I Have activated the NEAppProxyProvider . now i want to start it running.
Since NETransparentProxyManager just has loadAllFromPreferencesWithCompletionHandler and no SAVE i am using NEVPNManager.
i am trying to load it using the follwing steps:
[NEVPNManager sharedManager]
loadFromPreferencesWithCompletionHandler:
vpnmanager.enabled = YES;
saveToPreferencesWithCompletionHandler
i am not getting called at NEAppProxyProvider's startProxyWithOptions.
^^^^^^^^^^
any pointer would help.
One approach in debugging this would be to verify if startProxyWithOptions is being triggered by using the os_log API and checking what is being logged in the Console.app. Another approach would be to see if your NEAppProxyProvider is used:
override init() {
self.log = Self.log
os_log(.debug, log: self.log, "init")
super.init()
}Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com
saveToPreferencesWithCompletionHandler gives error as "Missing protocol or protocol has invalid type."
not sure why this error ?
When debugging transparent proxy issues I usually do it by creating a test app. Here's starting configuration I use, minus the specific network details of your configuration.
// Configure
NETransparentProxyManager.loadAllFromPreferences { managers, error in
// Create and configure your NETransparentProxyManager here from the first manager array.
// This includes items like, but not limited to:
let protocol = NETunnelProviderProtocol()
protocol.serverAddress = ""
protocol.providerBundleIdentifier = ""
manager.protocolConfiguration = protocol
manager.isEnabled = true
manager.localizedDescription = "My Transparent Proxy"
manager.saveToPreferences { error in
// Deal with error or update UI here
}
}// Connect
NETransparentProxyManager.loadAllFromPreferences { managers, error in
do {
try manager.connection.startVPNTunnel()
} catch {
// Deal with error here
}
}// NEAppProxyProvider subclass.
override func startProxy(options: [String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) {
os_log(.debug, log: self.log, "provider will start")
// Create your NETransparentProxyNetworkSettings here
let settings = self.createTunnelSettings()
...
self.setTunnelNetworkSettings(settings) { error in
if error {
completionHandler(error)
os_log(.debug, log: self.log, "error starting provider: %{public}@", error.domain)
return
}
completionHandler(nil)
os_log(.debug, log: self.log, "provider did start")
}
}Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com
i could start the app proxy ;
also startVPNTunnelAndReturnError returned success .
When i open Network preferences, it shows "Connecting..."
I also don't get any calls to startProxyWithOptions.
am i missing anything?
Check your providerBundleIdentifier to make sure this matches your App Proxy Extension.
In your App Proxy Extension, check your info.plist to make sure the NetworkExtension dictionary is setup properly. Make sure the NEProviderClasses matches your NEAppProxyProvider subclass.
| I also don't get any calls to startProxyWithOptions.
From there, make sure you have the desired NETransparentProxyNetworkSettings setup and included in setTunnelNetworkSettings(settings).
Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com
thank you matt for your help .
Now i am getting called at startProxyWithOptions.
thereafter i am using NETransparentProxyNetworkSettings with tunnel remote address as "127(dot)0(dot)0(dot)1".
created arrary of 2 NENetworkRules and set it to includedNetworkRules
then i call setTunnelNetworkSettings which produces error Domain is NETunnelProviderErrorDomain Code=1 "9223372036854775807 is an invalid network prefix. The prefix must be less than or equal to 32.
wanted to ask what wrong i am doing here ?
It looks like you are using an incorrect address for your NWHostEndpoint in your NENetworkRules. For example, it looks like you are dealing with a IPv4 address because your prefix must be less than or equal to 32. So check and see how 9223372036854775807 is getting evaluated as the v4 address size.
Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com
thank you Matt
setTunnelNetworkSettings is now success. in network preferences the connection appears to be GREEN.
But cannot see any flow to handleNewFlow.
i was wondring whether i have the rules set right? following is the logic :
NWHostEndpoint *host= [NWHostEndpoint endpointWithHostname:@"apple" port:@"0"] ;
NENetworkRule *Rule= [[NENetworkRule alloc] initWithDestinationNetwork:host prefix:0 protocol:NENetworkRuleProtocolAny] ;
NSArray *RULES= [NSArray arrayWithObjects:Rule, nil];
NETransparentProxyNetworkSettings *Settings= [[NETransparentProxyNetworkSettings alloc] initWithTunnelRemoteAddress:@"127(dot)0(dot)0(dot)1"];
Settings.includedNetworkRules = RULES;
Settings.excludedNetworkRules = nil;
[self setTunnelNetworkSettings:Settings ...........
----------------------
with this i was expecting the flow going throuh browser to apple.com be redirected to my handleNewFlow . But i am not being called at handleNewFlow .
please help if i am missing any basic here.
What you could do is cast a wider net here on your NENetworkRules. Try and capture all outbound connections for a local network range first and then try to dial it in to specific host endpoints. This will give you a better shot at capturing new flows to handle.
Matt Eaton
DTS Engineering, CoreOS
meaton3 at apple.com
thank you Matt !
That helped; Now getting called at handleNewFlow (but with faults in between )
few observations though:
1 > with endpointWithHostname: 0(dot)0(dot)0(dot)0 (where i am trying to fetch all the flows to a port) i see the above error "prefix must be less than or equal to 32" and proxy is disconnected .
2 > with endpointWithHostname: "0" : same problem as above
3 > with endpointWithHostname: "" , gets called at handleNewFlow but on the way see fault "nw_endpoint_create_host_with_numeric_port invalid empty string hostname"
so what is the right string to use in endpointWithHostname to get all the traffic to a port ?