I'm trying to run a packet tunnel provider built through Mac Catalyst from an iPad OS application. On iOS, everything works well. But on macOS, the profile is installed on the system, but it does not start. There is always an error in the system logs: Failed to create NSExtension with type <MyAppBundleIdentifier>. The application and extension together are in the sandbox. Network Extension permission on both. ProviderBundleIdentifier is set in the protocol settings.
Main app entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string>...</string>
<key>com.apple.application-identifier</key>
<string>...</string>
<key>com.apple.developer.associated-application-identifier</key>
<array>
<string>...</string>
</array>
<key>com.apple.developer.game-center</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>...</string>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.get-task-allow</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>...</string>
</array>
</dict>
</plist>
Plugin entitlements:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>application-identifier</key>
<string><...>.tunnel</string>
<key>com.apple.application-identifier</key>
<string><...>.tunnel</string>
<key>com.apple.developer.associated-application-identifier</key>
<array>
<string><...>.tunnel</string>
</array>
<key>com.apple.developer.game-center</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string><...></string>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.get-task-allow</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>get-task-allow</key>
<true/>
</dict>
</plist>
Info.plist from tunnel.appex:
<key>LSMinimumSystemVersion</key>
<string>10.15.1</string>
<key>NSExtension</key>
<dict>
<key>NSExtensionPointIdentifier</key>
<string>com.apple.networkextension.packet-tunnel</string>
<key>NSExtensionPrincipalClass</key>
<string>tunnel.PacketTunnelProvider</string>
</dict>
The extension is registered in pluginkit, but when you search by identifier or by the protocol com.apple.networkextension.packet-tunnel, it finds only other extensions besides the necessary.
pluginkit -mDv | grep <...>
com.<...>.<...>.tunnel(1.0) 0CDCF814-3597-4AAB-BE9E-2A96C1C66D96 2019-11-28 13:20:05 +0000 /Users/<...>/Library/Developer/Xcode/DerivedData/AppName-dhfyglpazzpgzwayipvetcjosapf/Build/Products/Debug-maccatalyst/AppName.app/Contents/PlugIns/tunnel.appex
pluginkit -mDv -p com.apple.networkextension.packet-tunnel
(8 plug-ins) but no target identifier
Thanks for the help.