Hi Team,
The Messages app is not working in the latest macOS Sequoia 15.0.1. We are unable to send messages or sync them when the VPN/TransparentAppProxy is connected.
It was working fine in macOS 15.0 and earlier.
A few users have reported the issue here: https://discussions.apple.com/thread/255802764?sortBy=rank
Post
Replies
Boosts
Views
Activity
Hi Team,
Is there a way to disable secure DNS in macOS that is set at the OS level, like 8.8.8.8, which supports secure DNS on ports 443 and 853?
Hi Team,
We are trying to set MDM with NETransparentProxyManager to auto-approve the proxy, but it did not work.
We have tried the below Apple document for NETransparentProxyManager.
https://developer.apple.com/documentation/devicemanagement/vpn/transparentproxy.
Attached is the config file.
ApplicationProxy.VPN.mobileconfg.txt
could you please suggest how to configure NETransparentProxyManager via MDM?
Hi Team,
We are using the transparent app proxy in macOS and resolving DNS queries using DNSServiceQueryRecord in the TAP process.
According to the documentation, when passing the interfaceIndex as 0, it should be queried on all interfaces, and based on IP rules, it assigns the query to that particular interface.
However, when we pass 0, it does not query any of the interfaces. We need to provide the specific interface index.
HI Team,
We have recently observed a network issue, followed by device hang-ups when users come out of sleep while using the Transparent app proxy provider in Sonoma 14.4. and users are required to restart the system to resolve the problem.
In the client logs, we observed that State:/Network/Global/IPv4 does not have any PrimaryInterface and there is no internet connectivity, although the internet works fine on other devices.
this issue start coming in sonoma 14.4 and happen with Transparent app proxy provider.
We are currently unable to pinpoint the exact issue. Are there any known issues with Sonoma 14.4?
Hi Team,
Im trying to disable the option to change the status of the Transparent Proxy enable/disable but there is no API which works in NETransparentProxyManager.
Could you suggest, how to disable the option to change the status of the Transparent Proxy enable/disable? We want to disable it so that no one can modify it from the settings.
This option is coming in Network -> Vpn & Filters
I observed that some other providers disabled it in the "Network -> VPN & Filters" settings.
Hi Team,
In Sonoma, we have observed NIMLOC DNS queries originating from the utun interface with identical destination and source addresses, causing a loopback within utun. How should these DNS queries be handled?
This issue does not occur in Ventura. Please refer to the attached screenshot.
Hi Team,
We are using NETransparentProxyProvider and have observed that AirDrop is not functioning.
I attempted to utilize protocolConfiguration in NETransparentProxyManager as mentioned below.
manager.protocolConfiguration?.excludeLocalNetworks = true;
but it did not work.
Could you please provide guidance on how to exclude local network traffic in NETransparentProxyProvider?
Hi Team,
We are using NETransparentProxyProvider, and we have observed that whenever we set setNetworkInterface with NENetworkRule, it always generates the DNS query even if the TTL time has not passed.
However, when I stop the NETransparentProxyManager using stopVPNTunnel and set setNetworkInterface as nil, it will not re-issue the DNS query until the DNS TTL time has passed.
We've recently noticed frequent crashes on the macOS system after an OS update when using the system extension with NETransparentProxyProvider. Below are the crash logs that appear in a pop-up after the machine starts.
I'm having difficulty understanding the exact point at which it crashes, and it shows my process below.
Panicked task 0xfffffe2d0a36abf8: 8190 pages, 143 threads: pid 9134: com.xxxx.na Panicked thread: 0xfffffe236ea13010, backtrace: 0xfffffe67858d2b80, tid: 337348
Detailed logs attached.
system_cash_log.txt
Hi Team,
I'm currently using a system extension with NETransparentProxyProvider (with root privileges). I want to support custom DNS (specific to domains) with a search domain to accommodate a single-level domain support.
For this, I'm creating a new entry inside /etc/resolver/, using below command.
sudo sh -c 'echo "domain corp.test.com\nsearch corp.test.com\nnameserver 9.9.9.9\nnameserver 9.9.2.2" > /etc/resolver/corp.test.com'
The above command works fine for me when I execute it via the terminal, creating a new file inside the resolver as described below. So, when I access a single-label domain like https://test, it appends 'corp.test.com,' resulting in hitting the domain as https://test.corp.test.com. Furthermore, it selects either the DNS server 9.9.9.9 or 9.9.2.2.
File: /private/etc/resolver/corp.test.com
domain corp.test.com
search corp.test.com
nameserver 9.9.9.9
nameserver 9.9.2.2
File permission
total 8
-rw-r--r-- 1 root wheel 80 Dec 5 18:20 corp.test.com
scutil --dns
resolver #8
domain : corp.test.com
search domain[0] : corp.test.com
nameserver[0] : 9.9.9.9
nameserver[1] : 9.9.2.2
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
However, when I execute the same command within the extension using NSTask, it generates the new file but fails to work as per above.
it creates below file
File: /private/etc/resolver/corp.test.com
domain corp.test.com
search corp.test.com
nameserver 9.9.9.9
nameserver 9.9.2.2
File permission
total 8
-rw-r--r-- 1 root wheel 80 Dec 5 18:25 corp.test.com
scutil --dns
resolver #8
domain : corp.test.com
search domain[0] : corp.test.com
nameserver[0] : 9.9.9.9
nameserver[1] : 9.9.2.2
flags : Request A records, Request AAAA records
reach : 0x00000002 (Reachable)
I don't notice any difference in file permissions and in scutil --dns entry.
even we tried running sudo killall -HUP mDNSResponder to refresh its records.
Could you please suggest what might be the reason?
Hi Team,
I am utilizing the nw_parameters_create_secure_tcp in Objective-C to establish a TCP connection. However, I would like the connection to go through a specific utun interface.
I attempted to use the following method for binding:
nw_parameters_require_interface(nw_parameters_t parameters,
_Nullable nw_interface_t interface);
Unfortunately, I haven't found any API that can convert a utun interface name or index to an nw_interface_t object. Both nw_interface_create_with_index and nw_interface_create_with_name are private methods.
I also tried using nw_path_monitor_set_update_handler and nw_path_enumerate_interfaces, but they did not return the utun interface.
Could you please suggest how I can obtain the utun interface as an nw_interface_t?
Hi Team,
I'm trying to capture inbound traffic for DNS responses and have experimented with the following rules, but they did not work.
NENetworkRule *dnsInboundTraffic = [[NENetworkRule alloc] initWithRemoteNetwork:nil remotePrefix:0 localNetwork:[NWHostEndpoint endpointWithHostname:@"0.0.0.0" port:@"53"] localPrefix:0 protocol:NENetworkRuleProtocolUDP direction:NETrafficDirectionInbound];
settings.includedNetworkRules = @[dnsInboundTraffic];
Could you please correct me if I'm making any mistakes while setting the rules?
Hi Team,
Observed that when subclass NETransparentProxyProvider and setting NEDNSSettings(adding own dns server) in NETransparentProxyNetworkSettings, it ignores the DNSSetting.
Whereas If I subclass the NEAppProxyProvider, then it takes the dnssetting and make it primary DNS server. validate using sctutil --dns.
Is it possible to set DNSSetting for NETransparentProxyProvider? I need to set our own DNS servers.
Any suggestion here?
Hi Team,
Im using SystemExtension with NEPackettunnelProvider where Im getting the layer 3 packets.
Below is my query.
Just wanted to understand if some other app started transparent app proxy(Layer4) with same network rule which I configured for NEPackettunnelProvider, Will I get the packet in NEPackettunnelProvider(Layer3)?
**As per the doc, **
if app proxy returns NO from handleNewFlow then it will handle by system and in my case it reaches to NEPackettunnelProvider
but what happen if it returns false and packet is processed by the app proxy.
As per my understanding packet should flow from Layer 4 to layer 3 but if app proxy implemented custom protocol then I believe it will not reach to NEPackettunnelProvider. Is my understanding correct?