I use NEHotspotNetwork.fetchCurrentWithCompletionHandle, but it gives me Nil for both SSID and BSSID #import "FPPHotspotNetworkInfoProvider.h" #import <NetworkExtension/NetworkExtension.h> @implementation FPPHotspotNetworkInfoProvider - (void)fetchNetworkInfoWithCompletionHandler: (void (^)(FPPNetworkInfo *network))completionHandler API_AVAILABLE(ios(14)) { [NEHotspotNetwork fetchCurrentWithCompletionHandler:^( NEHotspotNetwork *network) { dispatch_async(dispatch_get_main_queue(), ^{ if (network) { completionHandler([[FPPNetworkInfo alloc] initWithSSID:network.SSID BSSID:network.BSSID]); return; } completionHandler(nil); }); }]; } @end Do I need approval from Apple for this? If so, could you please provide guidance on how to obtain it? Thank you.

Hi, I am working on the app for some basic concept, I would like to intercept both DNS and IP connections. I succeeded in intercepting DNS using NEDNSProxyProvider, however I seem to have some troubles with IPConnections using NEFilterDataProvider. First thing, I have three targets in my app. For some reason, when I run DNS Proxy Extension target it doesn't ask me to choose the app for target run, and after the application if launched, it correctly intercepts DNS traffic and inits NEDNSProxyManager ps: all logs are correctly displayed for NEFilterDataProvider However, when I try to run Filter Data Extension target with Content Filter capability, it asks me to choose the app for run. Even tho I checked the Build Settings and those are identical to DNS Proxy Extension target. And finally, when I run main target it still inits NEDNSProxyManager properly and the NEFilterManager returns this warning -[NEFilterManager saveToPreferencesWithCompletionHandler:]_block_invoke_3: failed to save the new configuration: (null) I tried to log the configuration and compared to some code samples, but I can't identify the problem. I'd very grateful if somebody could suggest where the problems might be (targets builds difference & NEFilterManager config) I will attach a sample of code where I add configuration to my NEFilterManager // MARK: - FilterDataManager final class FilterDataManager: NSObject, ObservableObject { // MARK: - Properties private let manager = NEFilterManager.shared() private let filterName = "Data Filter" @Published private(set) var isEnabled: Bool? = nil // MARK: - Singleton static let shared = FilterDataManager() // Cancellables set private var subs: Set<AnyCancellable> = [] private override init() { super.init() enable() manager.isEnabledPublisher() .receive(on: DispatchQueue.main) .sink(receiveValue: { [weak self] isEnabled in self?.setIsEnabled(isEnabled) }) .store(in: &subs) } // MARK: - Filter Configurations func enable() { manager.updateConfiguration { [unowned self] manager in manager.localizedDescription = filterName manager.providerConfiguration = createFilterProviderConfiguration() manager.isEnabled = true } completion: { result in guard case let .failure(error) = result else { return } Log("Filter enable failed: \(error)", prefix: "[Filter]") } } private func createFilterProviderConfiguration() -> NEFilterProviderConfiguration { let configuration = NEFilterProviderConfiguration() configuration.organization = "***" configuration.filterBrowsers = true configuration.filterSockets = true return configuration } func disable() { Log("Will disable filter", prefix: "[Filter]") manager.updateConfiguration { manager in manager.isEnabled = false } completion: { result in guard case let .failure(error) = result else { return } Log("Filter enable failed: \(error)") } } private func setIsEnabled(_ isEnabled: Bool) { guard self.isEnabled != isEnabled else { return } self.isEnabled = isEnabled Log("Filter \(isEnabled ? "enabled" : "disabled")", prefix: "[Filter]") } } ```Swift extension NEFilterManager { // MARK: - NEFilterManager config update func updateConfiguration(_ body: @escaping (NEFilterManager) -> Void, completion: @escaping (Result<Void, Error>) -> Void) { loadFromPreferences { [unowned self] error in if let error, let filterError = FilterError(error) { completion(.failure(filterError)) return } body(self) saveToPreferences { (error) in if let error, let filterError = FilterError(error) { completion(.failure(filterError)) return } completion(.success(())) } } } // MARK: - Publisher enabling func isEnabledPublisher() -> AnyPublisher<Bool, Never> { NotificationCenter.default .publisher(for: NSNotification.Name.NEFilterConfigurationDidChange) .compactMap { [weak self] notification in guard let self else { return nil } return self.isEnabled } .eraseToAnyPublisher() } } // MARK: - FilterError @available(iOS 8.0, *) enum FilterError: Error { /// The Filter configuration is invalid case configurationInvalid /// The Filter configuration is not enabled. case configurationDisabled /// The Filter configuration needs to be loaded. case configurationStale /// The Filter configuration cannot be removed. case configurationCannotBeRemoved /// Permission denied to modify the configuration case configurationPermissionDenied /// Internal error occurred while managing the configuration case configurationInternalError case unknown init?(_ error: Error) { switch error { case let error as NSError: switch NEFilterManagerError(rawValue: error.code) { case .configurationInvalid: self = .configurationInvalid return case .configurationDisabled: self = .configurationDisabled return case .configurationStale: self = .configurationStale return case .configurationCannotBeRemoved: self = .configurationCannotBeRemoved return case .some(.configurationPermissionDenied): self = .configurationPermissionDenied return case .some(.configurationInternalError): self = .configurationInternalError return case .none: return nil @unknown default: break } default: break } assertionFailure("Invalid error \(error)") return nil } }

Hello! I created a simple DNS filter application for iOS but the extension is not launching. I am getting this log message in the console. Failed to start extension edu.stanford.stilakid.testDnsFilter.DNSFiltering: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service" UserInfo={NSDebugDescription=connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service} For another project with the same code for dns filtering but different bundleID, I also got the following log message. Failed to start extension edu.stanford.sml.rdahlke.controlShift.DNSProxy: Error Domain=PlugInKit Code=4 "RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}" UserInfo={NSLocalizedDescription=RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}} Also, the log messages I have defined inside the constructor of the dns proxy extension is nowhere to be found in the logs, so I am pretty sure the extension is failing to launch. The debugger attached to the main target app shows no errors as well, so it is able to load and update dnsProtocol. Here is the code: // DNSProxyProvider.swift // DNSFiltering // // Created by Juben Rana on 2/20/24. // import NetworkExtension import os.log class DNSProxyProvider: NEDNSProxyProvider { // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.sml.rdahlke.controlShift", category: "dns-filter") override init() { Self.logger.log(level: .debug, "TestDns: dns proxy provider will init") self.logger = Self.logger super.init() } let logger: Logger override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) { // Add code here to start the DNS proxy. logger.log(level: .debug, "TestDns: proxy will start") completionHandler(nil) } override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { // Add code here to stop the DNS proxy. logger.log(level: .debug, "TestDns: proxy will stop") completionHandler() } override func sleep(completionHandler: @escaping () -> Void) { // Add code here to get ready to sleep. completionHandler() } override func wake() { // Add code here to wake up. } override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { // Add code here to handle the incoming flow. logger.log(level: .debug, "TestDns: proxy is handling flow") return false } } // ContentView.swift // testDnsFilter // // Created by Juben Rana on 2/20/24. // import SwiftUI struct ContentView: View { var body: some View { VStack { // LoginScreen() // .onOpenURL { url in // GIDSignIn.sharedInstance.handle(url) // } Spacer() #if os(macOS) Text("I'm running on macOS") #else Text("I'm running on iOS") #endif Spacer() Button("Activate") { #if os(macOS) ContentFilterMac.shared.activate() #elseif os(iOS) ContentFilter.shared.enable() #endif } Spacer() Button("Deactivate") { #if os(macOS) ContentFilterMac.shared.deactivate() #elseif os(iOS) ContentFilter.shared.disable() #endif } Spacer() Spacer() } .padding() } } #Preview { ContentView() } // // ContentFilter.swift // controlShift // // Created by Juben Rana on 9/28/23. // // This is only for macOS import Foundation import NetworkExtension import os.log // MARK: - Content Filter class ContentFilter { // MARK: - Set Up static let shared = ContentFilter() private init() { Self.logger.log(level: .debug, "content filter will init") self.logger = Self.logger } // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.stilakid.testDnsFilter", category: "content-filter") let logger: Logger // MARK: - DNS Filter private let manager = NEDNSProxyManager.shared() func enable() { loadAndUpdatePreferences { self.manager.localizedDescription = "DNSProxySample" let dnsProtocol = NEDNSProxyProviderProtocol() dnsProtocol.providerBundleIdentifier = "edu.stanford.stilakid.testDnsFilter.DNSFiltering" self.manager.providerProtocol = dnsProtocol self.manager.isEnabled = true } } func disable() { loadAndUpdatePreferences { self.manager.isEnabled = false } } private func loadAndUpdatePreferences(_ completion: @escaping () -> Void) { manager.loadFromPreferences { error in guard error == nil else { debugPrint("DNSProxySample.App: load error") return } completion() self.manager.saveToPreferences { (error) in guard error == nil else { debugPrint("DNSProxySample.App: save error") return } debugPrint("DNSProxySample.App: saved") } } } }

Hello! If I set only remote address, then packet tunnel provider does not intercept packets at all. Internet works. If I add ipv4Settings, then packet tunnel provider somewhat catch packets. If I try open something in web beforehand, and quickly start packet tunnel provider, it sees leftover packets. Internet does not work. If I set DNS settings, then tunnel starts receiving "apple.com", "icloud.com" DNS queries. I guess that's not right. Internet does not work. How do I set everything right? ============= My settings: let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: address) settings.ipv4Settings = NEIPv4Settings(addresses: ["172.16.200.10"], subnetMasks: ["255.255.255.255"]) settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()] settings.ipv4Settings?.excludedRoutes = [ NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0") ] settings.dnsSettings = NEDNSSettings(servers: ["8.8.8.8", "8.8.4.4"]) settings.dnsSettings?.matchDomains = [""] settings.mtu = 1400

Our VPN was implemented using the NEPacketTunnelProvider, in the case of back end permanent errors (e.g. permission denied), we would stop the VPN tunnel by calling the cancelTunnelVPNWithError method. This did stop the VPN, however the VPN would auto reconnect and enter an infinite loop of connecting and disconnecting due to the back end permanent error. The VPN was turned on from the VPN settings. To completely disable the VPN, we need to either delete the VPN configuration, or manually tap on the toggle to disable. Sample code: - (void)PPNService:(PPNService *)PPNService didStopWithError:(nullable NSError *)error { SUBSPPNStatusData *ppnStatusData = [[SUBSPPNStatusData alloc] init]; SUBSPPNToggleStatus *toggleStatus = [[SUBSPPNToggleStatus alloc] init]; toggleStatus.ppnToggleStatus = SUBSPPNToggleStatus_PPNToggleStatus_Off; if (error) { [_ppnSessionManager logSessionEnd]; [self cancelTunnelWithError:error]; ppnStatusData.ppnStatus = SUBSPPNStatusData_PPNStatus_StoppedWithError; PPNStatusDetails *details = error.userInfo[PPNStatusDetailsKey]; } Question: Why does the VPN auto reconnect after calling the cancel method? Any solutions to completely stop the VPN on permanent errors.

Issue Description: When VPN packet tunnel provider is configured as Full tunnel with Tunnel routes as below, tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; and saved to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” After saving the configuration to preferences and after receiving the NEVPNConfigurationChangeNotification we are starting the tunnel using “startVPNTunnelWithOptions”. Not able to connect to VPN only from iOS 17 and above devices and internet is getting blocked throughout the device after trying to the start tunnel. Once this issue is occurred, need to restart the device to get the internet connection back. On iOS 16 and Below: Able to successful connect and start VPN tunnel. On iOS 17 and Later: Not able to connect to VPN. VPN tunnel status is getting changed from connecting to disconnected. Internet on the device is getting blocked after VPN gets disconnected. Need to restart the device to get the internet connection back. We can see the below device console logs: After applying the above NETunnelProviderManager preferences and starting the tunnel, we can see that the VPN status is changed to connecting, 14:59:22.599515+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to connecting Later we can see the status is getting changed to Disconnected: 14:59:23.588634+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to disconnected, last stop reason None 14:59:23.589042+0530. nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: Updated network agent (inactive, compulsory, not-user-activiated, not-kernel-activated) After this receiving the NEVPNStatusChanged notification in our application and NEVPNStatus is changed to Disconnected. When checked the reason for disconnect using “fetchLastDisconnectErrorWithCompletionHandler” on NEVPNConnection, we can see below Error string : The VPN session failed because an internal error occurred Error code : 12 After sometime I see that the VPN status is again changed back to connecting, 14:59:24.615125+0530 nesessionmanager NESMVPNSession[Primary Tunnel:bng-pcs-gateway.pulsesecure.net/pulse:24711A15-54C6-44C7-987D-65B7BFF3F294:(null)]: status changed to connecting But by this time there is no internet connection across device. Steps to reproduce: Configure VPN packet tunnel provider as Full tunnel with Tunnel routes(as mentioned above) Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” Try to connect to VPN From iOS 17 and above its observed that, not able to connect to VPN and internet connection in the device is getting blocked Queries: From the above observation my queries are, Why are we receiving the Disconnected state during connection? Why is this issue occurring only with iOS 17 and above device? What changes specifically done around tunnel from iOS 17 and above?

Hi Team, In Sonoma, we have observed NIMLOC DNS queries originating from the utun interface with identical destination and source addresses, causing a loopback within utun. How should these DNS queries be handled? This issue does not occur in Ventura. Please refer to the attached screenshot.

Hi! We are investigating the power consumption of our VPN app on iOS. We noticed that while the VPN tunnel is started, we frequently experience sleep and wake events. Depending on the device it varies somewhere between 60 - 600 times during an overnight test where the device is just laying around and doing absolutely nothing. I looked into the system logs, and the wake reason is always this one: 2024-03-01 03:09:00.836588+0200 0x35e96 Default 0x0 50 7 wifid: (WiFiPolicy) [com.apple.WiFiPolicy:] System wake reason: SMC.OutboxNotEmpty smc.70070000 baseband I googled what OutboxNotEmpty means, but I only found several macOS-related topics. Interestingly, when I leave the same phone without a VPN running, I don't see the above log even once during an overnight test. I also tested a different VPN app and saw the above log in the system logs. This makes me think this is either some iOS feature I don't understand or some bug that causes frequent wakeups. I'd appreciate any feedback if this is a known issue or if we need to do something differently within our tunnel implementation.

Hi Team, I have been working on an application that includes a Network Extension. I wanted to disable it if a captive portal is detected over the network. I have tried different approaches to detect it, including the standard approach outlined in the following document: https://datatracker.ietf.org/doc/html/draft-ietf-capport-api, using the URL https://captive.apple.com/hotspot-detect.html. However, none of these methods seem to be working. Additionally, the kSCNetworkReachabilityFlagsConnectionRequired flag is not being flagged when under a captive network. Could you please assist with this issue? Thank you.

I am reaching out regarding the usage of the fetchCurrent method within the NEHotspotNetwork framework. According to the documentation provided at [https://developer.apple.com/documentation/networkextension/nehotspotnetwork/3666511-fetchcurrent], it is mentioned that in order to utilize this method, the application needs to meet all four of the following conditions: The app is using the Core Location API and has the user’s authorization to access precise location. The app used the NEHotspotConfiguration API to configure the current Wi-Fi network. The app has active VPN configurations installed. The app has an active NEDNSSettingsManager configuration installed. However, upon reviewing the comments in the code for the fetchCurrent method, it states: "This method returns SSID, BSSID, and security type of the current Wi-Fi network when the requesting application meets one of the following 4 requirements -." Could you please clarify whether it is necessary to fulfill all four conditions or if meeting just one of the four requirements is sufficient to use the fetchCurrent method?

iOS 17 issue: I am connecting to VPN connection with configuration as full tunnel which is tunneling all the traffic generated on my device which is expected. This is for Full Tunnel and Tunnel routes: //Below is the NEPacketTunnelProvider configuration tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked until I restart the device. NOTE: This behavior is not seen with iOS 16 and below and things work smooth. Kindly update as soon as possible.

I'm using NEHotspotNetwork for getting the WiFi network information , ex - SSID , BSSID and Signal Strength. But the BSSID values are not accurate comparing to the Router MAC Address . The last segment value is different is always from NEHotspotNetwork. Is apple intentionally proving last value differently or do I need to use any other API for getting the MAC address of a router. Example : What I am getting using NEHotspotNetwork : c3:85:63:26:56:ef The actual Mac address of the Network : c3:85:63:26:56:3c

I am connecting to VPN connection with NEPacketTunnelProvider configuration as IncludeAllNetworks=YES; ExcludeLocalNetwork=NO; which is tunneling all the traffic generated on my device which is expected. But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked unless I restart the device. This behavior is not seen with iOS 16 and things work smooth. Kindly update as soon as possible

Hi Community: I want to know (if someone knows) why content filters are only available for: Supervised devices Apps with Screen time, but only for children. Is that make any sense while in Mac is supervision is not needed? Why adults cannot decide to use a built in content filter instead of using screen time pre-filter by them selves? Are they no conscious about what are they doing? Are there any UX question to not open this powerful tool to improve an iOS user experience guided by third parties? Thanks in advance.

I've developed an VPN app using NEVPNManager API (IKEv2 protocol). Can I publish this app in AppStore from my developer account enrolled as an individual?

I encountered a problem while implementing DNS Proxy for Network Extension. It consists of MyMyExt, a System Extension that implements DNS Proxy, and MyMyService, a container. The system extension consists of classes that inherit the NEDNSProxyProvider. Class has overrided "override init(), override func startProxy(...), override func stopProxy(...) override func handleNewFlow(...)" Since the manager.loadFromPreferences(...) and manager.saveToPreferences(...) calls, system extensions and DNS Proxy have been added. However, contrary to expectations, init(), startProxy(...), etc. are not being called. (In System Settings → Network → Filter, DNS Proxy has been added, but is displayed as "Activated" and a yellow circle) Here is the information that appears on the console. ... Omitted ... MyMyService.MyMyExt [Info] DNSProxyManager.swift: 51 [-] DNSProxy: saved nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Adding a connection for client mDNSResponder[167] nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: handleNetworkDetectionNotification &lt;MyMyService.MyMyExt&gt; nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Received a restart command from nesessionmanager[1011] nesessionmanager Registering session NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)] nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Resetting VPN On Demand nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)] in state NESMVPNSessionStateIdle: update configuration nesessionmanager &lt;NESMServer: 0x13ae0ac90&gt;: &lt;MyMyService.MyMyExt&gt; Register DNS Proxy Session: NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)] nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Successfully registered nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: status changed to connecting nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)] in state NESMVPNSessionStateIdle: received start message nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Leaving state NESMVPNSessionStateIdle nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Entering state NESMVPNSessionStatePreparingNetwork nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Cannot create agent for plugin type MyMyService.MyMyExt, missing designated requirement nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Failed to create an NEAgent nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Leaving state NESMVPNSessionStatePreparingNetwork nesessionmanager NESMDNSProxySession[Primary Tunnel:MyMyService.MyMyExt:&lt;GUID&gt;:(null)]: Entering state NESMVPNSessionStateStopping, timeout 20 seconds ... Omitted ... Perhaps the key is the "Cannot create agent for plugin type MyMyService.MyMyExt, missing designated requirement" recorded in the log. But I can't find out what this message is about or how to resolve it. and, here is my code, more info at my previous post. I ask for your help. Thank you, for your attention.

Note The PF side of this is now covered by TN3165 Packet Filter is not API. Network Extension (NE) providers let you create products for VPN, content filtering, transparent proxying, and so on. Various Apple platforms support various different provider types. See TN3134 Network Extension provider deployment for the details. On iOS NE providers are the only game in town. It’s not possible to implement products like this in any other way. On macOS, however, there are a variety of other ad hoc techniques you might use. These include: Packet Filter (PF) aka pfctl (see its man page) A utun interface (see <net/if_utun.h>) Network kernel extensions (NKE), aka KEXTs People use these techniques for a variety of reasons. For example, you might have a product that predates the NE provider architecture, or you might want to reuse code that you wrote for another platform. Regardless of the reason, be aware that DTS doesn’t support these ad hoc techniques. If you’re building a product like this for macOS, create an NE provider. We’ve adopted this policy because, in our experience, these ad hoc techniques tend to be very brittle, and thus are not supportable in the long term. A great example of this is PF. There’s no documented arbitration scheme for PF rules so, as a third-party developer, the rules you install might be incompatible with the rules set up by various macOS features, other third-party developers, the user, or the site admin. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" Revision History 2028-02-09 Added a link to TN3165. 2023-11-23 First posted.

Hello, When I used iPhone 14 Pro Max (iOS 17.3.1) to test, the Network Extension exceeding 15 MB would still automatically close the VPN connection, unlike what was mentioned on the Apple Developer Website that the NE memory limit increased to 50MB after iOS 15. What is this? The reason? Thank you so much