A question regarding Apple Configurator - VPN Payload - Custom SSL: If I'm setting the User Authentication to 'Certificate', I'm able to enable the VPN On-Demand and add rules. But if I'm setting the User Authentication to 'Password', I don't have the option to enable the on-Demand. Is there a way to configure the on-demand if my connection requires just a PSK, and not a certificate?

At my iOS/MacOS VPN apps (Packet Tunnel Provider), I'm creating the configuration at the containing app, setting all the needed fields, and specifically - the password reference points to the password at the keychain. But what happens when I'm creating the VPN payload via Apple Configurator (or via some MDM) - I have the Password field, but at the extension I get the password reference - at which keychain I need to search it? P.S - this is the main part I'm using to save the pass ref at my containing app:  let attributes: [AnyHashable: Any] = [                 kSecAttrService as AnyHashable : UUID().uuidString,                 kSecValueData as AnyHashable : passwordData,                 kSecAttrAccessible as AnyHashable : kSecAttrAccessibleAlways,                 kSecClass as AnyHashable : kSecClassGenericPassword,                 kSecReturnPersistentRef as AnyHashable : kCFBooleanTrue,                 kSecAttrSynchronizable as AnyHashable : kCFBooleanTrue             ]                      var result: AnyObject?             status = SecItemAdd(attributes as CFDictionary, &result)

I've implemented a custom VPN app for macOS (using Packet Tunnel Provider). I set includeAllNetworks at the protocolConfiguration. When this field is set, I can't connect and I can't send traffic even at the extension. Even simple calls at the extension, like getaddrinfo or curl fails. If I'm unsetting this variable (includeAllNetworks = false) then I can connect without a problem. In addition I can see those lines at the Xcode Console: Connection 2: encountered error(1:53) Connection 3: encountered error(1:53) Connection 1: encountered error(1:53) And those lines at the Console: No mDNS_Keepalive for interface en8/IOSkywalkLegacyEthernetInterface kr 0xE00002C0 NetWakeInterface: en8 <private> no WOMP uDNS_CheckCurrentQuestion: host unreachable error for DNS server <private> for question failed to send packet on InterfaceID 0x5 en8/4 to <private>:53 skt 74 error -1 errno 65 (No route to host) 

If I'm creating a VPN profile for my app (custom VPN), set the on-demand to true, and installing it via MDM, and in addition, mark the profile as un-removable. Would the user would be able to turn off the on-demand via the UI? If not (because it's non-removable), he would probably just be able to disconnect the VPN, but then it will be enable again, because of the on-demand, correct? And in addition, if I'm also setting the flag 'include all networks' - when the user disconnects the VPN, will he have traffic (in case profile is unremovable)?

I've implemented a custom VPN app for macOS (Packet Tunnel Provider). I've added to the protocol configuration the flag 'includeAllNetworks'. For some reason, there are multiple times where the initial connection to the VPN fails. I'm using sockets, getaddrinfo func, and lib curl. But when this flag is set, it seems that there's no internet access, even before the first connection of the VPN. The weird thing is - that sometimes the VPN connects without a problem. Without this flag the VPN always connects without a problem. Are there any limitations I should know regarding to using this flag?

I've implemented a custom VPN app (Packet Tunnel Provider) for macOS. Configured with full tunnel, on-demand with a rule to always connect, and disconnects on sleep. Is Power Nap considers as a sleep mode? Because the VPN disconnects when Mac enters Power Nap. If yes - Should the VPN reconnects when the Macs periodically checks for mails/ other stuff? According to the documentation - "Power Nap supports VPN connections that use a certificate to authenticate, not VPN connections that require entering a password.)" But everything is already configured, the user shouldn't enter his password again when the VPN reconnects. So I'm not sure what suppose to happen in this case.

I've implemented a VPN app using Packet Tunnel Provider for macOS. Using Apple Configurator, I can create a VPN profile for my custom SSL. But what happens when the user installs this profile? It's creating a VPN (at the network preferences), but what's the relationship between this and my app? I know that now it's possible to load this VPN via my app, but what benefits I get from this? Can I set some values via the profile that I can't set via code? Another question - is it possible to create a profile for one of the native VPN on the Mac, and to create a personal VPN app, which will use this profile, and do some things before connecting to the VPN? Final question: At Apple Configurator, there are some built-in options at the connection type, such as Pulse, Check Point, etc.. What's the process of getting into that list?

I want to let my users configure IKEv2 VPN with always-on. I know this is possible using Apple Configurator + the native system's IKEv2 VPN. But I want to have a "wrapper" app - some values will be defined at the Apple Configurator, and other values will be defined at my app, which will trigger the system's IKEv2. Is it possible to use VPN payload for a 'personal' VPN app (without Packet Tunnel Provider)? Is it possible to do it with the VPN payload for 'Custom SSL'? Can I create an app, that creates a 'Personal VPN' of type IKEv2, gets the payload from Apple Configurator, sets some values, and starts the VPN? If yes, is it possible to configure the always-on in this case? Or is the 'Custom SSL' is meant only for 'Packet Tunnel Providers' (and then I can't have always-on)?

This is a duplicate of a question I already asked (https://developer.apple.com/forums/thread/133303?login=true), but I wanted to edit its tags, and I couldn't do it, so I'm asking again: I've implemented a VPN app for iOS and macOS using Packet Tunnel Provider. I released a macOS testing version for our QA (development distribution). On two different Macs the app works great, but on a third Mac, the app crashes when the extension tries to send local messages using UNUserNotificationCenter. The user chose (at the containing app) to not allow the app to send local notifications. At the extension, I'm trying to send a notification, but AFAIK this code should do nothing if the user didn't allow it. But it shouldn't crash the app. This is the exception: Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURL And those are the logs from the Console: default 11:38:21.517414+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: set configuration completed with result 1 default 11:38:21.517894+0300 MyAppExtension [Extension com.myappname.mac.MyApp.MyAppExtension]: reasserting set to 0 default 11:38:21.518080+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) status changed to connected default 11:38:21.518140+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Leaving state NESMVPNSessionStateStarting default 11:38:21.518189+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Entering state NESMVPNSessionStateRunning default 11:38:21.518235+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: status changed to connected default 11:38:21.519428+0300 configd nw_path_evaluator_start [1AEEC643-2DF1-4261-AC70-E4AB53F87A10 IPv4#e9b1bae6:0 generic, indefinite] &#9;path: satisfied (Path is satisfied), interface: utun2, ipv4, dns default 11:38:21.518306+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Updated network agent (active, compulsory, not-user-activiated, not-kernel-activated) default 11:38:21.520052+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Received an IPC establish request from MyApp[506] default 11:38:21.520288+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: received establish IPC message default 11:38:21.521861+0300 neagent Scheduing timer for extension failure/exit for C653C3F5-4B0B-430A-B76A-E3C187F0A116 error 11:38:21.522715+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin interrupted while in use. default 11:38:21.520565+0300 MyAppExtension no registered bundle with URL default 11:38:21.522779+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] terminating default 11:38:21.521476+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) started with PID 887 error (null) default 11:38:21.520797+0300 MyAppExtension * Assertion failure in +[UNUserNotificationCenter currentNotificationCenter], /BuildRoot/Library/Caches/com.apple.xbs/Sources/UserNotifications/UserNotifications-281.6/UNUserNotificationCenter.m:44 default 11:38:21.523380+0300 AirPlayXPCHelper PrimaryIPv4 changed: 10.41.183.51 default 11:38:21.521461+0300 MyAppExtension * Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURL file:///private/var/folders/p5/qjrcgyl50fg2g609bmwhy3zm0000gn/T/AppTranslocation/2E09CAAF-06B1-44D4-90DB-E90EA54C806D/d/MyApp.app/Contents/PlugIns/MyAppExtension.appex/'** First throw call stack: ( &#9;0&#9; CoreFoundation&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;0x00007fff2cff538b __exceptionPreprocess + 250 &#9;1&#9; libobjc.A.dylib&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; 0x00007fff6318a552 objc_exception_throw + 48 &#9;2&#9; CoreFoundation&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;0x00007fff2d01e8b8 +[NSException raise:format:arguments:] + 88 &#9;3&#9; Foundation&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;0x00007fff2f73b221 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191 &#9;4&#9; UserNotifications&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; 0x00007fff3a942919 __53+[UNUserNotificationCenter currentNotificationCenter]_block_invoke + 922 &#9;5&#9; libdispatch.dylib&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9;&#9; 0x00007fff6449350e _dispatch_client_callout + 8 &#9;6&#9; l&lt;…&gt; default 11:38:21.523612+0300 AirPlayXPCHelper PrimaryIPv6 changed: &lt;< AF_UNSPEC &gt;> default 11:38:21.523597+0300 sharingd PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;< AF_UNSPEC &gt;> error 11:38:21.523062+0300 neagent Extension com.myappname.mac.MyApp.MyAppExtension died unexpectedly default 11:38:21.524744+0300 AirPlayXPCHelper PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;< AF_UNSPEC &gt;> error 11:38:21.524288+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin invalidated while in use. ... P.S: I also submitted a feedback about this bug - FB7730197

I've implemented a VPN app for iOS and macOS, using Packet Tunnel Provider.I've set the VPN to be on-demand with on-demand rule to connect.I tested it, and on my devices (Mac and iPhone) it works great - the VPN reconnects after sleep and after restarting the device.But one of my customers reported that the VPN doesn't reconnects after restarting his Mac (but it does reconnect after exiting sleep).I tried to find a documentation about it - is the VPN should reconnect after the device restart (assuming all on-demand rules are met)?I saw it should for always-on VPNs, but I'm asking if it should do it for on-demand VPNs as well.

I've implemented a VPN app for iOS and macOS using Packet Tunnel Provider.I released a macOS testing version for our QA (development distribution).On two different Macs the app works great, but on a third Mac, the app crashes when the extension tries to send local messages using UNUserNotificationCenter.The user chose (at the containing app) to not allow the app to send local notifications.At the extension, I'm trying to send a notification, but AFAIK this code should do nothing if the user didn't allow it. But it shouldn't crash the app.This is the exception:* Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURLAnd those are the logs from the Console:default 11:38:21.516927+0300 nesessionmanager nw_network_agent_add_to_interface_internal Successfully added agent to "utun2" default 11:38:21.517414+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: set configuration completed with result 1 default 11:38:21.517894+0300 MyAppExtension [Extension com.myappname.mac.MyApp.MyAppExtension]: reasserting set to 0 default 11:38:21.518080+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) status changed to connected default 11:38:21.518140+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Leaving state NESMVPNSessionStateStarting default 11:38:21.518189+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Entering state NESMVPNSessionStateRunning default 11:38:21.518235+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: status changed to connected default 11:38:21.519428+0300 configd nw_path_evaluator_start [1AEEC643-2DF1-4261-AC70-E4AB53F87A10 IPv4#e9b1bae6:0 generic, indefinite] path: satisfied (Path is satisfied), interface: utun2, ipv4, dns default 11:38:21.518306+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Updated network agent (active, compulsory, not-user-activiated, not-kernel-activated) default 11:38:21.520052+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Received an IPC establish request from MyApp[506] default 11:38:21.520288+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: received establish IPC message default 11:38:21.521861+0300 neagent Scheduing timer for extension failure/exit for C653C3F5-4B0B-430A-B76A-E3C187F0A116 error 11:38:21.522715+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin interrupted while in use. default 11:38:21.520565+0300 MyAppExtension no registered bundle with URL default 11:38:21.522779+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] terminating default 11:38:21.521476+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) started with PID 887 error (null) default 11:38:21.520797+0300 MyAppExtension *** Assertion failure in +[UNUserNotificationCenter currentNotificationCenter], /BuildRoot/Library/Caches/com.apple.xbs/Sources/UserNotifications/UserNotifications-281.6/UNUserNotificationCenter.m:44 default 11:38:21.523380+0300 AirPlayXPCHelper PrimaryIPv4 changed: 10.41.183.51 default 11:38:21.521461+0300 MyAppExtension *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURL file:///private/var/folders/p5/qjrcgyl50fg2g609bmwhy3zm0000gn/T/AppTranslocation/2E09CAAF-06B1-44D4-90DB-E90EA54C806D/d/MyApp.app/Contents/PlugIns/MyAppExtension.appex/' *** First throw call stack: ( 0 CoreFoundation 0x00007fff2cff538b __exceptionPreprocess + 250 1 libobjc.A.dylib 0x00007fff6318a552 objc_exception_throw + 48 2 CoreFoundation 0x00007fff2d01e8b8 +[NSException raise:format:arguments:] + 88 3 Foundation 0x00007fff2f73b221 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191 4 UserNotifications 0x00007fff3a942919 __53+[UNUserNotificationCenter currentNotificationCenter]_block_invoke + 922 5 libdispatch.dylib 0x00007fff6449350e _dispatch_client_callout + 8 6 l&lt;…&gt; default 11:38:21.523612+0300 AirPlayXPCHelper PrimaryIPv6 changed: &lt;&lt; AF_UNSPEC &gt;&gt; default 11:38:21.523597+0300 sharingd PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;&lt; AF_UNSPEC &gt;&gt; error 11:38:21.523062+0300 neagent Extension com.myappname.mac.MyApp.MyAppExtension died unexpectedly default 11:38:21.524744+0300 AirPlayXPCHelper PrimaryIP changed: IPv4 10.41.183.51, IPv6 &lt;&lt; AF_UNSPEC &gt;&gt; error 11:38:21.524288+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin invalidated while in use. default 11:38:21.525151+0300 UserEventAgent Received notification com.apple.system.config.network_change.nwi default 11:38:21.524935+0300 mDNSResponder default 11:38:21.525321+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.525027+0300 mDNSResponder default 11:38:21.525130+0300 mDNSResponder default 11:38:21.525191+0300 mDNSResponder default 11:38:21.525809+0300 UserEventAgent Received notification com.apple.system.config.network_change.dns default 11:38:21.525945+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.525971+0300 mDNSResponder default 11:38:21.526012+0300 mDNSResponder default 11:38:21.526062+0300 mDNSResponder default 11:38:21.526089+0300 mDNSResponder default 11:38:21.526120+0300 mDNSResponder default 11:38:21.526350+0300 mDNSResponder default 11:38:21.526381+0300 UserEventAgent Received notification com.apple.system.config.network_change default 11:38:21.526380+0300 mDNSResponder default 11:38:21.526479+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.526568+0300 mDNSResponder [Q7731] Sent UDP DNS Message 58 bytes from :56624 to :53 via utun2 (0xf) default 11:38:21.526623+0300 mDNSResponder [Q7731] DNS Query (58) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.526707+0300 mDNSResponder [Q9943] Sent UDP DNS Message 42 bytes from :55555 to :53 via utun2 (0xf) default 11:38:21.526742+0300 mDNSResponder [Q9943] DNS Query (42) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.527012+0300 mDNSResponder [Q14808] Sent UDP DNS Message 59 bytes from :63932 to :53 via utun2 (0xf) default 11:38:21.527050+0300 mDNSResponder [Q14808] DNS Query (59) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.527159+0300 mDNSResponder [R2723] DNSServiceCreateConnection STOP PID[887](MyAppExten) default 11:38:21.527358+0300 mDNSResponder [R2732] DNSServiceCreateConnection STOP PID[99](configd) default 11:38:21.527410+0300 mDNSResponder [R2733] DNSServiceQueryRecord(4000D000, 0, , PTR) STOP PID[99](configd) default 11:38:21.527611+0300 mDNSResponder [R2734] DNSServiceCreateConnection START PID[99](configd) default 11:38:21.527728+0300 mDNSResponder [R2735] DNSServiceQueryRecord(4000D000, 0, , PTR) START PID[99](configd) default 11:38:21.527770+0300 mDNSResponder [R2735-&gt;Q60525] GetServerForQuestion: 0x7f8e6d8120b8 DNS server (0x7f8e6be0a940) :53 (Penalty Time Left 0) (Scope None:0x0:-1) for (PTR) default 11:38:21.528040+0300 mDNSResponder [Q60525] Sent UDP DNS Message 43 bytes from :55847 to :53 via utun2 (0xf) default 11:38:21.528074+0300 mDNSResponder [Q60525] DNS Query (43) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.528413+0300 UserEventAgent Current file handles for com.apple.networkextension.file-descriptor-maintainer: ( "Network Agent Registration socket (144) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0", "Policy Session MasterSession socket (151)", "Policy Session LowPrioritySession socket (159)", "Network Agent Registration socket (160) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0", "Network Agent Registration socket (161) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0" ) default 11:38:21.528569+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (144) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0 default 11:38:21.528661+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (160) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0 default 11:38:21.528794+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (161) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0 default 11:38:21.529865+0300 UserEventAgent Current file handles for com.apple.networkextension.file-descriptor-maintainer: ( "Network Agent Registration socket (162) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0", "Policy Session MasterSession socket (163)", "Policy Session LowPrioritySession socket (164)", "Network Agent Registration socket (165) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0", "Network Agent Registration socket (167) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0x1" ) default 11:38:21.530236+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (162) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0 default 11:38:21.530342+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (165) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0 default 11:38:21.530534+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (167) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0x1 default 11:38:21.530710+0300 accountsd " () received" default 11:38:21.531075+0300 dmd Detected network change default 11:38:21.531177+0300 dmd Detected network change default 11:38:21.532351+0300 sharingd "The connection to ACDAccountStore was invalidated." default 11:38:21.533299+0300 nsurlsessiond received network changed event default 11:38:21.533770+0300 nsurlsessiond received network changed event default 11:38:21.536451+0300 symptomsd SCDynamicStore config_callback: k: State:/Network/Global/DNS default 11:38:21.536562+0300 symptomsd SCDynamicStore key: State:/Network/Global/DNS, interfaces: { } default 11:38:21.539227+0300 dmd Detected network change default 11:38:21.540195+0300 ReportCrash Parsing corpse data for pid 887 default 11:38:21.541575+0300 ReportCrash Parsing corpse data for process MyAppExtens [pid 887] error 11:38:21.543133+0300 ReportCrash Invalid receipt [0 bytes] -- [] error 11:38:21.685096+0300 kernel Sandbox: bluetoothd(142) deny(1) mach-lookup com.apple.server.bluetooth default 11:38:22.016202+0300 CommCenter #I On WiFi: true On Cellular: false

I've implemented a VPN for macOS/iOS using Packet Tunnel Provider.When the users try to create the VPN, they get the message from the OS asking if they are allowing to install the VPN.In addition to that, I'm asking the users to authorize local notifications.Now I want to debug a certain flow at my app, and I want to be displayed again with the "allow vpn/notification" msgs.Is there a way to cause the OS to ask me those questions again? Be it via code, or via the OS (I tried searching it in Security &amp; Privacy, but found nothing relevant)

I've implemented a VPN app for macOS with Packet Tunnel Provider.I've configured it to be onDemand, which should always connect:targetManager?.isOnDemandEnabled = true let onDemandRuleConnect = NEOnDemandRuleConnect() targetManager?.onDemandRules = [onDemandRuleConnectI've also set it to disconnect on sleep:targetManager?.protocolConfiguration?.disconnectOnSleep = trueThe question:From the logs I have I see that the Mac enters sleep mode, so stopTunnelWithReason is called with reason 15 (The device went to sleep and disconnect).Right after that, the VPN status changed to 'Disconnected' (as expected),but then, right after that, the VPN status changed to 'Connecting' - this is probably because of how I set the onDemand, but I'm not sure of it - if the device enters sleep, why does the system starts the VPN again?I think this behavior is causing me some problems.What's the best way to "fix" this?

I've implemented a VPN apps (for iOS and for macOS) with Packet Tunnel Provider.The includedRoutes contains all the IPv4 default routes:newSettings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]My question is regarding local networks:If I'm not using split tunnel (not including/excluding any other route), what happens to traffic to the local network? By local network I mean the network the device is connected to without the client.I expected that all traffic should go to the tunnel, but I see that I'm able to access resources on my local network even when the tunnel is up.In addition to that, I checked the new flag - includeAllNetworksr which is relevant only to macOS:If this flag is set, I can't access the local network when the VPN is up.So the question is how to configure if the user is able or unable to access resources on his local tunnel.Maybe using the above flag is the answer? And if it is the answer, then what about iOS?Edit: When includeAllNetworks is set, sometimes I don't have traffic at all, and I see some errors at the Console, not sure if it's related.

Three years ago I asked if it's possible to ditribute Network Extension providers apps (VPN with packet tunnel provider) for macOS outside the App Store - the answer was no, see https://forums.developer.apple.com/thread/81281I'm checking again, but this time, the question is if it's possible for users at a certain company to get this app via MDM.What I want to do, is to give the .app/apk to an IT admin, and he will distribute it via MDM. Is it possible?More generally, is there any way to distribute my app, not via the App Store? * It's possible to do it when signing it with a Mac development profile, but I want to give it to a customer..And a bonus part - the same question, but for iOS - is it possible to distribute it outside App Store?