Post

Replies

Boosts

Views

Activity

PacketTunnelProvider - Packetflow
I'm implementing a VPN client using PacketTunnelProvider.I have a C code that talk to my sever, and this C code also has callbacks to my Swift code.In those callbacks I just need to send / receive packets.I do not need to create a tunnel with the server, because the C code does it for me.So my question is, how to get all the packets ? I tried doing it with packetFlow, but without any success.(And as for the moment, i'm trying to do it at the startTunnelWithOptions function, but not sure if it's the right place)Thanks!
9
0
4.2k
Feb ’16
Unsatisfied entitlement
I'm tyring to implement a Packet Tunnel Provider for OSX.I have the entitlements, but when I try to run the app, it's immediatly crashing.At the console, I can see the following errors:Found 2 provisioning profiles com.apple.developer.networking.networkextension Disallowing com.myapp.MyApp[pid 73450] because its use of the com.apple.developer.networking.networkextension entitlement is not allowed killed com.myapp.MyApp[pid 73450] because its use of the com.apple.developer.networking.networkextension entitlement is not allowed (error code -67050)But as I said, I do have the entitlements, I'm using the correct provision profile, and I followed Eskimo tutorial at https://forums.developer.apple.com/message/75928#75928and everything looks as it should be.Any help would be appreciated!Edit: I created the provisioning profiles again, add them the network entitlements, cleaned the project, deleted the old profiles, and the problem still exists.
4
0
1.4k
Apr ’16
IPv6 + Packet Tunnel Provider
I've implemented a VPN app with Packet Tunnel Provider.In my app, I'm tunneling only the IPv4 traffic.Also, my server supprort only IPv4 addresses.From what I understand - now I will have to controll the traffic of IPv6 as well? Or can I still continue as usual, and support only IPv4 ? (I do want to controll most traffic from the device)
2
0
663
May ’16
NEVPNStatusDidChangeNotification - invalid
-I've implemented a VPN app (with Packet Tunnel Provider).I have an ovserver for NEVPNStatusDidChangeNotification.When the user press the "connect" button, 90 % of the time I get the notifications where the connection.status goes from Disconnected to Connecting and then to Connected.But I've already encounterd several cases, where the connection succeeded, but the notifications I got wereDisconnected -> Connecting - > InvalidAnd as I said, the connection been made and the VPN had been activated, so why I got the Invalid state ?Edit:Those are some of the system logs:name = <40-char-str> identifier = some-identifier-I-dont-know-1 applicationName = myApp application = myAppBundle grade = 1 VPN = { enabled = YES onDemandEnabled = YES onDemandRules = ( { action = connect interfaceTypeMatch = any }, ) protocol = { type = plugin identifier = some-identifier-I-dont-know-2 serverAddress = <16-char-str> username = <24-char-str> password = { identifier = some-identifier-I-dont-know-1 domain = user } passwordReference = <67656e70 00000000 00000417> identityDataImported = NO disconnectOnSleep = YES disconnectOnIdle = NO disconnectOUpdated network agent (inactive)vpnStatusDidChange: InvalidNESMVPNSession in state NESMVPNSessionStateIdle: update configuration NESMVPNSession: Received a start command from myApp
2
0
896
Jan ’17
Packet Tunnel Provider app - Distribute outside the App Store for MacOS
Is it possible to distrubite my VPN app (with packet tunnel provider) for MacOS with a standalone installer (such as .pkg/.dmg file) ?I think the answer is that it can't be done, but the reason I'm asking is that there are some clients who want to preinstall the app on some people's Macs instead of sending them to the App Store.So is it possible? or maybe the way to go here is by Apple Configurator ?
4
0
3.6k
Jun ’17
App crash - problem in saving the pass to keychain
I've implemented a MacOS app that among other things, uses keychain to save the user's password.For most of the time it works great, but every now and then, when I try to save the password - it crashes the app.The error I'm getting is:errSecNotAvailable (OSStatus -25291)I see that the description for this error is "No trust results are available."I can't repreduce it, but it's happened to some of my users.The code I'm using for the keychain part is taken from Apple's SimpleTunnel sampleWhat does this error means? How can I fix it ?This is partial stack trace:Exception Type: SIGILL Exception Codes: ILL_NOOP at 0x0 Crashed Thread: 0 Application Specific Information: Selector name found in current argument registers: release Thread 0 Crashed: 0 MyApp 0x000000010105fda1 0x101020000 + 261537 1 MyApp 0x0000000101060130 0x101020000 + 262448 2 MyApp 0x000000010107019f 0x101020000 + 328095 3 MyApp 0x000000010106f972 0x101020000 + 326002 4 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 5 AppKit 0x00007fffc9a96721 -[NSApplication(NSResponder) sendAction:to:from:] + 456 6 AppKit 0x00007fffc957acc4 -[NSControl sendAction:to:] + 86 7 AppKit 0x00007fffc957abec __26-[NSCell _sendActionFrom:]_block_invoke + 136 8 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 9 AppKit 0x00007fffc957ab44 -[NSCell _sendActionFrom:] + 128 10 AppKit 0x00007fffc95bd539 -[NSButtonCell _sendActionFrom:] + 98 11 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 12 AppKit 0x00007fffc9579426 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2481 13 AppKit 0x00007fffc95bd272 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 798 14 AppKit 0x00007fffc9577ddb -[NSControl mouseDown:] + 832 15 AppKit 0x00007fffc9c1224f -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 6341 16 AppKit 0x00007fffc9c0ea6c -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 1942 17 AppKit 0x00007fffc9c0df0a -[NSWindow(NSEventRouting) sendEvent:] + 541 18 AppKit 0x00007fffc9a92681 -[NSApplication(NSEvent) sendEvent:] + 1145 19 AppKit 0x00007fffc930d427 -[NSApplication run] + 1002 20 AppKit 0x00007fffc92d7e0e NSApplicationMain + 1237 21 MyApp 0x0000000101022219 0x101020000 + 8729 22 libdyld.dylib 0x00007fffe0fa7235 start + 1
2
0
3.0k
Nov ’17
Packet Tunnel Provider - sleep
I've implemented a VPN app with Packet Tunnel Provider for MacOS and iOS.I have two questions regarding the Extension's sleep/wake functions:1. If the VPN configuration is set with disconnectOnSleep = false, and at the extension I'm sending keep-alives every X seconds, What would happen when the device enters sleep mode? Will it keep sending keep-alive (because the VPN is configured with disconnectOnSleep=false) ?2. If the VPN configuration is set with disconnectOnSleep = true, and also isOnDemandEnabled = true. When the device enters sleep mode, do I need to disconnect the VPN myself? Or the OS would take care of it? And if I should disconnect it myself, the on-demand won't try to turn it on again (because the on-demand) ?
4
0
4.5k
Jan ’18
Keychain error -25308
I've implemented a VPN app (with Packet tunnel Provider) for MacOS.Each user has a password, which I'm saving at the keychain with a persistentReference.For some users (not many), the app fails to save the password and I got error -25308 which is User interaction is not allowed.Why does it happening and how can I solve it?
8
0
12k
Feb ’18
Get device IP
I have an iOS app and a MacOS app in which I want to display to the user it's device's local IP.If there is more than one IP, I would dispaly one of them, not matter which one.This is the code I'm using:func getIFAddresses() -> String { //var addresses = [String]() var address = "N/A" deviceLocalIp = "N/A" // Get list of all interfaces on the local machine: var ifaddr : UnsafeMutablePointer? guard getifaddrs(&ifaddr) == 0 else { return address } guard let firstAddr = ifaddr else { return address } // For each interface ... for ptr in sequence(first: firstAddr, next: { $0.pointee.ifa_next }) { let flags = Int32(ptr.pointee.ifa_flags) var addr = ptr.pointee.ifa_addr.pointee // Check for running IPv4, IPv6 interfaces. Skip the loopback interface. if (flags & (IFF_UP|IFF_RUNNING|IFF_LOOPBACK)) == (IFF_UP|IFF_RUNNING) { if addr.sa_family == UInt8(AF_INET) || addr.sa_family == UInt8(AF_INET6) { let interfaceName = String.init(cString: &ptr.pointee.ifa_name.pointee) //DDLogInfo("interfaceName:\(interfaceName)") // Convert interface address to a human readable string: var hostname = [CChar](repeating: 0, count: Int(NI_MAXHOST)) if (getnameinfo(&addr, socklen_t(addr.sa_len), &hostname, socklen_t(hostname.count), nil, socklen_t(0), NI_NUMERICHOST) == 0) { if interfaceName == "en0" { deviceLocalIp = String(cString: hostname) address = deviceLocalIp break } //if we don't have address from en0 - try get it from another interface //(but prefer from en0) if address == "N/A" && (interfaceName == "en0" || interfaceName == "en1" || interfaceName == "en2" || interfaceName == "pdp_ip" || interfaceName == "ap1") { deviceLocalIp = String(cString: hostname) address = deviceLocalIp } } } } } freeifaddrs(ifaddr) return address } }For IPv4 it seems to work well.For IPv6 (via Mac's Internet Sharing), I'm getting an IPv6 address, but it's not the address I'm expecting to connect -at the Network I see that my device is connected and has the IP address X and the result I'm getting with this code is address Y.P.S -For debugging, I printed all the IPs, not just the first, and still didn't get the correct one..
8
0
8.0k
Oct ’18
Split tunnel - bug at the Include routes and search domains
I noticed a bug at the Packet Tunnel Provider app for macOS (maybe also for iOS, I didn't test it there it):If I'm configuring a split tunnel, with wildcard match domain (empty string) - the system should consult its DNS server for all domains first, as listed here - https://forums.developer.apple.com/thread/35027Now I've added some searchDomains. When There's no split tunnel, or there's a split tunnel with 'Exclude Routes', everything goes well.But if the split tunnel is configured with 'Include Routes', it seems that the searchDomains aren't added to the DNS queries.For example:Lets say searchDomains contains the postfix 'com'- working scenario: I've defined some routes at the split tunnel exclude, and run ping googlethis worked well and I got results for google.com- not working scenario: I've defined some routes at the split tunnel include, where google is one of those routes.running ping google won't work and I get the error: ping: cannot resolve google: Unknown host
6
0
2.2k
Jan ’19
Network Extension crash - AutoreleasePoolPage
I've got some crashes reports which aren't easy to understand.All the crashes happened at the Packet Tunnel Provider (Network extension, macOS app).My guess is that those crashes are related to the autorelease pool, which I'm using when I'm writing packets to packetFlow.This is the stack:Exception Type: SIGSEGV Exception Codes: SEGV_MAPERR at 0x12fe2328 Crashed Thread: 5 Thread 5 Crashed: 0 libobjc.A.dylib 0x00000001a9b2c140 objc_release + 16 1 libobjc.A.dylib 0x00000001a9b2d6d0 AutoreleasePoolPage::releaseUntil(objc_object**) + 176 2 libobjc.A.dylib 0x00000001a9b2d5c8 objc_autoreleasePoolPop + 220 3 libdispatch.dylib 0x00000001a9ab7164 _dispatch_last_resort_autorelease_pool_pop + 36 4 libdispatch.dylib 0x00000001a9a63e54 _dispatch_lane_invoke$VARIANT$mp + 508 5 libdispatch.dylib 0x00000001a9a6d314 _dispatch_workloop_worker_thread + 584 6 libsystem_pthread.dylib 0x00000001a9b06f88 _pthread_wqthread + 272 7 libsystem_pthread.dylib 0x00000001a9b09ad4 start_wqthread + 4 Thread 0: 0 libsystem_kernel.dylib 0x00000001a9bc0634 mach_msg_trap + 8 1 CoreFoundation 0x00000001a9d6704c __CFRunLoopServiceMachPort + 212 2 CoreFoundation 0x00000001a9d6216c __CFRunLoopRun + 1440 3 CoreFoundation 0x00000001a9d618a0 CFRunLoopRunSpecific + 460 4 Foundation 0x00000001aa0a1824 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 224 5 Foundation 0x00000001aa0db238 -[NSRunLoop(NSRunLoop) run] + 84 6 libxpc.dylib 0x00000001a99bf1f8 _xpc_objc_main + 300 7 libxpc.dylib 0x00000001a99c1b38 xpc_main + 144 8 Foundation 0x00000001aa0dd368 -[NSXPCListener resume] + 168 9 PlugInKit 0x00000001b702cbb0 __PLUGINKIT_CALLING_OUT_TO_CLIENT_SUBSYSTEM_FOR_BEGINUSING__ + 31872 10 PlugInKit 0x00000001b702c8bc __PLUGINKIT_CALLING_OUT_TO_CLIENT_SUBSYSTEM_FOR_BEGINUSING__ + 31116 11 PlugInKit 0x00000001b702cfc0 __PLUGINKIT_CALLING_OUT_TO_CLIENT_SUBSYSTEM_FOR_BEGINUSING__ + 32912 12 Foundation 0x00000001aa2b8018 NSExtensionMain + 60 13 libdyld.dylib 0x00000001a9bec360 start + 0 Thread 1: 0 libsystem_kernel.dylib 0x00000001a9be2a7c __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x00000001a9b09ad4 start_wqthread + 4 Thread 2: 0 MyAppNEExtenstion 0x000000010101de84 0x100e7c000 + 1711748 1 MyAppNEExtenstion 0x000000010102c2b8 0x100e7c000 + 1770168 2 libsystem_pthread.dylib 0x00000001a9b061d0 _pthread_start + 120 3 libsystem_pthread.dylib 0x00000001a9b09ae0 thread_start + 4 Thread 3: 0 libsystem_kernel.dylib 0x00000001a9bc0634 mach_msg_trap + 8 1 CoreFoundation 0x00000001a9d6704c __CFRunLoopServiceMachPort + 212 2 CoreFoundation 0x00000001a9d6216c __CFRunLoopRun + 1440 3 CoreFoundation 0x00000001a9d618a0 CFRunLoopRunSpecific + 460 4 CFNetwork 0x00000001ad025034 0x1ad023000 + 8244 5 Foundation 0x00000001aa1d20c4 __NSThread__start__ + 844 6 libsystem_pthread.dylib 0x00000001a9b061d0 _pthread_start + 120 7 libsystem_pthread.dylib 0x00000001a9b09ae0 thread_start + 4 Thread 4: 0 libsystem_kernel.dylib 0x00000001a9be2a7c __workq_kernreturn + 8 1 libsystem_pthread.dylib 0x00000001a9b09ad4 start_wqthread + 4 Thread 5 crashed with arm64 Thread State: x21: 0x00000000a1a1a1a1 x2: 0x000000000000a93f x16: 0x00000001a9b2c130 x3: 0x0000000000000005 x22: 0x000000016f1230e0 x4: 0x000000012fde05c0 x17: 0x0000000000000001 cpsr: 0x0000000020000000 x5: 0x0000000000000005 x23: 0x00000003a3a3a3a3 x6: 0x0000000000000000 x18: 0x0000000000000000 x10: 0x0000000130054040 lr: 0x00000001a9b2d6d0 x7: 0x0000000000000403 x24: 0x000000016f1230e0 x11: 0x000000016f122a08 x8: 0x0000000012fe2308 x19: 0x0000000130054000 x25: 0x000000016f1230e0 x9: 0x0000000130054048 x12: 0x000000012fde0000 fp: 0x000000016f122990 x26: 0x000000012fd1a9f8 x13: 0x0000000000003fff pc: 0x00000001a9b2c140 x27: 0x000000016f123180 x14: 0x00000000bb72fcc4 x20: 0x0000000130054038 x0: 0x000000012fe22980 sp: 0x000000016f122960 x28: 0x000000016f122ab0 x15: 0x00000000000065dc x1: 0x0000000130054038I'll be happy for a little help with those crashes, and to know if it's really related to the autorelease pool.
1
0
1.2k
Nov ’19
How to debug "Network is unreachable" - Edit: added some details
I've implemented a VPN app with Packet Tunnel Provider, both for iOS and macOS (both apps use the same extension code, with some minor differences).For the macOS app, I'm getting reports from users that sometimes they can't connect using the client and has to disconnect and reconnect again their network (wireless or wired) in order to connect again. From the app's logs, I can see the message "Network is unreachable".This is not true because the users tried to ping multiple sites, and it went fine. So there is a reachable network.More info:They aren't at an IPv6 only environment (and anyway, my apps support IPv6).I'm using BSD sockets.Some users reported that when this happens, if they wait long enough ~10 min, they are able to connect again.The iOS app has no such problems even it uses the same code.So in order to solve it, how can I get more information? Can my app get the network information, and check the sockets state?Can I get the system's logs and information and save it to my log file?Is there something that might explain this behavior, like "the PacketTunnelProvider wasn't killed properly", the PacketTunnelProvider crashed and the cause networking problems?Edit: Is it possible, that some of the following cases are the cause for the "Network is unreachable" error?In all of those cases, the onDemand is enabled:-The VPN disconnects and then immediately reconnect (on demands takes effect), but it does so without waiting 20 seconds, which triggers the known bug for macOS Packet Tunnel Provider- The device enters sleep mode, but the VPN tries to connect again and again (on demands takes effect)
8
0
4.0k
Nov ’19
PacketTunnelProvider - ENOBUFS
For my VPN app for macOS, implemented with Packet Tunnel Provider, I'm using BSD sockets, over UDP, and they are non-blocking.If I'm trying to send large files (~1GB), I'm getting the error ENOBUFS (No buffer space available).I've tried setting SO_SNDBUF, but it didn't help.In addition, I saw this very old discussion about this problem at macOS - https://lists.freebsd.org/pipermail/freebsd-hackers/2004-January/005369.htmlIs there anything I can do to solve it? At the moment I can't send big files via my app.
2
0
797
Nov ’19
macOS Catalina - Current bundle does not have a SystemExtensions directory
I've upgraded my macOS to Catalina. Then I tried to run via Xcode my macOS VPN app (implemented with Packet Tunnel Provider) -The VPN fails to connect and I see at the Console a lot of errors, such as:Current bundle (/Users/myClientPath/Client.app) does not have a SystemExtensions directoryNESMVPNSession[Primary Tunnel:myDetails:(null)]: Received a start command from myClient[2061]Found 0 (0 active) registrations for com.my.bundle.id.extension (com.apple.networkextension.packet-tunnel) - this msgs repeats several timesNEVPNTunnelPlugin(com.my.bundle.id[794]): Validation of the extension failedNESMVPNSession in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin started with PID 0 error (null)Hub connection error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 0 named com.my.bundle.id.extensiondisposingFailed to start extension com.my.bundle.id.extensionNSDebugDescription=connection to service on pid 0 named com.my.bundle.id.extensionHow can I solve it?
5
0
1.3k
Dec ’19
What to do in case onDemand is enabled, but connection is not allowed
I've implemented a VPN app with Packet Tunnel Provider for iOS and macOS.During the conenction process, in addition to the username and the password, I'm also sending a cookie to my server.Now I have this scenario: The user configured the VPN to be on-demand with a rule to always connect, and then he connected the VPN.While the user is connected, some time passes, and then the cookie is expired. So my server shuts down the tunnel.I'm recognizing this "expired cookie" error at the Extension, and I'm stopping the tunnel as well.But because of the on-demand, the OS will call again to startTunnelWithOptions() and when it will fail (because of the expired cookie), it will call it again and again.It will be solved only when the user will open the app, and do some action to get another cookie.Is there a way to stop the onDemand from the Extension, even if the containing app is closed?If no - is there another solution to this problem?P.S - till now what I did was to display an alert to the user on those cases, but it's not a "complete" solution, and also it had some issuess. I opened another thread regarding this.
0
0
351
Dec ’19