initiating / executing network extension by an other network extension

Hi, We have an implementation of a tunnel packet provider, that works. We as well have an implementation of a dns proxy, that works.

However, when that is executed from our app all is great and the app initialize the extensions, but when the tunnel is opened from the settings app (VPN switch) that's execute the tunnel provider network extension.

How can I execute the dns proxy when the tunnel network extension is launched from settings, no success with launching it from the tunnel network extension, nor by local push notification.. any idea?

Up vote post of Reuven8e14 Down vote post of Reuven8e14
369 views
Posted by
Reuven8e14
Reply
Add a Comment

Replies

> We have an implementation of a tunnel packet provider

What platform are you working on?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

iOS, macOS M1

The desired resolute is: when the tunnel packet provider is launched by the settings app, the dns proxy will be triggered and launch as a resort of successful opening of the tunnel packet provider.

Thanks for any help on that!

Posted by
Reuven8e14
Up vote reply of Reuven8e14 Down vote reply of Reuven8e14
Add a Comment

> when the tunnel packet provider is launched by the settings app

Packet tunnel providers are not launched by Settings. Rather, they are launched by the system in response to configuration changes that the user makes settings. If the packet tunnel provider is embedded within your app, you can use NE APIs to do the sorts of things that the user does in settings (add a configuration, change it, remove it, and connect and disconnect).

You have much less control over an embedded DNS proxy. iOS only supports DNS proxies on managed devices — for the details, see TN3134 Network Extension provider deployment — which means that, in production [1], your app has no ability to change the proxy configuration. Rather, that’s controlled by the site manager who uses MDM to push configuration profiles.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

[1] As a convenience, the system allows Development-signed builds to manipulate DNS proxy configurations.

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Can the DNS Proxy network extension be launched by the system as a result of (dns proxy and packet tunnel provider network extensions are embedded in the native app):

  1. System launches packet tunnel provider network extension (as result of user switched on the VPN button in settings).
  2. Successful connection (packet tunnel is opened and connected).

Can that be done?

When a user is using the native app, the app uses the APIs and triggers / launches the packet tunnel provider. Then on success opening / connection the app launches the DNS Proxy. We would like to have the same abilities when the user triggers the packet tunnel provider from the settings app. Can that be done?

Posted by
Reuven8e14
Up vote reply of Reuven8e14 Down vote reply of Reuven8e14
Add a Comment

Just FYI for those following along at home, I’ll be helping Reuven8e14 in a different context.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment