Catalina cannot find my network extension system extension

Hey everyone!


I am trying to distribute a VPN app (for testing) using Developer ID.


When I run the notorized version, I get into the following error (from Console):


nesessionmanager Found 0 (0 active) registrations for com.blahblahnetwork.BlahBlahMac.BlahBlahTunnelSystemExtension (com.apple.networkextension.packet-tunnel)


I followed the step outlined here: https://forums.developer.apple.com/thread/125508#402187 to setup my network extension as system extension.


I've also set the NEMachServiceName to $(TeamIdentifierPrefix)com.blahblahnetwork.BlahBlahMac.BlahBlahTunnelSystemExtension.


Do you guys have some idea why the system appears not able to find my system extension bundle?


Attached at the end are my Console output and the entitlements of the app and system extension.


Hope to heard your thoughts! Thanks

Bill


Console log (macOS Catalina)


default    03:13:01.488624-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Received a start command from BlahBlahMac[3661]
default    03:13:01.488708-0700    nesessionmanager    Registering session NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]
default    03:13:01.489079-0700    nesessionmanager    <NESMServer: 0x7fa139d0bcb0>: Register Enterprise VPN Session: NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]
default    03:13:01.489129-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Successfully registered
default    03:13:01.491373-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: status changed to connecting
default    03:13:01.491636-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)] in state NESMVPNSessionStateIdle: received start message
default    03:13:01.491709-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Leaving state NESMVPNSessionStateIdle
default    03:13:01.491748-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Entering state NESMVPNSessionStatePreparingNetwork
default    03:13:01.492033-0700    nesessionmanager    Found 0 (0 active) registrations for com.blahblahnetwork.BlahBlahMac.BlahBlahTunnelSystemExtension (com.apple.networkextension.packet-tunnel)
default    03:13:01.492206-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Leaving state NESMVPNSessionStatePreparingNetwork
default    03:13:01.492261-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Entering state NESMVPNSessionStateStarting
default    03:13:01.492316-0700    nesessionmanager    NEVPNTunnelPlugin(com.blahblahnetwork.BlahBlahMac[inactive]): Sending start command
default    03:13:01.493093-0700    BlahBlahMac    Last disconnect error for BlahBlah Apple Tunnel changed from "The VPN app used by the VPN configuration is not installed" to "none"
default    03:13:01.492341-0700    nesessionmanager    com.blahblahnetwork.BlahBlahMac[inactive]: starting
error    03:13:01.494218-0700    nesessionmanager    com.blahblahnetwork.BlahBlahMac[460]: Tearing down XPC connection due to setup error: Error Domain=NEAgentErrorDomain Code=2 "(null)"
default    03:13:01.494291-0700    nesessionmanager    com.blahblahnetwork.BlahBlahMac[460]: XPC connection went away
default    03:13:01.494971-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.blahblahnetwork.BlahBlahMac[inactive]) started with PID 0 error Error Domain=NEAgentErrorDomain Code=2 "(null)"
default    03:13:01.495934-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Leaving state NESMVPNSessionStateStarting
default    03:13:01.495984-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Entering state NESMVPNSessionStateStopping, timeout 20 seconds
default    03:13:01.496079-0700    nesessionmanager    <NESMServer: 0x7fa139d0bcb0>: Request to uninstall session: NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]
default    03:13:01.496112-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: status changed to disconnecting
default    03:13:01.496171-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Updated network agent (inactive, compulsory, not-user-activiated, not-kernel-activated)
default    03:13:01.496397-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Leaving state NESMVPNSessionStateStopping
default    03:13:01.496443-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Entering state NESMVPNSessionStateDisposing, timeout 5 seconds
default    03:13:01.496481-0700    nesessionmanager    com.blahblahnetwork.BlahBlahMac[460]: disposing
default    03:13:01.496959-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)] in state NESMVPNSessionStateDisposing: plugin NEVPNTunnelPlugin(com.blahblahnetwork.BlahBlahMac[460]) dispose complete
default    03:13:01.496997-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)] in state NESMVPNSessionStateDisposing: all plugins have disposed
default    03:13:01.497107-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Leaving state NESMVPNSessionStateDisposing
default    03:13:01.497143-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: Entering state NESMVPNSessionStateIdle
default    03:13:01.497245-0700    nesessionmanager    NESMVPNSession[Primary Tunnel:BlahBlah Apple Tunnel:49096005-38B3-4AB1-8671-4B27E498A7B3:(null)]: status changed to disconnected, last stop reason Plugin was disabled
default    03:13:01.498100-0700    BlahBlahMac    Last disconnect error for BlahBlah Apple Tunnel changed from "none" to "The VPN app used by the VPN configuration is not installed"
default    03:13:03.733242-0700    runningboardd    Invalidating assertion 307-144-599 (target:executable<BlahBlahMac(501)>) from originator 144
default    03:13:03.844094-0700    runningboardd    [executable<BlahBlahMac(501)>:3661] Ignoring jetsam update because this process is not memory-managed
default    03:13:03.844198-0700    runningboardd    [executable<BlahBlahMac(501)>:3661] Set darwin role to: UserInteractiveNonFocal
default    03:13:03.844400-0700    runningboardd    [executable<BlahBlahMac(501)>:3661] Ignoring GPU update because this process is not GPU managed


Entitlements


// Host app

<dict>
  <key>com.apple.developer.networking.networkextension</key>
  <array>
  <string>app-proxy-provider-systemextension</string>
  <string>content-filter-provider-systemextension</string>
  <string>packet-tunnel-provider-systemextension</string>
  </array>
  <key>com.apple.developer.system-extension.install</key>
  <true/>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.application-groups</key>
  <array>
  <string>$(TeamIdentifierPrefix)com.blahblahnetwork.BlahBlahMac.Shared</string>
  </array>
  <key>com.apple.security.files.user-selected.read-only</key>
  <true/>
  <key>com.apple.security.network.client</key>
  <true/>
  <key>com.apple.security.network.server</key>
  <true/>
  <key>keychain-access-groups</key>
  <array>
  <string>$(AppIdentifierPrefix)com.apple.managed.vpn.shared</string>
  </array>
</dict>

// Network extension
<dict>
  <key>com.apple.developer.networking.networkextension</key>
  <array>
        <string>app-proxy-provider-systemextension</string>
        <string>content-filter-provider-systemextension</string>
        <string>packet-tunnel-provider-systemextension</string>
  </array>
  <key>com.apple.security.app-sandbox</key>
  <true/>
  <key>com.apple.security.application-groups</key>
  <array>
  <string>$(TeamIdentifierPrefix)com.blahblahnetwork.BlahBlahMac.Shared</string>
  </array>
  <key>com.apple.security.network.client</key>
  <true/>
  <key>com.apple.security.network.server</key>
  <true/>
  <key>keychain-access-groups</key>
  <array>
  <string>$(AppIdentifierPrefix)com.apple.managed.vpn.shared</string>
  </array>
</dict>
Up vote post of billwork Down vote post of billwork
1.7k views
Posted by
billwork
Reply
Add a Comment

Replies

Found out what causes the issue... I did not install my system extension at all.


Please check WWDC 2019 Sample code Filtering Network Traffic on how to install a system extension using "activationRequest" method.


You can also find an article which gives us a high level description on those APIs Installing System Extensions and Drivers


BTW, big thanks to eskimo for his instruction here and the summary on Network Extension Framework Entitlements

Posted by
billwork
Up vote reply of billwork Down vote reply of billwork
Add a Comment