Post

Replies

Boosts

Views

Activity

PacketTunnelProvider - Packetflow
I'm implementing a VPN client using PacketTunnelProvider.I have a C code that talk to my sever, and this C code also has callbacks to my Swift code.In those callbacks I just need to send / receive packets.I do not need to create a tunnel with the server, because the C code does it for me.So my question is, how to get all the packets ? I tried doing it with packetFlow, but without any success.(And as for the moment, i'm trying to do it at the startTunnelWithOptions function, but not sure if it's the right place)Thanks!
9
0
4.2k
Feb ’16
Unsatisfied entitlement
I'm tyring to implement a Packet Tunnel Provider for OSX.I have the entitlements, but when I try to run the app, it's immediatly crashing.At the console, I can see the following errors:Found 2 provisioning profiles com.apple.developer.networking.networkextension Disallowing com.myapp.MyApp[pid 73450] because its use of the com.apple.developer.networking.networkextension entitlement is not allowed killed com.myapp.MyApp[pid 73450] because its use of the com.apple.developer.networking.networkextension entitlement is not allowed (error code -67050)But as I said, I do have the entitlements, I'm using the correct provision profile, and I followed Eskimo tutorial at https://forums.developer.apple.com/message/75928#75928and everything looks as it should be.Any help would be appreciated!Edit: I created the provisioning profiles again, add them the network entitlements, cleaned the project, deleted the old profiles, and the problem still exists.
4
0
1.5k
Apr ’16
IPv6 + Packet Tunnel Provider
I've implemented a VPN app with Packet Tunnel Provider.In my app, I'm tunneling only the IPv4 traffic.Also, my server supprort only IPv4 addresses.From what I understand - now I will have to controll the traffic of IPv6 as well? Or can I still continue as usual, and support only IPv4 ? (I do want to controll most traffic from the device)
2
0
669
May ’16
NEVPNStatusDidChangeNotification - invalid
-I've implemented a VPN app (with Packet Tunnel Provider).I have an ovserver for NEVPNStatusDidChangeNotification.When the user press the "connect" button, 90 % of the time I get the notifications where the connection.status goes from Disconnected to Connecting and then to Connected.But I've already encounterd several cases, where the connection succeeded, but the notifications I got wereDisconnected -> Connecting - > InvalidAnd as I said, the connection been made and the VPN had been activated, so why I got the Invalid state ?Edit:Those are some of the system logs:name = <40-char-str> identifier = some-identifier-I-dont-know-1 applicationName = myApp application = myAppBundle grade = 1 VPN = { enabled = YES onDemandEnabled = YES onDemandRules = ( { action = connect interfaceTypeMatch = any }, ) protocol = { type = plugin identifier = some-identifier-I-dont-know-2 serverAddress = <16-char-str> username = <24-char-str> password = { identifier = some-identifier-I-dont-know-1 domain = user } passwordReference = <67656e70 00000000 00000417> identityDataImported = NO disconnectOnSleep = YES disconnectOnIdle = NO disconnectOUpdated network agent (inactive)vpnStatusDidChange: InvalidNESMVPNSession in state NESMVPNSessionStateIdle: update configuration NESMVPNSession: Received a start command from myApp
2
0
901
Jan ’17
Packet Tunnel Provider app - Distribute outside the App Store for MacOS
Is it possible to distrubite my VPN app (with packet tunnel provider) for MacOS with a standalone installer (such as .pkg/.dmg file) ?I think the answer is that it can't be done, but the reason I'm asking is that there are some clients who want to preinstall the app on some people's Macs instead of sending them to the App Store.So is it possible? or maybe the way to go here is by Apple Configurator ?
4
0
3.6k
Jun ’17
App crash - problem in saving the pass to keychain
I've implemented a MacOS app that among other things, uses keychain to save the user's password.For most of the time it works great, but every now and then, when I try to save the password - it crashes the app.The error I'm getting is:errSecNotAvailable (OSStatus -25291)I see that the description for this error is "No trust results are available."I can't repreduce it, but it's happened to some of my users.The code I'm using for the keychain part is taken from Apple's SimpleTunnel sampleWhat does this error means? How can I fix it ?This is partial stack trace:Exception Type: SIGILL Exception Codes: ILL_NOOP at 0x0 Crashed Thread: 0 Application Specific Information: Selector name found in current argument registers: release Thread 0 Crashed: 0 MyApp 0x000000010105fda1 0x101020000 + 261537 1 MyApp 0x0000000101060130 0x101020000 + 262448 2 MyApp 0x000000010107019f 0x101020000 + 328095 3 MyApp 0x000000010106f972 0x101020000 + 326002 4 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 5 AppKit 0x00007fffc9a96721 -[NSApplication(NSResponder) sendAction:to:from:] + 456 6 AppKit 0x00007fffc957acc4 -[NSControl sendAction:to:] + 86 7 AppKit 0x00007fffc957abec __26-[NSCell _sendActionFrom:]_block_invoke + 136 8 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 9 AppKit 0x00007fffc957ab44 -[NSCell _sendActionFrom:] + 128 10 AppKit 0x00007fffc95bd539 -[NSButtonCell _sendActionFrom:] + 98 11 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 12 AppKit 0x00007fffc9579426 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2481 13 AppKit 0x00007fffc95bd272 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 798 14 AppKit 0x00007fffc9577ddb -[NSControl mouseDown:] + 832 15 AppKit 0x00007fffc9c1224f -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 6341 16 AppKit 0x00007fffc9c0ea6c -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 1942 17 AppKit 0x00007fffc9c0df0a -[NSWindow(NSEventRouting) sendEvent:] + 541 18 AppKit 0x00007fffc9a92681 -[NSApplication(NSEvent) sendEvent:] + 1145 19 AppKit 0x00007fffc930d427 -[NSApplication run] + 1002 20 AppKit 0x00007fffc92d7e0e NSApplicationMain + 1237 21 MyApp 0x0000000101022219 0x101020000 + 8729 22 libdyld.dylib 0x00007fffe0fa7235 start + 1
2
0
3.0k
Nov ’17
Packet Tunnel Provider - sleep
I've implemented a VPN app with Packet Tunnel Provider for MacOS and iOS.I have two questions regarding the Extension's sleep/wake functions:1. If the VPN configuration is set with disconnectOnSleep = false, and at the extension I'm sending keep-alives every X seconds, What would happen when the device enters sleep mode? Will it keep sending keep-alive (because the VPN is configured with disconnectOnSleep=false) ?2. If the VPN configuration is set with disconnectOnSleep = true, and also isOnDemandEnabled = true. When the device enters sleep mode, do I need to disconnect the VPN myself? Or the OS would take care of it? And if I should disconnect it myself, the on-demand won't try to turn it on again (because the on-demand) ?
4
0
4.5k
Jan ’18
Keychain error -25308
I've implemented a VPN app (with Packet tunnel Provider) for MacOS.Each user has a password, which I'm saving at the keychain with a persistentReference.For some users (not many), the app fails to save the password and I got error -25308 which is User interaction is not allowed.Why does it happening and how can I solve it?
8
0
12k
Feb ’18
Get device IP
I have an iOS app and a MacOS app in which I want to display to the user it's device's local IP.If there is more than one IP, I would dispaly one of them, not matter which one.This is the code I'm using:func getIFAddresses() -> String { //var addresses = [String]() var address = "N/A" deviceLocalIp = "N/A" // Get list of all interfaces on the local machine: var ifaddr : UnsafeMutablePointer? guard getifaddrs(&ifaddr) == 0 else { return address } guard let firstAddr = ifaddr else { return address } // For each interface ... for ptr in sequence(first: firstAddr, next: { $0.pointee.ifa_next }) { let flags = Int32(ptr.pointee.ifa_flags) var addr = ptr.pointee.ifa_addr.pointee // Check for running IPv4, IPv6 interfaces. Skip the loopback interface. if (flags & (IFF_UP|IFF_RUNNING|IFF_LOOPBACK)) == (IFF_UP|IFF_RUNNING) { if addr.sa_family == UInt8(AF_INET) || addr.sa_family == UInt8(AF_INET6) { let interfaceName = String.init(cString: &ptr.pointee.ifa_name.pointee) //DDLogInfo("interfaceName:\(interfaceName)") // Convert interface address to a human readable string: var hostname = [CChar](repeating: 0, count: Int(NI_MAXHOST)) if (getnameinfo(&addr, socklen_t(addr.sa_len), &hostname, socklen_t(hostname.count), nil, socklen_t(0), NI_NUMERICHOST) == 0) { if interfaceName == "en0" { deviceLocalIp = String(cString: hostname) address = deviceLocalIp break } //if we don't have address from en0 - try get it from another interface //(but prefer from en0) if address == "N/A" && (interfaceName == "en0" || interfaceName == "en1" || interfaceName == "en2" || interfaceName == "pdp_ip" || interfaceName == "ap1") { deviceLocalIp = String(cString: hostname) address = deviceLocalIp } } } } } freeifaddrs(ifaddr) return address } }For IPv4 it seems to work well.For IPv6 (via Mac's Internet Sharing), I'm getting an IPv6 address, but it's not the address I'm expecting to connect -at the Network I see that my device is connected and has the IP address X and the result I'm getting with this code is address Y.P.S -For debugging, I printed all the IPs, not just the first, and still didn't get the correct one..
8
0
8k
Oct ’18
Split tunnel - bug at the Include routes and search domains
I noticed a bug at the Packet Tunnel Provider app for macOS (maybe also for iOS, I didn't test it there it):If I'm configuring a split tunnel, with wildcard match domain (empty string) - the system should consult its DNS server for all domains first, as listed here - https://forums.developer.apple.com/thread/35027Now I've added some searchDomains. When There's no split tunnel, or there's a split tunnel with 'Exclude Routes', everything goes well.But if the split tunnel is configured with 'Include Routes', it seems that the searchDomains aren't added to the DNS queries.For example:Lets say searchDomains contains the postfix 'com'- working scenario: I've defined some routes at the split tunnel exclude, and run ping googlethis worked well and I got results for google.com- not working scenario: I've defined some routes at the split tunnel include, where google is one of those routes.running ping google won't work and I get the error: ping: cannot resolve google: Unknown host
6
0
2.2k
Jan ’19
How to debug "Network is unreachable" - Edit: added some details
I've implemented a VPN app with Packet Tunnel Provider, both for iOS and macOS (both apps use the same extension code, with some minor differences).For the macOS app, I'm getting reports from users that sometimes they can't connect using the client and has to disconnect and reconnect again their network (wireless or wired) in order to connect again. From the app's logs, I can see the message "Network is unreachable".This is not true because the users tried to ping multiple sites, and it went fine. So there is a reachable network.More info:They aren't at an IPv6 only environment (and anyway, my apps support IPv6).I'm using BSD sockets.Some users reported that when this happens, if they wait long enough ~10 min, they are able to connect again.The iOS app has no such problems even it uses the same code.So in order to solve it, how can I get more information? Can my app get the network information, and check the sockets state?Can I get the system's logs and information and save it to my log file?Is there something that might explain this behavior, like "the PacketTunnelProvider wasn't killed properly", the PacketTunnelProvider crashed and the cause networking problems?Edit: Is it possible, that some of the following cases are the cause for the "Network is unreachable" error?In all of those cases, the onDemand is enabled:-The VPN disconnects and then immediately reconnect (on demands takes effect), but it does so without waiting 20 seconds, which triggers the known bug for macOS Packet Tunnel Provider- The device enters sleep mode, but the VPN tries to connect again and again (on demands takes effect)
8
0
4.0k
Nov ’19
PacketTunnelProvider - ENOBUFS
For my VPN app for macOS, implemented with Packet Tunnel Provider, I'm using BSD sockets, over UDP, and they are non-blocking.If I'm trying to send large files (~1GB), I'm getting the error ENOBUFS (No buffer space available).I've tried setting SO_SNDBUF, but it didn't help.In addition, I saw this very old discussion about this problem at macOS - https://lists.freebsd.org/pipermail/freebsd-hackers/2004-January/005369.htmlIs there anything I can do to solve it? At the moment I can't send big files via my app.
2
0
804
Nov ’19
macOS Catalina - Current bundle does not have a SystemExtensions directory
I've upgraded my macOS to Catalina. Then I tried to run via Xcode my macOS VPN app (implemented with Packet Tunnel Provider) -The VPN fails to connect and I see at the Console a lot of errors, such as:Current bundle (/Users/myClientPath/Client.app) does not have a SystemExtensions directoryNESMVPNSession[Primary Tunnel:myDetails:(null)]: Received a start command from myClient[2061]Found 0 (0 active) registrations for com.my.bundle.id.extension (com.apple.networkextension.packet-tunnel) - this msgs repeats several timesNEVPNTunnelPlugin(com.my.bundle.id[794]): Validation of the extension failedNESMVPNSession in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin started with PID 0 error (null)Hub connection error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 0 named com.my.bundle.id.extensiondisposingFailed to start extension com.my.bundle.id.extensionNSDebugDescription=connection to service on pid 0 named com.my.bundle.id.extensionHow can I solve it?
5
0
1.3k
Dec ’19
What to do in case onDemand is enabled, but connection is not allowed
I've implemented a VPN app with Packet Tunnel Provider for iOS and macOS.During the conenction process, in addition to the username and the password, I'm also sending a cookie to my server.Now I have this scenario: The user configured the VPN to be on-demand with a rule to always connect, and then he connected the VPN.While the user is connected, some time passes, and then the cookie is expired. So my server shuts down the tunnel.I'm recognizing this "expired cookie" error at the Extension, and I'm stopping the tunnel as well.But because of the on-demand, the OS will call again to startTunnelWithOptions() and when it will fail (because of the expired cookie), it will call it again and again.It will be solved only when the user will open the app, and do some action to get another cookie.Is there a way to stop the onDemand from the Extension, even if the containing app is closed?If no - is there another solution to this problem?P.S - till now what I did was to display an alert to the user on those cases, but it's not a "complete" solution, and also it had some issuess. I opened another thread regarding this.
0
0
358
Dec ’19
PacketTunnelProvider - display an alert to the user (from Extension)
There are some cases at VPNM app (PacketTunnelProvider, for iOS/macOS), in which I want to display an alert to the user from the Extension.Till recently, I used the function displayMessage() which is now deprecated.So now I'm using UNUserNotificationCenter, but there are some issues with that:1. How can I display notifications from the extension, if the user chose not to authorize notifications? Sure, he can choose to do that, but then I don't have any valid way to display notifications from the extension?2. Is there a way to make the notification persistant? Something like an alert, which will require the user to press an "ok" button.3. What happens when the device enters sleep mode? The notification will wake the device? Or will it be shown only after the device exit sleep mode? Or maybe it won't be shown at all..?
4
0
627
Dec ’19