HI, We faced an issue where the NEAppProxyProvider based per-app VPN fails to connect when device is enrolled in the User Enrollment mode. This occurs as NEAppProxyProvider can not lookup the client TLS identity based on the persistence reference passed in VPN profile. We are using following code to get the client identity and certificate from the VPN configuration persistence reference and the lookup fails with "-25300" status.NSDictionary *dict = @{
(__bridge id)kSecClass: (__bridge id)kSecClassIdentity,
(__bridge id)kSecReturnRef: (id)kCFBooleanTrue,
(__bridge id)kSecValuePersistentRef: persistantIdentityRef
};
CFTypeRef identityRef = NULL;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)dict, &identityRef);Same logic works fine in Device Enrollment mode.Anyone faced the similar issue or is this bug on iOS side?
Post
Replies
Boosts
Views
Activity
Hi, We are facing an issue while browsing NTLM authenticating endpoints where our WKWebView does not get the authentication challenge. In the logs we see the following entry: 0x105d9c000 - [pageProxyID=9, webPageID=10, frameID=3, resourceID=87, isMainResource=0, isSynchronous=0]
NetworkResourceLoader::didBlockAuthenticationChallenge:and the CFNetwork logs failure to lookup the credentials:default 2020-05-21 20:31:25.812654 +0300 com.apple.WebKit.Networking CFNetwork Diagnostics
[3:16791] 20:31:25.777 { Use Credential: (null)
Loader: { URL: http://internalsire.qa/QG.Portal/PortalService.svc/$metadata } Credential: null } [3:16791]any suggestions what might be going wrong here. We can see that the 401 is written correctly to the WebKit but it fails later with the above logs.Thanks.
HI,We would like to implement full device VPN for macOS. As of now, we have NEAppProxyProvicer based VPN client but as there are lot of configurations needed to flag each application binary for VPN, it takes some time to find out which binary would be creating connections in the application bundle and flag those for VPN.For creating full device VPN using the TLS protocol so that we can connect to our existing VPN server, is there any framework already on macOS like Network Extension to achieve tunneling the traffic at TCP layer? Thanks.
HI,We are facing speed issues while downloading on the high latency network with per-app VPN client. We are using NWTCPConnection as of now, and would like to test if changing the receive/send buffer sizes would make any difference to handle the high latency environment.With NWTCPConnection I don't see any option to get socket FD and override the default values, is there any other way to get around this? Would we need to switch to Network Framework or NSStream instead as NSStream gives the socket FD and possible allows to change the buffer sizes.Thanks.
HI,We are having some performance issues with NEAppProxyProvider based per-app VPN. With VPN in between the download speed is 30% of the max speed without VPN is picture. We did confirm from the Wireshark IO Graphs that the actual link speed between client and VPN server is also almost 30% of the normal link speed. VPN Server and the client are on the same local network for performance testing so very minimal latency . Any idea/suggestions to improve this further or is the limitation of NEAppProxyProvider stack?We thought this might be due to the fact that while writing the received data back to the application using "NEAppProxyTCPFlow's writeData" we are using to write just one data chunk (as this might need multiple kernel writes) of our protocol (~1500 bytes) and not more. We tried to write the multiple chunks equal to 4096 bytes instead to TCP flow to confirm if this might be the issue but does not help.Thanks.
HI,We have a macOS application available on macOS AppStore and we would need to change the "Product Name" of the application due to rebranding.On iOS we could just change the "CFBundleDisplayName" and the app name shown to user is changed at all places without touching Product Name. But it seems it is not possible on macOS application as it uses the "Product Name" at few places like under Applications and in the Menu bar.Can anyone comment if changing the product name is recommended for the already published apps on the App Store? Would it cause any issued while updating the apps on the Macs when this new update is published? Is it possible in macOS to not touch Product Name/Bundle Name and achieve the same as in case of iOS?Thanks, Sanjay,