PacketTunnelProvider Not Connecting

App & System Services Networking
t-joave OP
Created Aug ’18
Replies 7
Boosts 0
Views 2.0k
Participants 2

Ive made a Per-App VPN client which reads a vpn configuration from a configuration profile and then launches the PacketTunnelProvider to establish a connection with the tunnel_server (both PacketTunnelProvider and tunnel_server are identical to the ones in the SimpleTunnel example). Furthermore, the tunnel_server is able to successfully start as well.


The problem seems to be in the PacketTunnelProvider right after the ClientTunnel calls the first line in the "observeValue" function which only gets triggered after "connection!.addObserver" is called by ClientTunnel as it attempts to start the tunnel. The PacketTunnelProvider doesnt seem to get passed this line and never connects. (Connection status remains "disconnected")

Specific Line in the "ObserverValue" function that fails:

guard keyPath == "state" && context?.assumingBound().pointee == connection else
{
//code never reaches this
}
//code reaches this either



Any assistance would be appreciated.

Answered by t-joave in 326492022

So the issue seemed to be that for the Packet Tunnel Provider target, the "Outgoing Connections Client" check box within the App Sandbox capability wasnt checked so no outgoing network connections were allowed even though my server address was indeed correct.


I currently have a different issue but at least this one was resolved.

Replies  7
Boosts  0
Views  2.0k
Participants  2
DTS Engineer OP
Apple
Aug ’18

PacketTunnelProvider Not Connecting

What do you see on the ‘wire’?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
t-joave OP
Aug ’18

Not sure what "wire" is, Ibut m no longer getting the former issue (where packettunnel extension would stop running whenever it would access the "connection" var in ClientTunnel class) and seems like the PacketTunnel extension successfully runs the "clientTunnel.startTunnel()" method without stopping.


However, the PacketTunnel extension still doesn't establish a tunnel with the tunnel_server whenever I call:

connection = provider.createTCPConnection(parameters)

in "startTunnel" func of the "ClientTunnel" class since connection status goes from "connecting" to "waiting", meaning it failed to connect. The weird part is that no errors are thrown so I have no idea what's the issue.


Question:

What could be causing "provider.createTCPConnection(parameters)" not to succeed if the code for both the app extension and tunnel_server are identical to the SimpleTunnel example. Or why isnt the tunnel being established if no errors are being thrown. I simply load the per-app vpn configuration from a configuration profile in a NETunnelProviderManager and start the app extension with it.

0
DTS Engineer OP
Apple
Aug ’18

Not sure what "wire" is …

I’m talking about a packet trace, per QA1176 Getting a Packet Trace. Your call to 

createTCPConnection(…)
should open a TCP connection to the VPN server, and a good first step is to see whether that’s happening, whether the connecting is targeting the correct IP address and port, and whether the server actually accepts it. You can learn all of these from a packet trace.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
t-joave OP
Aug ’18

Oh I see. Yea, I did that using WireShark and I can see that the server isnt accepting the the connection even though the ip address and port are correct. When I ping the server using the tcpping tool, it connects fine. So its not a server issue for sure.


Anything else I can do? Otherwise Im completely stummped. This is not even my code, its basically just the SimpleTunnel example from Apple.

0
DTS Engineer OP
Apple
Aug ’18

I did that using WireShark and I can see that the server isnt accepting the the connection even though the ip address and port are correct. … So its not a server issue for sure.

Huh? One of the main goals of a packet trace is to ascribe blame. You can look at the traffic on the ‘wire’ to see if it’s correct or not. If it’s not correct, the sender is the problem. If it is correct, the receiver is the problem. In this case you’re saying that the traffic on the wire is correct (“the IP address and port are correct”) and then ascribing blame to the client. That makes no sense to me.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
0
t-joave OP
Aug ’18
Accepted Answer

So the issue seemed to be that for the Packet Tunnel Provider target, the "Outgoing Connections Client" check box within the App Sandbox capability wasnt checked so no outgoing network connections were allowed even though my server address was indeed correct.


I currently have a different issue but at least this one was resolved.

0
@AtOmXpLuS OP
Apr ’20

Everything in AtOmXpLuS

0
PacketTunnelProvider Not Connecting
First post date Last post date
 
 
Q