Hello.
I am very glad to hear that network extension now can distribute by devloperid.
However, after I modify my old packet-tunnel-provider code(App-extension way, work well) I found that appgroups is invalid in packet-tunnel-provider. More specifically, I create a file in appgroups directory(i.e. groupContainer/AppgroupName/) but I cannot find it, and the ipc by appgroups manage by myself is invalid too. Creating a file in appgroups in container app is still valid after modify my code.
I am sure of the following things.
1) The packet-tunnel provider extension is work because I see log in console and I can see my vpn established in system titlebar.
2) The entilment and sign of my app and extension is using system-extension(like packet-tunnel-provider-systemextension).
3) I disable the SIP for my mac.
4) I am using developerid profile.
5) I set exactly the appgroup in capacity of my extension .
6) I start the packert-tunnel-provider by submit OSSystemExtensionRequest and then call the startVPNTunnelWithOptions in container app.
Are there some limitations or bugs when using packet-tunnel-provider in system-extension way?
BTW, The systemExtension prints lot of errors although it is work. (Like macos error -25337, macos error -65537, Signature check failed: invalid signature (code or signature have been modified), CSSM Exception: 3 unknown error 3=3, CSSM Exception: -2147414013 CSSMERR_DL_MDS_ERROR, CMSDecoderCopySignerStatus failed with kCMSSignerInvalidSignature error (3)).
Any help or advice is appreciate. Thanks in advanced.