Is it possible to distribute a macOS Network Extension app outside the Mac AppStore without having to use a System Extension?

App & System Services Core OS
gordonfrommilton OP
Created May ’22
Replies 1
Boosts 0
Views 887
Participants 3

In reference to this related question: forum question 678260

I have an application that is codesigned and notarized to install a VPN extension using the NextworkExtension plugin. It works great in Xcode in debug.

In release builds that are notarized the network extension is rejected when I try to load it. The only way we were able to get the extension to load is by going through the system extension API.

**Quinn, is it possible to distribute Developer ID-signed apps that install NetworkExtension components outside the App Store without having to use System Extension? **

The 4 UIs that the user has to jump through to allow System Extensions is going to be a huge problem for non-technical user base.

CONSOLE output when installed from a notarized pkg:

NEVPNTunnelPlugin(com.foo.bar[inactive]): Validation of the extension failed

and

Provider com.foo.bar validation failed: Error Domain=NEFilterErrorDomain Code=1 "(null)"

Answered by Systems Engineer in 712444022

I will let Quinn weigh in here but I just wanted to mention that if your are distributing a NEPacketTunnelProvider via Developer ID you will need to use a Network System Extension.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Replies  1
Boosts  0
Views  887
Participants  3
Systems Engineer OP
Apple
May ’22
Accepted Answer

I will let Quinn weigh in here but I just wanted to mention that if your are distributing a NEPacketTunnelProvider via Developer ID you will need to use a Network System Extension.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
2
Is it possible to distribute a macOS Network Extension app outside the Mac AppStore without having to use a System Extension?
First post date Last post date
 
 
Q