NEVPNManager + NEDNSSettingsManager - "permission denied" Error

App & System Services Networking
juraj_ivpn OP
Created Feb ’21
Replies 6
Boosts 0
Views 2.0k
Participants 2
My app is used to manage a Personal VPN configuration with NEVPNManager and a DNS settings configuration with NEDNSSettingsManager.

Both configurations work as expected when used separately, but after DNS settings configuration is saved, saving Personal VPN configuration returns an error:

Code Block 
Error Domain=NEConfigurationErrorDomain Code=10 "permission denied" 


In a different order, when DNS configuration is saved and enabled after saving the VPN configuration, disconnecting VPN disables previously enabled DNS configuration.

Tested on:

  • iOS 14.4

  • iOS 14.5 Beta 2

Source code:
https://github.com/jurajhilje/DOHIKEv2Demo

Answered by Systems Engineer in 663472022

I got some logs and i see an error message you suspected:
Do you know of a possible workaround for this conflict?

Thanks. First I would open an enhancement request for this exact scenario; using NEVPNManager and NEDNSSettingsManager together from one container application.

Next, regarding a workaround, I would create a separate container app for each NEVPNManager and NEDNSSettingsManager, that way they both will be mapped back to different bundle identifiers.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Replies  6
Boosts  0
Views  2.0k
Participants  2
Systems Engineer OP
Apple
Feb ’21

Both configurations work as expected when used separately, but after DNS settings configuration is saved, saving Personal VPN configuration returns an error:

I am wondering if there is an identifier conflict here from using these two configurations from the same container app. To find out more can you capture any relevant logs from the Console.app from the start of the test to the end and add any of these logs here. Please redact any sensitive information.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
juraj_ivpn OP
Feb ’21
Hi Matt, thanks for a quick response!

I got some logs and i see an error message you suspected:

Code Block 
Failed to save configuration: Error Domain=NEVPNErrorDomain Code=5 "permission denied" UserInfo={NSLocalizedDescription=permission denied}
error	18:13:58.559906+0100	nehelper	DOHIKEv2Demo trying to save a new personal VPN configuration with identifier 02104B62-C78E-49F7-8C65-07BDB9CE774F, but a configuration ({
    ConfigurationProperties =     {
        "BA7E6598-36E9-4CDD-9AD1-C6C3AA5CA21A" =         {
            ApplicationID = "com.jurajhilje.DOHIKEv2";
            Signature = {length = 20, bytes = 0x63755815c4d8e943b535a3844d36458d65f4a173};
        };
    };
    UserMap =     {
        "FFFFEEEE-DDDD-CCCC-BBBB-AAAA000001F5" =         (
            "BA7E6598-36E9-4CDD-9AD1-C6C3AA5CA21A"
        );
    };
}) already exists for application identifier com.jurajhilje.DOHIKEv2


I'm sending full logs in the attachment.

Do you know of a possible workaround for this conflict?

com.jurajhilje.DOHIKEv2-logs.txt


0
Systems Engineer OP
Apple
Feb ’21
Accepted Answer

I got some logs and i see an error message you suspected:
Do you know of a possible workaround for this conflict?

Thanks. First I would open an enhancement request for this exact scenario; using NEVPNManager and NEDNSSettingsManager together from one container application.

Next, regarding a workaround, I would create a separate container app for each NEVPNManager and NEDNSSettingsManager, that way they both will be mapped back to different bundle identifiers.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
1
juraj_ivpn OP
Feb ’21
Aye, will do.

Thanks!
0
juraj_ivpn OP
Apr ’21
Feedback ID: 9017446
0
Systems Engineer OP
Apple
Apr ’21

Feedback ID: 9017446

Thank you. I see your bug internally and it looks like it has landed in the right spot.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
NEVPNManager + NEDNSSettingsManager - "permission denied" Error
First post date Last post date
 
 
Q