NEPacketTunnelProvider & Mac Catalyst

I'm trying to run a packet tunnel provider built through Mac Catalyst from an iPad OS application. On iOS, everything works well. But on macOS, the profile is installed on the system, but it does not start. There is always an error in the system logs: Failed to create NSExtension with type <MyAppBundleIdentifier>. The application and extension together are in the sandbox. Network Extension permission on both. ProviderBundleIdentifier is set in the protocol settings.


Main app entitlements:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>application-identifier</key>
  <string>...</string>
  <key>com.apple.application-identifier</key>
  <string>...</string>
  <key>com.apple.developer.associated-application-identifier</key>
  <array>
  <string>...</string>
  </array>
  <key>com.apple.developer.game-center</key>
  <true/>
  <key>com.apple.developer.networking.networkextension</key>
  <array>
  <string>packet-tunnel-provider</string>
  </array>
  <key>com.apple.developer.team-identifier</key>
  <string>...</string>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.get-task-allow</key>
  <true/>
  <key>com.apple.security.network.client</key>
  <true/>
  <key>com.apple.security.network.server</key>
  <true/>
  <key>get-task-allow</key>
  <true/>
  <key>keychain-access-groups</key>
  <array>
  <string>...</string>
  </array>
</dict>
</plist>


Plugin entitlements:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>application-identifier</key>
  <string><...>.tunnel</string>
  <key>com.apple.application-identifier</key>
  <string><...>.tunnel</string>
  <key>com.apple.developer.associated-application-identifier</key>
  <array>
  <string><...>.tunnel</string>
  </array>
  <key>com.apple.developer.game-center</key>
  <true/>
  <key>com.apple.developer.networking.networkextension</key>
  <array>
  <string>packet-tunnel-provider</string>
  </array>
  <key>com.apple.developer.team-identifier</key>
  <string><...></string>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.get-task-allow</key>
  <true/>
  <key>com.apple.security.network.client</key>
  <true/>
  <key>get-task-allow</key>
  <true/>
</dict>
</plist>



Info.plist from tunnel.appex:

<key>LSMinimumSystemVersion</key>
  <string>10.15.1</string>
  <key>NSExtension</key>
  <dict>
  <key>NSExtensionPointIdentifier</key>
  <string>com.apple.networkextension.packet-tunnel</string>
  <key>NSExtensionPrincipalClass</key>
  <string>tunnel.PacketTunnelProvider</string>
  </dict>


The extension is registered in pluginkit, but when you search by identifier or by the protocol com.apple.networkextension.packet-tunnel, it finds only other extensions besides the necessary.

pluginkit -mDv | grep <...>
     com.<...>.<...>.tunnel(1.0) 0CDCF814-3597-4AAB-BE9E-2A96C1C66D96 2019-11-28 13:20:05 +0000 /Users/<...>/Library/Developer/Xcode/DerivedData/AppName-dhfyglpazzpgzwayipvetcjosapf/Build/Products/Debug-maccatalyst/AppName.app/Contents/PlugIns/tunnel.appex
pluginkit -mDv -p com.apple.networkextension.packet-tunnel
 (8 plug-ins) but no target identifier


Thanks for the help.

Answered by Alnik in 410171022

Workaround for this. Create new NetworkExtension target for macOS. In build phases of main iOS app target, in "Embed App Extension" and "Dependencies" add and choose this new NetworkExtension target for platform macOS. And all works.

Same issue here. Did you solved the problem?

Accepted Answer

Workaround for this. Create new NetworkExtension target for macOS. In build phases of main iOS app target, in "Embed App Extension" and "Dependencies" add and choose this new NetworkExtension target for platform macOS. And all works.

NEPacketTunnelProvider &amp; Mac Catalyst
 
 
Q