VPN (PacketTunnelProvider extension) won't connect after App Store upgrade

Some users are unable to connect our PacketTunnelProvider-based VPN after upgrading our app from the Mac App Store. It might be related to whether or not you're connected at the time of the upgrade (or if our extension is loaded). Without TestFlight on the Mac it's tough to repro - we only get one shot per machine.

After the upgrade our app launches, but hitting the connect button doesn't do anything, and it generates neagent and nesessionmanager console errors.

We've found that killing our extension process fixes the issue in at least some cases, as does rebooting the Mac (which would also kill the process).

I see appstoreagent killing our app, and it looks like nehelper is getting the message that the VPN profiles are now associated with the new app:

Code Block
default 14:28:32.154902-0700 nehelper App for configuration 65.154.227.166 (com.netmotionwireless.MobilityOSX) changed

After the app restarts and the user tries to connect there are errors:

Code Block
error 14:28:39.323170-0700 neagent [u 7A49BFF0-7089-4B8D-BD2E-397E6551737D:m (null)] [<private>(<private>)] Hub connection error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 0 named com.netmotionwireless.MobilityOSX.Extension" UserInfo={NSDebugDescription=connection to service on pid 0 named com.netmotionwireless.MobilityOSX.Extension}
error 14:28:39.323797-0700 nesessionmanager NEVPNTunnelPlugin(com.netmotionwireless.MobilityOSX[453]): Validation of the extension failed
error 14:28:39.323570-0700 neagent Failed to start extension com.netmotionwireless.MobilityOSX.Extension: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 0 named com.netmotionwireless.MobilityOSX.Extension" UserInfo={NSDebugDescription=connection to service on pid 0 named com.netmotionwireless.MobilityOSX.Extension}

On appstoreagent performing the upgrade, should we expect that -stopTunnelWithReason: is called on the extension? If not can we rely on our app's -applicationShouldTerminate being called?

Any thoughts about what to look for, or strategies for simulating an App Store upgrade?


If not can we rely on our app's -applicationShouldTerminate being called?

I would not rely on this to always be called in this situation as the host app / network extension may have different application lifecycles. I would open a bug report for what you are seeing. I know the update process on the iOS side, from TestFlight, has resulted in some bugs similar to what you are seeing, so it would be good to get this recorded as well. Please open a bug report here and respond back on this thread with the Feedback ID.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
VPN (PacketTunnelProvider extension) won't connect after App Store upgrade
 
 
Q