Configuring DNS proxy without app launch

App & System Services Networking
scalo OP
Created Apr ’20
Replies 4
Boosts 0
Views 1.1k
Participants 2

Our DNSProxyProvider network extension is currently provisioned for customers by a "siteKey" that they include in their MDM config. This works fine - when the app launches it pulls the siteKey from the providerConfiguration vended by NEDNSProxyManager.


Of course, some of our customers would like the DNS proxy to run without making their users open the app even once. This is proving to be challenging. The proxy itself can't get the providerConfiguration from NEDNSProxyManager because, as we see in the console:


NEDNSProxyManager objects cannot be instantiated from NEProvider processes


On macOS you can force settings into an app via the mobileConfig plist, which are then accessible via the "com.apple.configuration.managed" standard user defaults key. But as far as I can tell, this doesn't work on iOS. (Or maybe it does but the format is different? I can't find any documentation on this for iOS.)


Is there any way to get this bit of information at the proxy level without ever launching the main app? Thanks!

Answered by scalo in 416998022

Actually I just figured it out! NEDNSProxyProvider.startProxy() includes an options dictionary and that includes data from the MDM providerConfiguration.

Replies  4
Boosts  0
Views  1.1k
Participants  2
Systems Engineer OP
Apple
Apr ’20

This message you are seeing:

| NEDNSProxyManager objects cannot be instantiated from NEProvider processes


Is this messaged being displayed right after installation? What happens if a new flow comes in that the NEDNSProxyManager needs to evaluate handling?


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
scalo OP
Apr ’20

Hi Matt, that message isn't logged until the proxy extension actually tries to instantiate an NEDNSProxyManager object. New flows appear as normal. The problem is that the extension needs this siteKey string that's in the mobileConfig profile. I haven't been able to figure out how to get that string to the proxy extension without first launching the app. Thanks.

0
Systems Engineer OP
Apple
Apr ’20

Something looks to be missing here in accessing the providerConfiguration from the DNS Proxy Provider extension. For example, looking at this from VPN tunnel side, a tunnel provider has a property called protocolConfiguration which leads to a NETunnelProviderProtocol subclass that ultimately has the providerConfiguration dictionary attached to it. This providerConfiguration contains the values set from the configuration file. This does not seem to be the case for the DNS Proxy Provider. Please file a bug on this and follow up on this thread with the Feedback ID.


As a workaround please use the main app to get at this providerConfiguration value for now.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
scalo OP
Apr ’20
Accepted Answer

Actually I just figured it out! NEDNSProxyProvider.startProxy() includes an options dictionary and that includes data from the MDM providerConfiguration.

1
Configuring DNS proxy without app launch
First post date Last post date
 
 
Q