How to remove all existing managers from NETunnelProviderManager?

Question

Created Feb ’22

Replies 3

Boosts 0

Participants 2

I have come across a problem when using a NetworkExtension in Swift to utilise OpenVPN or Wireguard with the NETunnelProviderManager.

I have the following code in the ViewDidLoad() of my mainViewController. I don't load it twice, and it works fine when using the Apple integrated IKEv2.

NotificationCenter.default.removeObserver(self, name: NSNotification.Name.NEVPNStatusDidChange, object: nil)
NotificationCenter.default.addObserver(self, selector: #selector(vpnStatusDidChange(_:)), name: NSNotification.Name.NEVPNStatusDidChange, object: nil)

But when I use OpenVPN or Wireguard via the Networkextension, these network-status-change-events keep firing n+1 upon each connection. First time it fires once. Second time I connect and disconnect, I see the network-statuses has fired twice, then three times etc.

I have been researching a lot and couldn't find a solution. But I found a possible workaround:

func loadTunnelProviderManager(completion:@escaping () -> Void) {
        NETunnelProviderManager.loadAllFromPreferences { (managers, error) in
            if error == nil {
                self.tunnelProviderManager = managers?.first ?? NETunnelProviderManager()
                completion()
            }
        }
    }

If I don't retrieve managers?.first and instantiate it each time instead:

self.tunnelProviderManager = NETunnelProviderManager()

Then the issue is resolved. However every time I connect to the VPN, inevitably a new VPN config is also created in the settings, which is not ideal.

TL;DR

Long story short, how do I delete all existing managers before instantiating a new NETunnelProviderManager? I know this might go against the convention, but it will solve the issue.

Boost

Answer 1

Systems Engineer OP

Apple

Feb ’22

If you match your currently existing managers from the callback of loadAllFromPreferences and then only add a VPN status observer to the new managers, does this solve the problem?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0

Answer 2

houmie OP

Feb ’22

Hi Matt,

The loadAllFromPreferences returns only one manager in my case. I load different configurations for different VPN servers in the same manager. Hence I'm not sure what you mean by matching it. I have handled the observer in the MainViewController, like this:

override func viewDidLoad() {
    loadFromPreferences()
    NotificationCenter.default.addObserver(self, selector: #selector(vpnStatusDidChange(_:)), name:    NSNotification.Name.NEVPNStatusDidChange, object: nil)
}

func loadFromPreferences() {
        vpnManager.loadFromPreferences { (error) in
        }
}

This is how I'm listening to changes of NEVPNStatusDidChange. But this only works on the builtin IKEv2. If I use third party VPN frameworks that utilises the NetworkExtension framework, then it doesn't behave correctly.

Do you think I should be doing the observer differently? Thanks

0

Answer 3

Systems Engineer OP

Apple

Feb ’22

The loadAllFromPreferences returns only one manager in my case. I load different configurations for different VPN servers in the same manager. Hence I'm not sure what you mean by matching it.

Okay, I thought you were using multiple managers for different configurations. If you are using one, then you should be able to rebuild the same manager each time.

Regarding:

Do you think I should be doing the observer differently?

I typically start the observation when startVPNTunnel is run and then pass in the NEVPNConnection to be used in your object argument. For example:

NotificationCenter.default.addObserver(self, selector: #selector(managerDidChangeState), name:  NSNotification.Name.NEVPNStatusDidChange, object: manager.connection)


@objc
func managerDidChangeState() {
    switch manager.connection.status {
    case ...
}

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

0