I've implemented a custom VPN app for macOS (Packet Tunnel Provider). I've added to the protocol configuration the flag 'includeAllNetworks'. For some reason, there are multiple times where the initial connection to the VPN fails. I'm using sockets, getaddrinfo func, and lib curl. But when this flag is set, it seems that there's no internet access, even before the first connection of the VPN. The weird thing is - that sometimes the VPN connects without a problem. Without this flag the VPN always connects without a problem. Are there any limitations I should know regarding to using this flag?

I've implemented a custom VPN app (Packet Tunnel Provider) for macOS. Configured with full tunnel, on-demand with a rule to always connect, and disconnects on sleep. Is Power Nap considers as a sleep mode? Because the VPN disconnects when Mac enters Power Nap. If yes - Should the VPN reconnects when the Macs periodically checks for mails/ other stuff? According to the documentation - "Power Nap supports VPN connections that use a certificate to authenticate, not VPN connections that require entering a password.)" But everything is already configured, the user shouldn't enter his password again when the VPN reconnects. So I'm not sure what suppose to happen in this case.

I've implemented a VPN app using Packet Tunnel Provider for macOS. Using Apple Configurator, I can create a VPN profile for my custom SSL. But what happens when the user installs this profile? It's creating a VPN (at the network preferences), but what's the relationship between this and my app? I know that now it's possible to load this VPN via my app, but what benefits I get from this? Can I set some values via the profile that I can't set via code? Another question - is it possible to create a profile for one of the native VPN on the Mac, and to create a personal VPN app, which will use this profile, and do some things before connecting to the VPN? Final question: At Apple Configurator, there are some built-in options at the connection type, such as Pulse, Check Point, etc.. What's the process of getting into that list?

I want to let my users configure IKEv2 VPN with always-on. I know this is possible using Apple Configurator + the native system's IKEv2 VPN. But I want to have a "wrapper" app - some values will be defined at the Apple Configurator, and other values will be defined at my app, which will trigger the system's IKEv2. Is it possible to use VPN payload for a 'personal' VPN app (without Packet Tunnel Provider)? Is it possible to do it with the VPN payload for 'Custom SSL'? Can I create an app, that creates a 'Personal VPN' of type IKEv2, gets the payload from Apple Configurator, sets some values, and starts the VPN? If yes, is it possible to configure the always-on in this case? Or is the 'Custom SSL' is meant only for 'Packet Tunnel Providers' (and then I can't have always-on)?

This is a duplicate of a question I already asked (https://developer.apple.com/forums/thread/133303?login=true), but I wanted to edit its tags, and I couldn't do it, so I'm asking again: I've implemented a VPN app for iOS and macOS using Packet Tunnel Provider. I released a macOS testing version for our QA (development distribution). On two different Macs the app works great, but on a third Mac, the app crashes when the extension tries to send local messages using UNUserNotificationCenter. The user chose (at the containing app) to not allow the app to send local notifications. At the extension, I'm trying to send a notification, but AFAIK this code should do nothing if the user didn't allow it. But it shouldn't crash the app. This is the exception: Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURL And those are the logs from the Console: default 11:38:21.517414+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: set configuration completed with result 1 default 11:38:21.517894+0300 MyAppExtension [Extension com.myappname.mac.MyApp.MyAppExtension]: reasserting set to 0 default 11:38:21.518080+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) status changed to connected default 11:38:21.518140+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Leaving state NESMVPNSessionStateStarting default 11:38:21.518189+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Entering state NESMVPNSessionStateRunning default 11:38:21.518235+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: status changed to connected default 11:38:21.519428+0300 configd nw_path_evaluator_start [1AEEC643-2DF1-4261-AC70-E4AB53F87A10 IPv4#e9b1bae6:0 generic, indefinite] &#9;path: satisfied (Path is satisfied), interface: utun2, ipv4, dns default 11:38:21.518306+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Updated network agent (active, compulsory, not-user-activiated, not-kernel-activated) default 11:38:21.520052+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Received an IPC establish request from MyApp[506] default 11:38:21.520288+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: received establish IPC message default 11:38:21.521861+0300 neagent Scheduing timer for extension failure/exit for C653C3F5-4B0B-430A-B76A-E3C187F0A116 error 11:38:21.522715+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin interrupted while in use. default 11:38:21.520565+0300 MyAppExtension no registered bundle with URL default 11:38:21.522779+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] terminating default 11:38:21.521476+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) started with PID 887 error (null) default 11:38:21.520797+0300 MyAppExtension * Assertion failure in +[UNUserNotificationCenter currentNotificationCenter], /BuildRoot/Library/Caches/com.apple.xbs/Sources/UserNotifications/UserNotifications-281.6/UNUserNotificationCenter.m:44 default 11:38:21.523380+0300 AirPlayXPCHelper PrimaryIPv4 changed: 10.41.183.51 default 11:38:21.521461+0300 MyAppExtension * Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURL file:///private/var/folders/p5/qjrcgyl50fg2g609bmwhy3zm0000gn/T/AppTranslocation/2E09CAAF-06B1-44D4-90DB-E90EA54C806D/d/MyApp.app/Contents/PlugIns/MyAppExtension.appex/'** First throw call stack: ( &#9;0&#9; CoreFoundation&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;0x00007fff2cff538b __exceptionPreprocess + 250 &#9;1&#9; libobjc.A.dylib&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; 0x00007fff6318a552 objc_exception_throw + 48 &#9;2&#9; CoreFoundation&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;0x00007fff2d01e8b8 +[NSException raise:format:arguments:] + 88 &#9;3&#9; Foundation&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;0x00007fff2f73b221 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191 &#9;4&#9; UserNotifications&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; 0x00007fff3a942919 __53+[UNUserNotificationCenter currentNotificationCenter]_block_invoke + 922 &#9;5&#9; libdispatch.dylib&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; 0x00007fff6449350e _dispatch_client_callout + 8 &#9;6&#9; l&lt;…&gt; default 11:38:21.523612+0300 AirPlayXPCHelper PrimaryIPv6 changed: &lt;< AF_UNSPEC &gt;> default 11:38:21.523597+0300 sharingd PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;< AF_UNSPEC &gt;> error 11:38:21.523062+0300 neagent Extension com.myappname.mac.MyApp.MyAppExtension died unexpectedly default 11:38:21.524744+0300 AirPlayXPCHelper PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;< AF_UNSPEC &gt;> error 11:38:21.524288+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin invalidated while in use. ... P.S: I also submitted a feedback about this bug - FB7730197

I've implemented a VPN app for iOS and macOS, using Packet Tunnel Provider.I've set the VPN to be on-demand with on-demand rule to connect.I tested it, and on my devices (Mac and iPhone) it works great - the VPN reconnects after sleep and after restarting the device.But one of my customers reported that the VPN doesn't reconnects after restarting his Mac (but it does reconnect after exiting sleep).I tried to find a documentation about it - is the VPN should reconnect after the device restart (assuming all on-demand rules are met)?I saw it should for always-on VPNs, but I'm asking if it should do it for on-demand VPNs as well.

I've implemented a VPN app for iOS and macOS using Packet Tunnel Provider.I released a macOS testing version for our QA (development distribution).On two different Macs the app works great, but on a third Mac, the app crashes when the extension tries to send local messages using UNUserNotificationCenter.The user chose (at the containing app) to not allow the app to send local notifications.At the extension, I'm trying to send a notification, but AFAIK this code should do nothing if the user didn't allow it. But it shouldn't crash the app.This is the exception:* Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURLAnd those are the logs from the Console:default 11:38:21.516927+0300 nesessionmanager nw_network_agent_add_to_interface_internal Successfully added agent to "utun2" default 11:38:21.517414+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: set configuration completed with result 1 default 11:38:21.517894+0300 MyAppExtension [Extension com.myappname.mac.MyApp.MyAppExtension]: reasserting set to 0 default 11:38:21.518080+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) status changed to connected default 11:38:21.518140+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Leaving state NESMVPNSessionStateStarting default 11:38:21.518189+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Entering state NESMVPNSessionStateRunning default 11:38:21.518235+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: status changed to connected default 11:38:21.519428+0300 configd nw_path_evaluator_start [1AEEC643-2DF1-4261-AC70-E4AB53F87A10 IPv4#e9b1bae6:0 generic, indefinite] path: satisfied (Path is satisfied), interface: utun2, ipv4, dns default 11:38:21.518306+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Updated network agent (active, compulsory, not-user-activiated, not-kernel-activated) default 11:38:21.520052+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Received an IPC establish request from MyApp[506] default 11:38:21.520288+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: received establish IPC message default 11:38:21.521861+0300 neagent Scheduing timer for extension failure/exit for C653C3F5-4B0B-430A-B76A-E3C187F0A116 error 11:38:21.522715+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin interrupted while in use. default 11:38:21.520565+0300 MyAppExtension no registered bundle with URL default 11:38:21.522779+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] terminating default 11:38:21.521476+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) started with PID 887 error (null) default 11:38:21.520797+0300 MyAppExtension *** Assertion failure in +[UNUserNotificationCenter currentNotificationCenter], /BuildRoot/Library/Caches/com.apple.xbs/Sources/UserNotifications/UserNotifications-281.6/UNUserNotificationCenter.m:44 default 11:38:21.523380+0300 AirPlayXPCHelper PrimaryIPv4 changed: 10.41.183.51 default 11:38:21.521461+0300 MyAppExtension *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURL file:///private/var/folders/p5/qjrcgyl50fg2g609bmwhy3zm0000gn/T/AppTranslocation/2E09CAAF-06B1-44D4-90DB-E90EA54C806D/d/MyApp.app/Contents/PlugIns/MyAppExtension.appex/' *** First throw call stack: ( 0 CoreFoundation 0x00007fff2cff538b __exceptionPreprocess + 250 1 libobjc.A.dylib 0x00007fff6318a552 objc_exception_throw + 48 2 CoreFoundation 0x00007fff2d01e8b8 +[NSException raise:format:arguments:] + 88 3 Foundation 0x00007fff2f73b221 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191 4 UserNotifications 0x00007fff3a942919 __53+[UNUserNotificationCenter currentNotificationCenter]_block_invoke + 922 5 libdispatch.dylib 0x00007fff6449350e _dispatch_client_callout + 8 6 l&lt;…&gt; default 11:38:21.523612+0300 AirPlayXPCHelper PrimaryIPv6 changed: &lt;&lt; AF_UNSPEC &gt;&gt; default 11:38:21.523597+0300 sharingd PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;&lt; AF_UNSPEC &gt;&gt; error 11:38:21.523062+0300 neagent Extension com.myappname.mac.MyApp.MyAppExtension died unexpectedly default 11:38:21.524744+0300 AirPlayXPCHelper PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;&lt; AF_UNSPEC &gt;&gt; error 11:38:21.524288+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin invalidated while in use. default 11:38:21.525151+0300 UserEventAgent Received notification com.apple.system.config.network_change.nwi default 11:38:21.524935+0300 mDNSResponder default 11:38:21.525321+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.525027+0300 mDNSResponder default 11:38:21.525130+0300 mDNSResponder default 11:38:21.525191+0300 mDNSResponder default 11:38:21.525809+0300 UserEventAgent Received notification com.apple.system.config.network_change.dns default 11:38:21.525945+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.525971+0300 mDNSResponder default 11:38:21.526012+0300 mDNSResponder default 11:38:21.526062+0300 mDNSResponder default 11:38:21.526089+0300 mDNSResponder default 11:38:21.526120+0300 mDNSResponder default 11:38:21.526350+0300 mDNSResponder default 11:38:21.526381+0300 UserEventAgent Received notification com.apple.system.config.network_change default 11:38:21.526380+0300 mDNSResponder default 11:38:21.526479+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.526568+0300 mDNSResponder [Q7731] Sent UDP DNS Message 58 bytes from :56624 to :53 via utun2 (0xf) default 11:38:21.526623+0300 mDNSResponder [Q7731] DNS Query (58) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.526707+0300 mDNSResponder [Q9943] Sent UDP DNS Message 42 bytes from :55555 to :53 via utun2 (0xf) default 11:38:21.526742+0300 mDNSResponder [Q9943] DNS Query (42) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.527012+0300 mDNSResponder [Q14808] Sent UDP DNS Message 59 bytes from :63932 to :53 via utun2 (0xf) default 11:38:21.527050+0300 mDNSResponder [Q14808] DNS Query (59) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.527159+0300 mDNSResponder [R2723] DNSServiceCreateConnection STOP PID[887](MyAppExten) default 11:38:21.527358+0300 mDNSResponder [R2732] DNSServiceCreateConnection STOP PID[99](configd) default 11:38:21.527410+0300 mDNSResponder [R2733] DNSServiceQueryRecord(4000D000, 0, , PTR) STOP PID[99](configd) default 11:38:21.527611+0300 mDNSResponder [R2734] DNSServiceCreateConnection START PID[99](configd) default 11:38:21.527728+0300 mDNSResponder [R2735] DNSServiceQueryRecord(4000D000, 0, , PTR) START PID[99](configd) default 11:38:21.527770+0300 mDNSResponder [R2735-&gt;Q60525] GetServerForQuestion: 0x7f8e6d8120b8 DNS server (0x7f8e6be0a940) :53 (Penalty Time Left 0) (Scope None:0x0:-1) for (PTR) default 11:38:21.528040+0300 mDNSResponder [Q60525] Sent UDP DNS Message 43 bytes from :55847 to :53 via utun2 (0xf) default 11:38:21.528074+0300 mDNSResponder [Q60525] DNS Query (43) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.528413+0300 UserEventAgent Current file handles for com.apple.networkextension.file-descriptor-maintainer: ( "Network Agent Registration socket (144) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0", "Policy Session MasterSession socket (151)", "Policy Session LowPrioritySession socket (159)", "Network Agent Registration socket (160) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0", "Network Agent Registration socket (161) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0" ) default 11:38:21.528569+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (144) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0 default 11:38:21.528661+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (160) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0 default 11:38:21.528794+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (161) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0 default 11:38:21.529865+0300 UserEventAgent Current file handles for com.apple.networkextension.file-descriptor-maintainer: ( "Network Agent Registration socket (162) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0", "Policy Session MasterSession socket (163)", "Policy Session LowPrioritySession socket (164)", "Network Agent Registration socket (165) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0", "Network Agent Registration socket (167) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0x1" ) default 11:38:21.530236+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (162) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0 default 11:38:21.530342+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (165) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0 default 11:38:21.530534+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (167) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0x1 default 11:38:21.530710+0300 accountsd " () received" default 11:38:21.531075+0300 dmd Detected network change default 11:38:21.531177+0300 dmd Detected network change default 11:38:21.532351+0300 sharingd "The connection to ACDAccountStore was invalidated." default 11:38:21.533299+0300 nsurlsessiond received network changed event default 11:38:21.533770+0300 nsurlsessiond received network changed event default 11:38:21.536451+0300 symptomsd SCDynamicStore config_callback: k: State:/Network/Global/DNS default 11:38:21.536562+0300 symptomsd SCDynamicStore key: State:/Network/Global/DNS, interfaces: { } default 11:38:21.539227+0300 dmd Detected network change default 11:38:21.540195+0300 ReportCrash Parsing corpse data for pid 887 default 11:38:21.541575+0300 ReportCrash Parsing corpse data for process MyAppExtens [pid 887] error 11:38:21.543133+0300 ReportCrash Invalid receipt [0 bytes] -- [] error 11:38:21.685096+0300 kernel Sandbox: bluetoothd(142) deny(1) mach-lookup com.apple.server.bluetooth default 11:38:22.016202+0300 CommCenter #I On WiFi: true On Cellular: false

I've implemented a VPN for macOS/iOS using Packet Tunnel Provider.When the users try to create the VPN, they get the message from the OS asking if they are allowing to install the VPN.In addition to that, I'm asking the users to authorize local notifications.Now I want to debug a certain flow at my app, and I want to be displayed again with the "allow vpn/notification" msgs.Is there a way to cause the OS to ask me those questions again? Be it via code, or via the OS (I tried searching it in Security &amp; Privacy, but found nothing relevant)

I've implemented a VPN app for macOS with Packet Tunnel Provider.I've configured it to be onDemand, which should always connect:targetManager?.isOnDemandEnabled = true let onDemandRuleConnect = NEOnDemandRuleConnect() targetManager?.onDemandRules = [onDemandRuleConnectI've also set it to disconnect on sleep:targetManager?.protocolConfiguration?.disconnectOnSleep = trueThe question:From the logs I have I see that the Mac enters sleep mode, so stopTunnelWithReason is called with reason 15 (The device went to sleep and disconnect).Right after that, the VPN status changed to 'Disconnected' (as expected),but then, right after that, the VPN status changed to 'Connecting' - this is probably because of how I set the onDemand, but I'm not sure of it - if the device enters sleep, why does the system starts the VPN again?I think this behavior is causing me some problems.What's the best way to "fix" this?

I've implemented a VPN apps (for iOS and for macOS) with Packet Tunnel Provider.The includedRoutes contains all the IPv4 default routes:newSettings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]My question is regarding local networks:If I'm not using split tunnel (not including/excluding any other route), what happens to traffic to the local network? By local network I mean the network the device is connected to without the client.I expected that all traffic should go to the tunnel, but I see that I'm able to access resources on my local network even when the tunnel is up.In addition to that, I checked the new flag - includeAllNetworksr which is relevant only to macOS:If this flag is set, I can't access the local network when the VPN is up.So the question is how to configure if the user is able or unable to access resources on his local tunnel.Maybe using the above flag is the answer? And if it is the answer, then what about iOS?Edit: When includeAllNetworks is set, sometimes I don't have traffic at all, and I see some errors at the Console, not sure if it's related.

Three years ago I asked if it's possible to ditribute Network Extension providers apps (VPN with packet tunnel provider) for macOS outside the App Store - the answer was no, see https://forums.developer.apple.com/thread/81281I'm checking again, but this time, the question is if it's possible for users at a certain company to get this app via MDM.What I want to do, is to give the .app/apk to an IT admin, and he will distribute it via MDM. Is it possible?More generally, is there any way to distribute my app, not via the App Store? * It's possible to do it when signing it with a Mac development profile, but I want to give it to a customer..And a bonus part - the same question, but for iOS - is it possible to distribute it outside App Store?

I've implemented a VPN app with Packet Tunnel Provider for macOS.To send the packets, I'm using BSD sockets.I noticed that when sending big files (1GB), in most of the time the uploading fails, and the relevant errors I see at the console are the following errors:[Extension com.myExtension]: IPC detached NESMVPNSession[Primary Tunnel:My Company - myUserName:6EF9650B-D1DA-418B-B617-AE0874DDCBD3:(null)] in state NESMVPNSessionStateRunning: plugin NEVPNTunnelPlugin(com.MyContainingApp]) did detach from IPC [NOTICE] : networking grace period is over for #lifetime boringssl_context_message_handler(2257) [C6.1:2][0x1048aeac0] Writing SSL3_RT_ALERT 2 bytes boringssl_context_handle_warning_alert(1892) [C6.1:2][0x1048aeac0] write alert, level: warning, description: close notify boringssl_session_disconnect(539) [C6.1:2][0x1048aeac0] SSL_shutdown 0 nw_flow_disconnected [C6.1 20.185.73.23:443 cancelled socket-flow ((null))] Output protocol disconnected nw_connection_report_state_with_handler_on_nw_queue [C6] reporting state cancelled Connection 6: destroyed nw_protocol_boringssl_remove_input_handler(1012) [C6.1:2][0x1048aeac0] nw_protocol_boringssl_remove_input_handler forced true nw_protocol_boringssl_remove_input_handler(1030) [C6.1:2][0x1048aeac0] Transferring nw_protocol_boringssl_t handle back into ARC for autoreleaseSo I'm guessing it's related to "did detach from IPC" or to "SSL3_RT_ALERT 2 bytes", but what's the next step here? How can I try to figure out what's causing this?P.S: It seems that the VPN stays connected and functional, it's just the uploading that fails.

Some users at a certain company reported they are having problems when using my VPN app for Mac (Packet Tunnel Povider), with SMB:Initiating an SMB upload will fail and then their VPN client will disconnect, in some cases the computer needs to be reboot.I've collected logs for my client (nothing suspicious there), and I also got the logs from thier Console.Those are some relevant lines from the Console, but again I don't see anything suspicious:default 17:27:16.194234 -0400 secd Microsoft Outloo[303]/1#16 LF=0 copy_matching Error Domain=NSOSStatusErrorDomain Code=-34018 "Client has neither com.apple.application-identifier, com.apple.security.application-groups nor keychain-access-groups entitlements" UserInfo={NSDescription=Client has neither com.apple.application-identifier, com.apple.security.application-groups nor keychain-access-groups entitlements} default 17:27:16.252627 -0400 com.apple.WebKit.WebContent Current memory footprint: 14 MB default 17:27:18.079823 -0400 symptomsd rssi (-53) or transmitRate (585.000000) changed on interface en1 for BSSID: default 17:27:18.751723 -0400 coreaudiod gPTPClockStatistics for 0x995aebd999500000 default 17:27:18.751758 -0400 coreaudiod Grandmaster Identity: 0x995aebd999500000 default 17:27:18.751781 -0400 coreaudiod Clock lock state: Locked default 17:27:18.751809 -0400 coreaudiod 0x995aebd999500000: First Sync 2199023255552,2199023255552,42252520443,42252520443,0x995aebd999500000,0 default 17:27:18.751830 -0400 coreaudiod Rate Ratio: 2199023255552/2199023255552 (1.000000000000) default 17:27:18.751845 -0400 coreaudiod Anchors: 42252520443, 42252520443 default 17:27:18.751861 -0400 coreaudiod Sync Identity: 0x995aebd999500000.0 default 17:27:19.466668 -0400 SophosConfigD CSSM Exception: -2147413736 CSSMERR_DL_DATASTORE_ALREADY_EXISTS default 17:27:19.852256 -0400 Core Sync TCP Conn 0x60800016e100 canceled default 17:27:19.853018 -0400 Core Sync TCP Conn [239:0x60000016df80] using empty proxy configuration default 17:27:19.853033 -0400 Core Sync Stream client bypassing proxies on TCP Conn [239:0x60000016df80] default 17:27:19.853045 -0400 Core Sync TCP Conn 0x60000016df80 started default 17:27:19.852614 -0400 Core Sync [242 stream, pid: 565] cancelled [242.1 61DEA637-675C-413E-A6A3-AA6E3FA344EC .51750&lt;-&gt;] Connected Path: satisfied (Path is satisfied), interface: utun1, ipv4, dns Duration: 43.817s, DNS @0.000s took 0.597s, TCP @0.598s took 0.580s bytes in/out: 9096/2013, packets in/out: 11/7, rtt: 0.666s, retransmitted packets: 0, out-of-order packets: 0 default 17:27:19.853679 -0400 Core Sync [243 ] start default 17:27:21.403116 -0400 secd Microsoft Outloo[303]/1#16 LF=0 copy_matching Error Domain=NSOSStatusErrorDomain Code=-34018 "Client has neither com.apple.application-identifier, com.apple.security.application-groups nor keychain-access-groups entitlements" UserInfo={NSDescription=Client has neither com.apple.application-identifier, com.apple.security.application-groups nor keychain-access-groups entitlements} default 17:27:21.442425 -0400 nesessionmanager -[NESMSession setStatus:]:776 NESMVPNSession[MyClient - someuser:76FF4E17-someMoreNumbers1EC359]: status changed to disconnecting default 17:27:21.450275 -0400 nsurlsessiond received network changed event default 17:27:21.467515 -0400 CommCenter #I DATA.DataNetworkMonitorOSX: handleNetworkStateChanged_sync: nwi_state: 0x7fdf256247f0 default 17:27:21.467577 -0400 CommCenter #I DATA.DataNetworkMonitorOSX: checkIPConnectivity_sync: ***** ipConnectivityAvailable: true default 17:27:21.467610 -0400 CommCenter #I DATA.DataNetworkMonitorOSX: checkIPConnectivity_sync: Previous primary interface '' is DOWN. default 17:27:21.464626 -0400 airportd _processIPv4Changes: ARP/NDP offloads disabled, not programming the offload default 17:27:21.467640 -0400 CommCenter #I DATA.DataNetworkMonitorOSX: checkIPConnectivity_sync: Primary interface changed to '' with IP family: kDataProtocolFamilyIPv4 default 17:27:21.467692 -0400 CommCenter #I Firing event 'dataWifiAvailable': with params=The VPN disconnects at the line starting with default 17:27:21.442425 -0400Is there something suspicious that I missed in those logs?Is there anything that might cause this behavior, only on SMB?

I have a VPN app (Packet Tunnel Provider) for Mac at the App Store, and I got the following question from a customer:"Can the VPN stay connected between switching users in macOS?"The customer tested it and saw the following:"When switching users, VPN stays connected in Mojave OS but will be disconnected on Catalina OS."I don't know how to reply and I don't know what is the expected behavior in those cases.The only guess that I have is that it's not suppose to stay connected, because this is not a system extension, so it probably be relevant only to one user. But I'm not sure of it.Some details that might help - The VPN is not installed from MDM, and it comes with on-demamd rules to try and stay connected whenever there's traffic.

I've implemented a VPN app with Packet Tunnel Provider for iOS/macOS.When I'm trying to connect, and the VPN is at connecting state, all network connectivity is blocked.But from the documentation of startTunnelWithOptions, it seems that the OS shouldn't block the connectivity until I call to the startTunnelWithOptions' completion blockWhen the Packet Tunnel Provider executes the completionHandler block with a nil error parameter, it signals to the system that it is ready to begin handling network data.What I want is to allow some URLs to be accessible even at the connection state, or ot another words - to exclude some routes even before I have the tunnel. Is it possible?