@Philip_Dukhov I am also facing same issue. Do you have solution on this? Please help us if any solution.
Post
Replies
Boosts
Views
Activity
You need to use System Network Extension (sysex). App Network Extension will not work with Developer ID certificate.
Hi,
Yes, it loads sysex (asks for system extension permission to load).
Yes, NE provider is instantiated (asks for network extension permission).
As per API calls, we are saving VPN configurations using saveToPreferences method of NETunnelProviderManager and connecting to VPN using startTunnel method of NETunnelProviderSession. Since SIP is enabled, it is difficult to debug. But I checked by adding logs and it is like it fails in startTunnel method.
Anyway, if there is any error with the code, it should also fail in case SIP is disabled. But it works in case SIP is disabled and it does not work with SIP enabled. So, should there be any error with the code or configuration or notarization?
Even if SIP is enabled or disabled, it works fine on macOS 13.* and 14.*. But in the case of macOS 15.1, it works if SIP is disabled and not if SIP is enabled. macOS 15.0 did not work in either case.
Hi, thanks for replying so quickly. Here are the details you asked for.
Let us explain all the steps that are taken during the installation of the app. This will answer all your questions.
Steps:
We added the log in main.swift which is in the extension. The sample code given in the post Debugging a Network Extension Provider was giving us compilation errors because WireGuard overrides its methods. So we added a simple line of code wg_log(.info, message: "abc test")
Build the app following the post Exporting a Developer ID Network Extension. Yes, we are using a Developer ID signed extension.
Copy the app to the /Applications folder and run it.
First, we ask for the system extension permission. Once the user allows it to load, we proceed with NE. Yes, the system extension is loading. We checked it using the terminal command "systemextensionsctl list" which shows "[activated enabled]".
While loading the NE, it asks the user for permission to load it. Once the user gives approval for the NE, it prints the log to the console app as mentioned in step 1. This works fine in both cases of SIP enabled and disabled. But the VPN connects only in case of SIP disabled and not if SIP enabled in macOS 15.1.
The strange thing is that regardless of whether SIP is enabled or disabled, it works fine in macOS 13.* and 14.*. But in case of macOS 15.1, it works if SIP is disabled and not if SIP is enabled. macOS 15.0 did not work in either case.