Post not yet marked as solved
HI Team,
We have recently observed a network issue, followed by device hang-ups when users come out of sleep while using the Transparent app proxy provider in Sonoma 14.4. and users are required to restart the system to resolve the problem.
In the client logs, we observed that State:/Network/Global/IPv4 does not have any PrimaryInterface and there is no internet connectivity, although the internet works fine on other devices.
this issue start coming in sonoma 14.4 and happen with Transparent app proxy provider.
We are currently unable to pinpoint the exact issue. Are there any known issues with Sonoma 14.4?
Hi Team,
Im trying to disable the option to change the status of the Transparent Proxy enable/disable but there is no API which works in NETransparentProxyManager.
Could you suggest, how to disable the option to change the status of the Transparent Proxy enable/disable? We want to disable it so that no one can modify it from the settings.
This option is coming in Network -> Vpn & Filters
I observed that some other providers disabled it in the "Network -> VPN & Filters" settings.
Post not yet marked as solved
Hi Team,
In Sonoma, we have observed NIMLOC DNS queries originating from the utun interface with identical destination and source addresses, causing a loopback within utun. How should these DNS queries be handled?
This issue does not occur in Ventura. Please refer to the attached screenshot.
Post not yet marked as solved
Hi Team,
I'm trying to capture inbound traffic for DNS responses and have experimented with the following rules, but they did not work.
NENetworkRule *dnsInboundTraffic = [[NENetworkRule alloc] initWithRemoteNetwork:nil remotePrefix:0 localNetwork:[NWHostEndpoint endpointWithHostname:@"0.0.0.0" port:@"53"] localPrefix:0 protocol:NENetworkRuleProtocolUDP direction:NETrafficDirectionInbound];
settings.includedNetworkRules = @[dnsInboundTraffic];
Could you please correct me if I'm making any mistakes while setting the rules?
Post not yet marked as solved
Hi Team,
We are using NETransparentProxyProvider, and we have observed that whenever we set setNetworkInterface with NENetworkRule, it always generates the DNS query even if the TTL time has not passed.
However, when I stop the NETransparentProxyManager using stopVPNTunnel and set setNetworkInterface as nil, it will not re-issue the DNS query until the DNS TTL time has passed.
Post not yet marked as solved
Hi Team,
We are using NETransparentProxyProvider and have observed that AirDrop is not functioning.
I attempted to utilize protocolConfiguration in NETransparentProxyManager as mentioned below.
manager.protocolConfiguration?.excludeLocalNetworks = true;
but it did not work.
Could you please provide guidance on how to exclude local network traffic in NETransparentProxyProvider?
Post not yet marked as solved
We've recently noticed frequent crashes on the macOS system after an OS update when using the system extension with NETransparentProxyProvider. Below are the crash logs that appear in a pop-up after the machine starts.
I'm having difficulty understanding the exact point at which it crashes, and it shows my process below.
Panicked task 0xfffffe2d0a36abf8: 8190 pages, 143 threads: pid 9134: com.xxxx.na Panicked thread: 0xfffffe236ea13010, backtrace: 0xfffffe67858d2b80, tid: 337348
Detailed logs attached.
system_cash_log.txt
Post not yet marked as solved
Hi Team,
I'm currently using a system extension with NETransparentProxyProvider (with root privileges). I want to support custom DNS (specific to domains) with a search domain to accommodate a single-level domain support.
For this, I'm creating a new entry inside /etc/resolver/, using below command.
sudo sh -c 'echo "domain corp.test.com\nsearch corp.test.com\nnameserver 9.9.9.9\nnameserver 9.9.2.2" > /etc/resolver/corp.test.com'
The above command works fine for me when I execute it via the terminal, creating a new file inside the resolver as described below. So, when I access a single-label domain like https://test, it appends 'corp.test.com,' resulting in hitting the domain as https://test.corp.test.com. Furthermore, it selects either the DNS server 9.9.9.9 or 9.9.2.2.
File: /private/etc/resolver/corp.test.com
domain corp.test.com
search corp.test.com
nameserver 9.9.9.9
nameserver 9.9.2.2
File permission
total 8
-rw-r--r-- 1 root wheel 80 Dec 5 18:20 corp.test.com
scutil --dns
resolver #8
domain : corp.test.com
search domain[0] : corp.test.com
nameserver[0] : 9.9.9.9
nameserver[1] : 9.9.2.2
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
However, when I execute the same command within the extension using NSTask, it generates the new file but fails to work as per above.
it creates below file
File: /private/etc/resolver/corp.test.com
domain corp.test.com
search corp.test.com
nameserver 9.9.9.9
nameserver 9.9.2.2
File permission
total 8
-rw-r--r-- 1 root wheel 80 Dec 5 18:25 corp.test.com
scutil --dns
resolver #8
domain : corp.test.com
search domain[0] : corp.test.com
nameserver[0] : 9.9.9.9
nameserver[1] : 9.9.2.2
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
I don't notice any difference in file permissions and in scutil --dns entry.
even we tried running sudo killall -HUP mDNSResponder to refresh its records.
Could you please suggest what might be the reason?
Hi Team,
I am utilizing the nw_parameters_create_secure_tcp in Objective-C to establish a TCP connection. However, I would like the connection to go through a specific utun interface.
I attempted to use the following method for binding:
nw_parameters_require_interface(nw_parameters_t parameters,
_Nullable nw_interface_t interface);
Unfortunately, I haven't found any API that can convert a utun interface name or index to an nw_interface_t object. Both nw_interface_create_with_index and nw_interface_create_with_name are private methods.
I also tried using nw_path_monitor_set_update_handler and nw_path_enumerate_interfaces, but they did not return the utun interface.
Could you please suggest how I can obtain the utun interface as an nw_interface_t?
Post not yet marked as solved
Hi Team,
Observed that when subclass NETransparentProxyProvider and setting NEDNSSettings(adding own dns server) in NETransparentProxyNetworkSettings, it ignores the DNSSetting.
Whereas If I subclass the NEAppProxyProvider, then it takes the dnssetting and make it primary DNS server. validate using sctutil --dns.
Is it possible to set DNSSetting for NETransparentProxyProvider? I need to set our own DNS servers.
Any suggestion here?
Post not yet marked as solved
Hi Team,
Im using SystemExtension with NEPackettunnelProvider where Im getting the layer 3 packets.
Below is my query.
Just wanted to understand if some other app started transparent app proxy(Layer4) with same network rule which I configured for NEPackettunnelProvider, Will I get the packet in NEPackettunnelProvider(Layer3)?
**As per the doc, **
if app proxy returns NO from handleNewFlow then it will handle by system and in my case it reaches to NEPackettunnelProvider
but what happen if it returns false and packet is processed by the app proxy.
As per my understanding packet should flow from Layer 4 to layer 3 but if app proxy implemented custom protocol then I believe it will not reach to NEPackettunnelProvider. Is my understanding correct?
namdev20.