Packet Tunnel Provider - sleep/wake

I've implemented a custom VPN for macOS (system extension, Packet Tunnel Provider). I've configured disconnectOnSleep = false, and at the Provider I've implemented the sleep() and wake() functions.

At the wake() func, I'm trying to re-establish the connection, and most of the time it's working well.

However, there are times when even after wake() is called, it seems that the interfaces aren't ready/available, and I'm getting "Network is unreachable" errors (I'm working with BSD Sockets).

  • Any idea why the interfaces aren't available at this point, after wake() had been called?
  • Any idea on how to be updated when the interfaces are available?
Up vote post of roee84 Down vote post of roee84
1.4k views
Posted by
roee84
Reply
Add a Comment

Accepted Reply

For a temp solution, do you think that using something like Reachability at the extension would help me know when the interface is available?

I would avoid Reachability for any solution, even a temp one. As a way to bootstrap your nw_connection_t migration you could start up a connection from there and wait until it goes into the ready state to take action.

Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment

Replies

Any idea why the interfaces aren't available at this point, after wake() had been called?

I generally think that the interfaces are still coming back up and are not completely ready at this point.

Which segues perfectly into:

Any idea on how to be updated when the interfaces are available? (I'm working with BSD Sockets).

Network Framework has state handling built in to handle situations like this, where BSD sockets will fail. For example, try using nw_connection_t in this situation and I suspect your connection will go into the nw_connection_state_waiting and then when the interface is completely available, the connection should go into nw_connection_state_ready.

Posted by
meaton
Post not yet marked as solved Up vote reply of meaton Down vote reply of meaton
Add a Comment

Thanks! We have a task to replace the BSD socket, but it will take some time. For a temp solution, do you think that using something like Reachability at the extension would help me know when the interface is available?

Posted by
roee84
Up vote reply of roee84 Down vote reply of roee84
Add a Comment

For a temp solution, do you think that using something like Reachability at the extension would help me know when the interface is available?

I would avoid Reachability for any solution, even a temp one. As a way to bootstrap your nw_connection_t migration you could start up a connection from there and wait until it goes into the ready state to take action.

Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment

Before I saw your reply I tried to use NWPathMonitor to get available Interfaces, and even though en0 and en7 were 'available', I still got the 'no network' error sometimes. I'll try your suggestion with nw_connection_t and I'll update. Thanks!

Posted by
roee84
Up vote reply of roee84 Down vote reply of roee84
Add a Comment