Packet Tunnel Provider - onDemandRules and Sleep

App & System Services Networking
roee84 OP
Created May ’20
Replies 7
Boosts 0
Views 2.7k
Participants 2

I've implemented a VPN app for macOS with Packet Tunnel Provider.

I've configured it to be onDemand, which should always connect:

targetManager?.isOnDemandEnabled = true
let onDemandRuleConnect = NEOnDemandRuleConnect()
targetManager?.onDemandRules = [onDemandRuleConnect


I've also set it to disconnect on sleep:

targetManager?.protocolConfiguration?.disconnectOnSleep = true


The question:

From the logs I have I see that the Mac enters sleep mode, so stopTunnelWithReason is called with reason 15 (The device went to sleep and disconnect).

Right after that, the VPN status changed to 'Disconnected' (as expected),

but then, right after that, the VPN status changed to 'Connecting' - this is probably because of how I set the onDemand, but I'm not sure of it - if the device enters sleep, why does the system starts the VPN again?

I think this behavior is causing me some problems.

What's the best way to "fix" this?

Replies  7
Boosts  0
Views  2.7k
Participants  2
Systems Engineer OP
Apple
May ’20

I'm not sure if this is something to fix or if this is up and running. Was there network activity that caused the onDemandRules to trigger a re-connection?


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
roee84 OP
May ’20

I can't say for sure, but if there was such an activity I think that one of those should happen:

1. The OS won't start the VPN because the device is about to enter sleep

2. The OS will start the VPN, but it won't put the device on sleep mode


From my logs it seems that in the above case, where 'stopTunnelWithReason' was called, and then the VPN started again, at the middle of the connection attempt, specifically - at the getaddrinfo() func, this function not returns. This is a blocking func, and I suspect that it's not returning because there isn't netwrok access anymore (because the device entered sleep).

0
Systems Engineer OP
Apple
May ’20

Yeah, it sounds like if getaddrinfo is being called then there may be network activity and that could be why your are seeing the status change to Connecting. You could open an enhancement request for these conditions. If you do, please make sure to follow up with the feedback number so I can copy myself on the request.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
roee84 OP
May ’20

Done, feedback number: FB7688534, I even added there some more details (In those cases, there are some times in which the Mac exits the Sleep mode, but then I see at my app the error 'Network is unreachable').


And thanks for all your anwers!

0
Systems Engineer OP
Apple
May ’20

No problem at all. I found your enhancement request internally and copied myself on it. Thank you for including the sysdiagnose as well.


I will keep this thread updated with any updates I received.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0
roee84 OP
Jan ’21
Hi @meaton, any updates on this one?
0
Systems Engineer OP
Apple
Jan ’21
Nothing at this time. I can confirm that your bug did land in the right place though.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Packet Tunnel Provider - onDemandRules and Sleep
First post date Last post date
 
 
Q