Hi,
I developed a network extension (packet-tunnel) to implement per-app vpn. And it works well now.
The "OnDemandMatchAppEnabled" is enabled, and the managed app can start the vpn on-demand.
But how can I stop the network extension if I closed the managed app?
It seems that the packet tunnel will be always running since the on-demand start.
Hi wangxy.
If I understand it correctly, you would like to stop the tunnel when the container app is closed? As far as I understand, the whole point of implementing a tunnel via a Network Extensions is the extenstion is allowed to keep running in the background regardless of the status of the container app. This, in conbination with your on-demand rules, should ensure that the user's traffic gets rerouted even when the container app is not running (which may be often the case at either the user or the system could shut it down at any point). If you want to switch the VPN off after you have shut down the containet app, you should be able to do so from the VPN section in Settings.
Hi m.digimat,
Thanks for your answer!
What I mean is that the packet tunnel is started by an MDM managed app by on-demand (actually, it is a per-app vpn). The tunnel has not been started by container app before. All the authentication information is in the configuration profile, the procedure of authentication is completing in network extension (without container app).
After I closed the app that can route its traffic to the tunnel, is there a way to notify the packet tunnel it should be stopped?
I have the similar question but could not find any answer.
E.g. I'd like to use per-app vpn and setup apprules as appRules = ( { matchSigningIdentifier = com.apple.mobilesafari matchDomains = ( google.com, ) },
Question: 1. Do I need to setup onDemandEnabled = YES to make sure appRules is working? 2. How to make sure if I close the safari, the vpn is disabled? i.e. Traffic from other apps won't go through VPN?
Thanks, Yanhua