Which instance of our NEPacketTunnelProvider is running under macOS?

Hi there.

We are developing a VPN app with a NEPacketTunnelProvider extension. Sometimes when we run our app it seems like macOS is just choosing any random version of the extension available on disk. We are logging with os_log in NEPacketTunnelProvider init() and sometimes it doesn't run the AppExtension inside the bundle of the app that we are currently running? Very strange. How can we make sure that it's running the correct NEPacketTunnelProvider inside the app bundle? Or how can we make sure there are no other instances of the PacketTunnel extension available that the system can try to run? macOS seems to be happy with the first extension it finds with the appropriate bundle identifier? Anyone else having this problem? Is the extension copied somewhere else in the system when the app is running? This is confusing...

Best regards / Jorgen at Clavister in Sweden

Up vote post of jogga Down vote post of jogga
725 views
Posted by
jogga
Reply
Add a Comment

Replies

How can we make sure that it's running the correct NEPacketTunnelProvider inside the app bundle?

Are there multiple Packet Tunnel App Extension that you are running, or do you suspect that you have multiple lingering around still?

When I test this locally, I build a Development signed copy of the container app and then test the execution and from the /Applications folder. When I am done I stop the Network Extension, exit the container app, delete the container app, and make sure that the Network Extension is deleted as well. Furthermore, you should be able to see if the Network Extension is still running by logging the subsystem logs in a terminal. You can also look for the PID in Activity Monitor if you have concerns. Running and cleaning up from the /Applications folder should get you going here.

Personally, I avoid things like turning off SIP or running directly from Xcode as I feel it can mask problems that crop up as a result of running from a real execution context, but that is just my preference.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton

  • Hi Matt and thank you for your answer. I guess we had different versions of the app lingering around in the system. When everything was properly cleaned up it seems to work as expected. We are extra careful to check the logs now so we know that it's the proper version of the PacketTunnel that is running. Best regards / Jorgen / Clavister

    jogga
Add a Comment