Thank you for answering my question!
I have already tried the method you mentioned, and it still has the same effect. I am just wondering, why does the system still think that I am an extension of the system?
xuming97
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution
Last seen
User for
Post
Replies
Boosts
Views
Activity
Hi,
On mac OS, I have changed the app network extension to system netwok extension.
I opened the systemextensionsctl developer on debugging app.
When the app starts, it will prompt to allow the installation of system extensions.
But I feel that PacketTunnelProvider is not started.
In addition, is it necessary to configure NEMachServiceName in the system network extension info.plist?
This is log information:
14:41:56.954647+0800 SecPortalMac open on /Users/30san/Library/Group Containers/group.westone.secPortalmac/conf.xml: File exists
14:41:56.955423+0800 SecPortalMac open on /Users/30san/Library/Group Containers/group.westone.secPortalmac/engines.conf: File exists
14:41:56.971870+0800 SecPortalMac nw_path_evaluator_start [560AD6E0-20DB-40EF-89E8-A686213E126E 192.168.199.55:0 generic, indefinite]
path: satisfied (Path is satisfied), interface: en0, ipv4, dns
14:41:57.016957+0800 SecPortalMac [com.westone.secPortalmac] Requested authorization [ didGrant: 1 hasError: 0 hasCompletionHandler: 1 ]
14:41:57.021634+0800 SecPortalMac NSApp cache appearance:NSRequiresAquaSystemAppearance: 0
appearance: (null)
effectiveAppearance: <NSCompositeAppearance: 0x600002c0dc80
(
		"<NSDarkAquaAppearance: 0x600002c0cb00>",
		"<NSSystemAppearance: 0x600002c0d580>"
)>
14:41:57.372159+0800 SecPortalMac [com.westone.secPortalmac] Requesting authorization with options 6
14:41:57.372459+0800 SecPortalMac [com.westone.secPortalmac] Requested authorization [ didGrant: 1 hasError: 0 hasCompletionHandler: 1 ]
14:41:57.377226+0800 SecPortalMac Adding presenter 8F6CCFFE-7CE7-422A-996F-885319BB5C71 for URL: file:///Users/30san/Library/Developer/Xcode/DerivedData/OneNet-gfnflgusjdvyppaxijlkdrwgewtq/Build/Products/Debug/SecPortalMac.app/
14:42:06.802985+0800 SecPortalMac LSExceptions shared instance invalidated for timeout.
14:42:07.896997+0800 SecPortalMac Received configuration update from daemon (initial)
14:42:08.622606+0800 SecPortalMac AggregateDictionary is not supported on this platform
14:42:09.930705+0800 SecPortalMac Saving configuration WSTVpn with existing signature {length = 20, bytes = 0x8140392a039a53b376befd72d619a6bfa0c1d7dc}
14:42:09.930855+0800 SecPortalMac Configuration WSTVpn is unchanged
14:42:09.930944+0800 SecPortalMac The configuration was not saved because it was unchanged from the previously saved version
Thank you for answering my question。
I know what I didn't have Library/SystemExtensions path before. Because I did not initiate OSSystemExtensionRequest.activationRequest。
But I called this method, and there is still no path in the log.
Current bundle (/Users/30san/Desktop/mac/SecPortalMac.app) does not have a SystemExtensions directory
This path YourContainer.app/Contents/Library/SystemExtensions/com.example.your.bundle-id.systemextension does not exist 。
I made the following configuration based on the information in the forum? But I want to ask if the integration steps above are correct? Is there something wrong?
I made the following configuration based on the information in the forum?
Container app id includes Network Extensions, Personal VPN, System Extension
Extension Tunnel id id includes Network Extensions, Personal VPN
The container app entitlements are as follows
<dict>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider-systemextension</string>
</array>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string></string>
</array>
<key>com.apple.security.device.usb</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)</string>
</array>
</dict>
</plist>
4. Extension Tunnel id entitlements are as follows
<dict>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider-systemextension</string>
</array>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string></string>
</array>
<key>com.apple.security.device.usb</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>$(AppIdentifierPrefix)</string>
</array>
</dict>
5、 I use Developer ID signd app and uploaded my app to notarise server through Xcode
6. The APP still does not work properly
console.app show:
nw_path_evaluator_start [0D5BB27E-A47B-485A-9846-E410803D5E3D Hostname#d91ef292:0 generic, indefinite]
path: satisfied (Path is satisfied), interface: en0, ipv4, dns
nw_path_evaluator_start [21C51CA5-8228-4177-A53E-2DC68D3C0C54 IPv4#1694037f:0 generic, indefinite]
path: satisfied (Path is satisfied), interface: en0, ipv4, dns
Last disconnect error for WSTVpn changed from "none" to "因为发生了内部错误,VPN会话失败。"
Current bundle (/Applications/SecPortalMac.app) does not have a SystemExtensions directory
Saving configuration WSTVpn with existing signature {length = 20, bytes = 0x9c9fa6cc5340118337e2221ca19dbd46dc2202f9}
Are there any errors or omissions in the above steps?
If I follow the above steps, it still doesn’t work. Is there a detailed documentation?
Yes, I have uploaded my app to notarise server through Xcode. The state of Developer ID arhive information is ready to distribute. Actually, my container app can be opened on a machine with SIP enabled. The problem is when the contianer app tried to turn on a VPN connection with Network Extension, it failed. The error logs in system console is:neagent Rejecting app extension provider com.westone.secPortalmac.tunnel because it is signed with a Developer ID certificate
nesessionmanager NEVPNTunnelPlugin(com.westone.secPortalmac[67446]): Validation of the extension failed
Thanks for your support.
Thanks for your answer, meaton. I have observed VPN status to reconnected my VPN. But it looks like my extension can not connect to VPN server when my iPhone is locked sometimes. So I try to add reconnect event in wake() method. The problem is that I have wrote a log info in wake() method, and then I got more than 10 times wake() log informations even through I just locked my iPhone for a whole night.Could you please give me more information about the wake mechansim?
Thanks, eskimo.I will try.