macOS MacOS 14 Apple Silicon DESCRIPTION OF PROBLEM GlobalProtect(GP) and AnyConnect(AC) are both VPN apps. They both create a TUN interface and set default route to this interface. Test cases: AC connect first and GP connect second, both work fine. GP connect first and AC connect second, AC failed with some "route error". Our question is why the route failed for AC if GP already set the default route? Does MacOS has some limitations for the default route? STEPS TO REPRODUCE GlobalProtect(GP) and AnyConnect(AC) are both VPN apps. They both create a TUN interface and set default route to this interface. Test cases: AC connect first and GP connect second, both work fine. GP connect first and AC connect second, AC failed with some "route error".

With C++ code, I tried to setsockopt for ipv6 TTL by: int ttl = 8; ret = setsockopt(skt, IPPROTOIPV6, IPV6UNICASTHOPS, &ttl, (socklent) sizeof(ttl)); I tried every option(such as sizeof(&ttl) still return errno 22, invalid argument. sizeof(ttl) is 4 in this case. Is this the right way to set IPV6 outgoing packet TTL? What is wrong here. Same code for iOS works fine.

I use WebView to implement some Mutual TLS client certificate authentication. I did not implement didReceiveAuthenticationChallenge or any other authentication delegate function. I just use WebView to load the auth URL with [[authWebView mainFrame] loadHTMLString:myHtml]. For some users, client cert was sent after Certificate Request from server but for other users empty certificate was sent. I am sure that there is only one valid client cert for all users. Is there anyway to make sure WebView will send find and send the client certificate after Certificate Request?

My question: How could I get didReceiveAuthenticationChallenge from WebView MacOS? I implemented (void)webView:(WebView *)sender resource:(id)identifier didReceiveAuthenticationChallenge:(NSURLAuthenticationChallenge *)challenge fromDataSource:(WebDataSource *)dataSource; from WebResourceLoadDelegate. I found this function from webview WebResourceLoadDelegate.h. But this callback was never be called even I saw from my wireshark the client certificate was sent and key access was popped up. I did some research and found that I may need to implement this canAuthenticateAgainstProtectionSpace to enable it but I could not find this function from WebView library.