working as per document
Hi Team, We are using the transparent app proxy in macOS and resolving DNS queries using DNSServiceQueryRecord in the TAP process. According to the documentation, when passing the interfaceIndex as 0, it should be queried on all interfaces, and based on IP rules, it assigns the query to that particular interface. However, when we pass 0, it does not query any of the interfaces. We need to provide the specific interface index.
4
0
497
Jul ’24
[macOS]: In sonoma 14.4, Network issues and devices hanging after waking from sleep.
HI Team, We have recently observed a network issue, followed by device hang-ups when users come out of sleep while using the Transparent app proxy provider in Sonoma 14.4. and users are required to restart the system to resolve the problem. In the client logs, we observed that State:/Network/Global/IPv4 does not have any PrimaryInterface and there is no internet connectivity, although the internet works fine on other devices. this issue start coming in sonoma 14.4 and happen with Transparent app proxy provider. We are currently unable to pinpoint the exact issue. Are there any known issues with Sonoma 14.4?
1
0
780
Apr ’24
[macOS] Disable the option to modify the status of the Transparent Proxy.
Hi Team, Im trying to disable the option to change the status of the Transparent Proxy enable/disable but there is no API which works in NETransparentProxyManager. Could you suggest, how to disable the option to change the status of the Transparent Proxy enable/disable? We want to disable it so that no one can modify it from the settings. This option is coming in Network -> Vpn & Filters I observed that some other providers disabled it in the "Network -> VPN & Filters" settings.
1
0
573
Mar ’24
[macOS] exclude network connections on the local network in NETransparentProxyProvider
Hi Team, We are using NETransparentProxyProvider and have observed that AirDrop is not functioning. I attempted to utilize protocolConfiguration in NETransparentProxyManager as mentioned below. manager.protocolConfiguration?.excludeLocalNetworks = true; but it did not work. Could you please provide guidance on how to exclude local network traffic in NETransparentProxyProvider?
2
0
642
Jan ’24
[macOS] Encountering DNS cache issues while using NETransparentProxyProvider.
Hi Team, We are using NETransparentProxyProvider, and we have observed that whenever we set setNetworkInterface with NENetworkRule, it always generates the DNS query even if the TTL time has not passed. However, when I stop the NETransparentProxyManager using stopVPNTunnel and set setNetworkInterface as nil, it will not re-issue the DNS query until the DNS TTL time has passed.
6
0
970
Jan ’24
[macOS] system crashed while using systemExtension.
We've recently noticed frequent crashes on the macOS system after an OS update when using the system extension with NETransparentProxyProvider. Below are the crash logs that appear in a pop-up after the machine starts. I'm having difficulty understanding the exact point at which it crashes, and it shows my process below. Panicked task 0xfffffe2d0a36abf8: 8190 pages, 143 threads: pid 9134: com.xxxx.na Panicked thread: 0xfffffe236ea13010, backtrace: 0xfffffe67858d2b80, tid: 337348 Detailed logs attached. system_cash_log.txt
3
0
749
Dec ’23
[macOS] need to support domain specific dns server (custom DNS)
Hi Team, I'm currently using a system extension with NETransparentProxyProvider (with root privileges). I want to support custom DNS (specific to domains) with a search domain to accommodate a single-level domain support. For this, I'm creating a new entry inside /etc/resolver/, using below command. sudo sh -c 'echo "domain corp.test.com\nsearch corp.test.com\nnameserver 9.9.9.9\nnameserver 9.9.2.2" > /etc/resolver/corp.test.com' The above command works fine for me when I execute it via the terminal, creating a new file inside the resolver as described below. So, when I access a single-label domain like https://test, it appends 'corp.test.com,' resulting in hitting the domain as https://test.corp.test.com. Furthermore, it selects either the DNS server 9.9.9.9 or 9.9.2.2. File: /private/etc/resolver/corp.test.com domain corp.test.com search corp.test.com nameserver 9.9.9.9 nameserver 9.9.2.2 File permission total 8 -rw-r--r-- 1 root wheel 80 Dec 5 18:20 corp.test.com scutil --dns resolver #8 domain : corp.test.com search domain[0] : corp.test.com nameserver[0] : 9.9.9.9 nameserver[1] : 9.9.2.2 flags : Request A records, Request AAAA records reach : 0x00000002 (Reachable) However, when I execute the same command within the extension using NSTask, it generates the new file but fails to work as per above. it creates below file File: /private/etc/resolver/corp.test.com domain corp.test.com search corp.test.com nameserver 9.9.9.9 nameserver 9.9.2.2 File permission total 8 -rw-r--r-- 1 root wheel 80 Dec 5 18:25 corp.test.com scutil --dns resolver #8 domain : corp.test.com search domain[0] : corp.test.com nameserver[0] : 9.9.9.9 nameserver[1] : 9.9.2.2 flags : Request A records, Request AAAA records reach : 0x00000002 (Reachable) I don't notice any difference in file permissions and in scutil --dns entry. even we tried running sudo killall -HUP mDNSResponder to refresh its records. Could you please suggest what might be the reason?
11
0
1.8k
Dec ’23
Need to bind `nw_parameters_create_secure_tcp` with specific utun interface.
Hi Team, I am utilizing the nw_parameters_create_secure_tcp in Objective-C to establish a TCP connection. However, I would like the connection to go through a specific utun interface. I attempted to use the following method for binding: nw_parameters_require_interface(nw_parameters_t parameters, _Nullable nw_interface_t interface); Unfortunately, I haven't found any API that can convert a utun interface name or index to an nw_interface_t object. Both nw_interface_create_with_index and nw_interface_create_with_name are private methods. I also tried using nw_path_monitor_set_update_handler and nw_path_enumerate_interfaces, but they did not return the utun interface. Could you please suggest how I can obtain the utun interface as an nw_interface_t?
1
0
540
Oct ’23
[macOS] Wanted to capture inbound DNS traffic using NETransparentProxyProvider
Hi Team, I'm trying to capture inbound traffic for DNS responses and have experimented with the following rules, but they did not work. NENetworkRule *dnsInboundTraffic = [[NENetworkRule alloc] initWithRemoteNetwork:nil remotePrefix:0 localNetwork:[NWHostEndpoint endpointWithHostname:@"0.0.0.0" port:@"53"] localPrefix:0 protocol:NENetworkRuleProtocolUDP direction:NETrafficDirectionInbound]; settings.includedNetworkRules = @[dnsInboundTraffic]; Could you please correct me if I'm making any mistakes while setting the rules?
11
0
1k
Jul ’23
NETransparentProxyProvider ignoring NEDNSSettings.
Hi Team, Observed that when subclass NETransparentProxyProvider and setting NEDNSSettings(adding own dns server) in NETransparentProxyNetworkSettings, it ignores the DNSSetting. Whereas If I subclass the NEAppProxyProvider, then it takes the dnssetting and make it primary DNS server. validate using sctutil --dns. Is it possible to set DNSSetting for NETransparentProxyProvider? I need to set our own DNS servers. Any suggestion here?
0
0
599
Mar ’23
Multiple networkExtension traffic flow order.
Hi Team, Im using SystemExtension with NEPackettunnelProvider where Im getting the layer 3 packets. Below is my query. Just wanted to understand if some other app started transparent app proxy(Layer4) with same network rule which I configured for NEPackettunnelProvider, Will I get the packet in NEPackettunnelProvider(Layer3)? **As per the doc, ** if app proxy returns NO from handleNewFlow then it will handle by system and in my case it reaches to NEPackettunnelProvider but what happen if it returns false and packet is processed by the app proxy. As per my understanding packet should flow from Layer 4 to layer 3 but if app proxy implemented custom protocol then I believe it will not reach to NEPackettunnelProvider. Is my understanding correct?
0
0
554
Mar ’23