Sleep + on demand rules

App & System Services Networking
roee84 OP
Created Aug ’21
Replies 3
Boosts 0
Views 716
Participants 2

I've implemented a custom VPN app for macOS (Packet Tunnel Provider)

The VPN has the following conf: disconnectOnSleep = true tunnelProviderManager.isOnDemandEnabled = true tunnelProviderManager.onDemandRules = [NEOnDemandRuleConnect()]

So the VPN should be 'almost always-on' - it should connect whenever possible (the only rule is to 'always' connect) Also, the OS should kill the VPN when the Mac enters sleep, and restart it when the Mac awakes.

The question: Some customers complained that sometimes after sleep/awake, the Mac loses all traffic. From the logs it seems that the Mac enters sleep, and then immediately the OS restarts the VPN (probably because of the 'connect' rule). This process can happen multiple times in a row: Sleep (disconnect VPN), and then immediately the state is changing to 'connecting' again. Then sleep->connecting, and so on..

How can I prevent this from happening? If the Mac enters sleep, the OS shouldn't restart the VPN. Is it a bug? Can I change something at the on-demand rules to 'make it better' but to keep the same behavior?

Replies  3
Boosts  0
Views  716
Participants  2
Systems Engineer OP
Apple
Aug ’21

The question: Some customers complained that sometimes after sleep/awake, the Mac loses all traffic. From the logs it seems that the Mac enters sleep, and then immediately the OS restarts the VPN

If this is on Catalina over Wi-Fi, there was a known bug for this (r. 74473825). The workaround for this on Wi-Fi in Catalina was to use Ethernet when possible. This bug was fixed in Big Sur.

Regarding:

How can I prevent this from happening? If the Mac enters sleep, the OS shouldn't restart the VPN. Is it a bug? Can I change something at the on-demand rules to 'make it better' but to keep the same behavior?

If this is not happening in Catalina, then you should checkout your server logs when the extension hits the sleep function and the VPN is restarting. Possibly the VPN transport is going down and it's not properly reconnected on the wake cycle.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
1
roee84 OP
Aug ’21

Thanks for the reply! It's happening also on Big Sur.

"Possibly the VPN transport is going down and it's not properly reconnected on the wake cycle" I think this is the case, the question is how to solve it? One option I thought of is to unset disconnectOnSleep: This way when the Mac will enter sleep, the OS won't kill (and won't restart) the VPN, and I'll do it manually. Then I'll start it only on awake, and not before that.

Does it seem like a good approach? Any other solution to this problem? And lastly - should I open a bug for this behavior?

0
Systems Engineer OP
Apple
Aug ’21

It's happening also on Big Sur.

Ah, okay.

Regarding:

Does it seem like a good approach? Any other solution to this problem?

You may run into situations where the machine is asleep for an extended period of time and your transport simply cannot be re-establish because I am assuming the server would refuse it. In this case you would have not choice but to simple reconnect by hand and so I would investigate doing this as a first option.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Sleep + on demand rules
First post date Last post date
 
 
Q