Packet Tunnel Provider - connection while switching users

App & System Services Networking
roee84 OP
Created Mar ’20
Replies 6
Boosts 0
Views 545
Participants 2

I have a VPN app (Packet Tunnel Provider) for Mac at the App Store, and I got the following question from a customer:

"Can the VPN stay connected between switching users in macOS?"

The customer tested it and saw the following:

"When switching users, VPN stays connected in Mojave OS but will be disconnected on Catalina OS."


I don't know how to reply and I don't know what is the expected behavior in those cases.

The only guess that I have is that it's not suppose to stay connected, because this is not a system extension, so it probably be relevant only to one user. But I'm not sure of it.


Some details that might help - The VPN is not installed from MDM, and it comes with on-demamd rules to try and stay connected whenever there's traffic.

Answered by Systems Engineer in 411226022

After doing some more digging on this I would have expected this scenario to be the other way around. For example, unlike App Extensions in Mojave, System Extension (or Network Extensions) in Catalina will run independently of any user logged into the system. I think it may be best to open a bug on this so the Engineering team can take a closer look. Please follow up with the bug number of this thread so I can copy myself on it.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

Replies  6
Boosts  0
Views  545
Participants  2
Systems Engineer OP
Apple
Mar ’20

Just to make sure I understand, a user is requesting that the VPN stay connected between user A logging out and user B logging in, so both users can take advantage of the same tunnel, and this is happening on Mojave currently but not Catalina. Is that correct?



Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
roee84 OP
Mar ’20

Exactly.

"this is happening on Mojave currently but not Catalina" - this is according to the user, I didn't test it myself.

0
Systems Engineer OP
Apple
Mar ’20
Accepted Answer

After doing some more digging on this I would have expected this scenario to be the other way around. For example, unlike App Extensions in Mojave, System Extension (or Network Extensions) in Catalina will run independently of any user logged into the system. I think it may be best to open a bug on this so the Engineering team can take a closer look. Please follow up with the bug number of this thread so I can copy myself on it.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
roee84 OP
Mar ’20

Sure, I opened a bug - FB7637793.

Thanks for all the help!

0
Systems Engineer OP
Apple
Mar ’20

Thank you for opening the bug. I've copied myself on it and will keep this thread updated on any future updates.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
roee84 OP
Mar ’20

More info: Reproducing this, causing the stopTunnelWithReason to be called, with the reason 'userLogout'.

I'll update the bug with that info.

0
Packet Tunnel Provider - connection while switching users
First post date Last post date
 
 
Q