mac Catalyst VPN fails to connect

I'm converting an iOS/iPad app to mac Catalyst. This app has a VPN feature built-in. It uses NEVPNManager to configure and start a VPN connection. Everything works ok on iOS, but once I try to connect with mac version the connection isn't established.

I found some strange logs in the console. One keychain error:
Code Block language
App (null): Failed to copy content, SecKeychainItemCopyContent returned The contents of this item cannot be retrieved.
App (null): SecKeychainItemFreeContent returned The contents of this item cannot be retrieved.

One kernel/sandbox error:
Code Block language
Sandbox: App(30269) deny(1) mach-lookup com.apple.networking.captivenetworksupport

And one NESMIKEv2VPNSession failed attempt to initialise a tunnel:
Code Block language
NESMIKEv2VPNSession[Primary Tunnel:App Wi-Fi Protection:5713FD9D-3998-4273-9C8B-6B5F82D86696:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.apple.NetworkExtension.IKEv2Provider[1462]) disconnected with reason Plugin failed


I made sure that everything in the app capabilities matches those in the provisioning profile.
Following capabilities are enabled:

Keychain Sharing
Personal VPN
Network Extension
App Sandbox

Is there a way how to get rid of errors mentioned above?
Is it even possible to create a VPN connection using NEVPNManager and NEVPNProtocolIKEv2 with mac Catalyst?


Complete logs are in the attachment.




I'm converting an iOS/iPad app to mac Catalyst. This app has a VPN feature built-in. It uses NEVPNManager to configure and start a VPN connection. Everything works ok on iOS, but once I try to connect with mac version the connection isn't established.

Accessing Keychain assets in Mac Catalyst can run into issues because of how the APIs access these resources under the hood in iOS and macOS, I suspect that is why you are receiving "The contents of this item cannot be retrieved." I would recommend opening a bug for this with your specific use case and the logs you have attached.

Is it even possible to create a VPN connection using NEVPNManager and NEVPNProtocolIKEv2 with mac Catalyst?

I'm not sure how your VPN or user experience is structured, but you could go to a username and password based authentication and then see if that at least gets you connecting, and continue to test further options for there. Note, that if you move in this direction you will most likely need to have the user enter the password by hand instead of using the keychain.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
mac Catalyst VPN fails to connect
 
 
Q