I've implemented a VPN app with Packet Tunnel Provider for iOS.I did the following test:- I configured a VPN with an on-demand rule to always connect- I connected the VPN.- My server would accept my user one time only, so trying to connect a second time will fail- I let the iPhone enter sleep mode, to get the tunnel disconnected. When it will wake up and try to reconnect, it won't succeed, but it will keep trying because of the on-demand rules. This will leave the device without a network access.- After something like 15 min, I sent a mail from my Mac to my user at the iPhone.- I awake my iPhoneWhat happened is that the iPhone didn't have network access (the tunnel was down, but everything was routed to it, as expected) and it try to connect to the VPN and fail. But the iPhone stiil recieved the mail somehow, even it didn't have internet connection.How is it possible? Are emails are excluded from the tunnel?Almost all the traffic should pass via the tunnel since I included the default route for IPv4

There's already a question at the forum regarding this issue, and I asked my quetsion there, but id didn't bump the thread so I'll ask it here as a new question:I'm calling requestAuthorization at the containing app, and the user approves notifications.Then at the Extension, I'm calling getNotificationSettings, but the authorizationStatus is notDetermined, and the error is "Notifications are not allowed for this application". Trying to post notifications from the containing app is working fine, but I want to send the notifications from the extension, because the app might be in background mode.Also, looking at the Mac's Notifications Settings, I see that the "Allow Notifications from myApp" is enabled.I tried to test it on several devices - iphone with iOS 13, Mac with macOS 10.14.5 and Mac with macOS 10.15.2.P.S: The old question: https://forums.developer.apple.com/message/385775#385775

I have a question regarding the VPN on-demand rule of type NEOnDemandRuleDisconnect (specifically, regarding Packet Tunnel Provider).This is its description: "When rules of this class match, the VPN connection is not started, and the VPN connection is disconnected if it is not already disconnected."But when does the OS test if the rules of this class are matched? Is it happens every X seconds when the VPN is connected?I want to be able to define some cases in which the OS will detect that the VPN should be stopped, so this seems like the way to go here.

Using libcurl, I want to make a HTTP request at my Packet Tunnel Provider to a HTTP URL (and not HTTPS).I tried to do it, and it worked well. However, I expected that I would need to add it to the Extension's plist NSAppTransportSecurity exceptions.So my question is - do I need to add this value to the plist to be on the safe side? Or I can do what I want at the Extension?

I've developed a VPN app for iOS and macOS with Packet Tunnel Provider.Once the VPN is enabled all the traffic should go via the VPN. The VPN is configured to be on demand (isOnDemandEnabled is set), with a rule to always connect.There are some cases where this configuration might cause a problem -When the user goes to a place with a captive portal, the VPN won't be able to connect (because the user will first need to login to the captive portal), but the user also won't be able to login to the captive portal (because all traffic triggers the network extension).In such a case, I need that the captive portal will be shown to the user, and I also need to exclude at least some of the traffic from the VPN, so the user would be able to login to the captive portal (but I don't want to open all traffic, just the traffic needed for the login).Is there any API for those cases? If the answer is no, I'll try to detect this case at the Extension. But I won't be able to open the captive portal from there, so the only thing I would be able to do is to display a message to the user, correct?

There are some cases at VPNM app (PacketTunnelProvider, for iOS/macOS), in which I want to display an alert to the user from the Extension.Till recently, I used the function displayMessage() which is now deprecated.So now I'm using UNUserNotificationCenter, but there are some issues with that:1. How can I display notifications from the extension, if the user chose not to authorize notifications? Sure, he can choose to do that, but then I don't have any valid way to display notifications from the extension?2. Is there a way to make the notification persistant? Something like an alert, which will require the user to press an "ok" button.3. What happens when the device enters sleep mode? The notification will wake the device? Or will it be shown only after the device exit sleep mode? Or maybe it won't be shown at all..?

I've implemented a VPN app with Packet Tunnel Provider for iOS and macOS.During the conenction process, in addition to the username and the password, I'm also sending a cookie to my server.Now I have this scenario: The user configured the VPN to be on-demand with a rule to always connect, and then he connected the VPN.While the user is connected, some time passes, and then the cookie is expired. So my server shuts down the tunnel.I'm recognizing this "expired cookie" error at the Extension, and I'm stopping the tunnel as well.But because of the on-demand, the OS will call again to startTunnelWithOptions() and when it will fail (because of the expired cookie), it will call it again and again.It will be solved only when the user will open the app, and do some action to get another cookie.Is there a way to stop the onDemand from the Extension, even if the containing app is closed?If no - is there another solution to this problem?P.S - till now what I did was to display an alert to the user on those cases, but it's not a "complete" solution, and also it had some issuess. I opened another thread regarding this.

I've upgraded my macOS to Catalina. Then I tried to run via Xcode my macOS VPN app (implemented with Packet Tunnel Provider) -The VPN fails to connect and I see at the Console a lot of errors, such as:Current bundle (/Users/myClientPath/Client.app) does not have a SystemExtensions directoryNESMVPNSession[Primary Tunnel:myDetails:(null)]: Received a start command from myClient[2061]Found 0 (0 active) registrations for com.my.bundle.id.extension (com.apple.networkextension.packet-tunnel) - this msgs repeats several timesNEVPNTunnelPlugin(com.my.bundle.id[794]): Validation of the extension failedNESMVPNSession in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin started with PID 0 error (null)Hub connection error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 0 named com.my.bundle.id.extensiondisposingFailed to start extension com.my.bundle.id.extensionNSDebugDescription=connection to service on pid 0 named com.my.bundle.id.extensionHow can I solve it?

For my VPN app for macOS, implemented with Packet Tunnel Provider, I'm using BSD sockets, over UDP, and they are non-blocking.If I'm trying to send large files (~1GB), I'm getting the error ENOBUFS (No buffer space available).I've tried setting SO_SNDBUF, but it didn't help.In addition, I saw this very old discussion about this problem at macOS - https://lists.freebsd.org/pipermail/freebsd-hackers/2004-January/005369.htmlIs there anything I can do to solve it? At the moment I can't send big files via my app.

I've implemented a VPN app with Packet Tunnel Provider, both for iOS and macOS (both apps use the same extension code, with some minor differences).For the macOS app, I'm getting reports from users that sometimes they can't connect using the client and has to disconnect and reconnect again their network (wireless or wired) in order to connect again. From the app's logs, I can see the message "Network is unreachable".This is not true because the users tried to ping multiple sites, and it went fine. So there is a reachable network.More info:They aren't at an IPv6 only environment (and anyway, my apps support IPv6).I'm using BSD sockets.Some users reported that when this happens, if they wait long enough ~10 min, they are able to connect again.The iOS app has no such problems even it uses the same code.So in order to solve it, how can I get more information? Can my app get the network information, and check the sockets state?Can I get the system's logs and information and save it to my log file?Is there something that might explain this behavior, like "the PacketTunnelProvider wasn't killed properly", the PacketTunnelProvider crashed and the cause networking problems?Edit: Is it possible, that some of the following cases are the cause for the "Network is unreachable" error?In all of those cases, the onDemand is enabled:-The VPN disconnects and then immediately reconnect (on demands takes effect), but it does so without waiting 20 seconds, which triggers the known bug for macOS Packet Tunnel Provider- The device enters sleep mode, but the VPN tries to connect again and again (on demands takes effect)

I noticed a bug at the Packet Tunnel Provider app for macOS (maybe also for iOS, I didn't test it there it):If I'm configuring a split tunnel, with wildcard match domain (empty string) - the system should consult its DNS server for all domains first, as listed here - https://forums.developer.apple.com/thread/35027Now I've added some searchDomains. When There's no split tunnel, or there's a split tunnel with 'Exclude Routes', everything goes well.But if the split tunnel is configured with 'Include Routes', it seems that the searchDomains aren't added to the DNS queries.For example:Lets say searchDomains contains the postfix 'com'- working scenario: I've defined some routes at the split tunnel exclude, and run ping googlethis worked well and I got results for google.com- not working scenario: I've defined some routes at the split tunnel include, where google is one of those routes.running ping google won't work and I get the error: ping: cannot resolve google: Unknown host

I have an iOS app and a MacOS app in which I want to display to the user it's device's local IP.If there is more than one IP, I would dispaly one of them, not matter which one.This is the code I'm using:func getIFAddresses() -> String { //var addresses = [String]() var address = "N/A" deviceLocalIp = "N/A" // Get list of all interfaces on the local machine: var ifaddr : UnsafeMutablePointer? guard getifaddrs(&ifaddr) == 0 else { return address } guard let firstAddr = ifaddr else { return address } // For each interface ... for ptr in sequence(first: firstAddr, next: { $0.pointee.ifa_next }) { let flags = Int32(ptr.pointee.ifa_flags) var addr = ptr.pointee.ifa_addr.pointee // Check for running IPv4, IPv6 interfaces. Skip the loopback interface. if (flags & (IFF_UP|IFF_RUNNING|IFF_LOOPBACK)) == (IFF_UP|IFF_RUNNING) { if addr.sa_family == UInt8(AF_INET) || addr.sa_family == UInt8(AF_INET6) { let interfaceName = String.init(cString: &ptr.pointee.ifa_name.pointee) //DDLogInfo("interfaceName:\(interfaceName)") // Convert interface address to a human readable string: var hostname = [CChar](repeating: 0, count: Int(NI_MAXHOST)) if (getnameinfo(&addr, socklen_t(addr.sa_len), &hostname, socklen_t(hostname.count), nil, socklen_t(0), NI_NUMERICHOST) == 0) { if interfaceName == "en0" { deviceLocalIp = String(cString: hostname) address = deviceLocalIp break } //if we don't have address from en0 - try get it from another interface //(but prefer from en0) if address == "N/A" && (interfaceName == "en0" || interfaceName == "en1" || interfaceName == "en2" || interfaceName == "pdp_ip" || interfaceName == "ap1") { deviceLocalIp = String(cString: hostname) address = deviceLocalIp } } } } } freeifaddrs(ifaddr) return address } }For IPv4 it seems to work well.For IPv6 (via Mac's Internet Sharing), I'm getting an IPv6 address, but it's not the address I'm expecting to connect -at the Network I see that my device is connected and has the IP address X and the result I'm getting with this code is address Y.P.S -For debugging, I printed all the IPs, not just the first, and still didn't get the correct one..

I've implemented a VPN app (with Packet tunnel Provider) for MacOS.Each user has a password, which I'm saving at the keychain with a persistentReference.For some users (not many), the app fails to save the password and I got error -25308 which is User interaction is not allowed.Why does it happening and how can I solve it?

I've implemented a VPN app with Packet Tunnel Provider for MacOS and iOS.I have two questions regarding the Extension's sleep/wake functions:1. If the VPN configuration is set with disconnectOnSleep = false, and at the extension I'm sending keep-alives every X seconds, What would happen when the device enters sleep mode? Will it keep sending keep-alive (because the VPN is configured with disconnectOnSleep=false) ?2. If the VPN configuration is set with disconnectOnSleep = true, and also isOnDemandEnabled = true. When the device enters sleep mode, do I need to disconnect the VPN myself? Or the OS would take care of it? And if I should disconnect it myself, the on-demand won't try to turn it on again (because the on-demand) ?

I've implemented a MacOS app that among other things, uses keychain to save the user's password.For most of the time it works great, but every now and then, when I try to save the password - it crashes the app.The error I'm getting is:errSecNotAvailable (OSStatus -25291)I see that the description for this error is "No trust results are available."I can't repreduce it, but it's happened to some of my users.The code I'm using for the keychain part is taken from Apple's SimpleTunnel sampleWhat does this error means? How can I fix it ?This is partial stack trace:Exception Type: SIGILL Exception Codes: ILL_NOOP at 0x0 Crashed Thread: 0 Application Specific Information: Selector name found in current argument registers: release Thread 0 Crashed: 0 MyApp 0x000000010105fda1 0x101020000 + 261537 1 MyApp 0x0000000101060130 0x101020000 + 262448 2 MyApp 0x000000010107019f 0x101020000 + 328095 3 MyApp 0x000000010106f972 0x101020000 + 326002 4 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 5 AppKit 0x00007fffc9a96721 -[NSApplication(NSResponder) sendAction:to:from:] + 456 6 AppKit 0x00007fffc957acc4 -[NSControl sendAction:to:] + 86 7 AppKit 0x00007fffc957abec __26-[NSCell _sendActionFrom:]_block_invoke + 136 8 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 9 AppKit 0x00007fffc957ab44 -[NSCell _sendActionFrom:] + 128 10 AppKit 0x00007fffc95bd539 -[NSButtonCell _sendActionFrom:] + 98 11 libsystem_trace.dylib 0x00007fffe11d93a7 _os_activity_initiate_impl + 53 12 AppKit 0x00007fffc9579426 -[NSCell trackMouse:inRect:ofView:untilMouseUp:] + 2481 13 AppKit 0x00007fffc95bd272 -[NSButtonCell trackMouse:inRect:ofView:untilMouseUp:] + 798 14 AppKit 0x00007fffc9577ddb -[NSControl mouseDown:] + 832 15 AppKit 0x00007fffc9c1224f -[NSWindow(NSEventRouting) _handleMouseDownEvent:isDelayedEvent:] + 6341 16 AppKit 0x00007fffc9c0ea6c -[NSWindow(NSEventRouting) _reallySendEvent:isDelayedEvent:] + 1942 17 AppKit 0x00007fffc9c0df0a -[NSWindow(NSEventRouting) sendEvent:] + 541 18 AppKit 0x00007fffc9a92681 -[NSApplication(NSEvent) sendEvent:] + 1145 19 AppKit 0x00007fffc930d427 -[NSApplication run] + 1002 20 AppKit 0x00007fffc92d7e0e NSApplicationMain + 1237 21 MyApp 0x0000000101022219 0x101020000 + 8729 22 libdyld.dylib 0x00007fffe0fa7235 start + 1