NEPacketTunnelProvider Cannot Be Started

App & System Services Networking
YuanCan OP
Created Apr ’23
Replies 4
Boosts 0
Views 437
Participants 2

Hi There, I am using NETunnelProviderManager to configure and start a NEPacketTunnelProvider on macOS. Most of time, it works just fine, however, under some edge cases, NEPacketTunnelProvider will not start and NEVPNConnectionStatus changes directly from NEVPNStatusConnecting to NEVPNStatusDisconnected from the NEVPNStatusDidChangeNotification I received. What is the best way to handle this edge case? It seems like normally retry the startVPNTunnelWithOptions:andReturnError: shortly after would just fix the issue somehow.

Core logic to start the NEPacketTunnelProvider:

...
[manager 
  loadFromPreferencesWithCompletionHandler:^(NSError *loadError) {
  [self observeConnection:manager.connection];
  NSError *error;
  BOOL success = [manager.connection 
    startVPNTunnelWithOptions:options andReturnError:&error];
  NSLog(@"start tunnel succeeded: %d error: %@", success, error);
}];

...

- (void)vpnConnectionDidChange:(NSNotification *)notification {
  NEVPNConnection *connection = 
     (NEVPNConnection *)notification.object;
  NSLog(@"connection.status: %ld", (long)connection.status);
}

NEPacketTunnelProvider code to verify the provider is started

@implementation MyMacPacketTunnelProvider {
- (instancetype)init {
  NSLog(@"tunnel init");
  ...
}

- (void)startTunnelWithOptions:(NSDictionary<NSString *, id> *)options
             completionHandler:(void (^)(NSError *_Nullable error))completionHandler {
  NSLog(@"startTunnelWithOptions called");

Logs when hitting edge case:

start tunnel succeeded: 1, andReturnError: (null)
connection.status: 2
connection.status: 2
connection.status: 1
connection.status: 1
connection.status: 1

Logs happy path:

start tunnel succeeded: 1, andReturnError: (null)
connection.status: 2
connection.status: 2
tunnel init
startTunnelWithOptions called
connection.status: 3
connection.status: 3

In case of an exception, it feels like the VPN service is not enabled. None of the init methods in MyMacPacketTunnelProvider are called.

This problem was reported by users. I tested various possible scenarios myself, but none of them reproduced. Users also only have this problem occasionally, and cannot reproduce it stably, nor can they capture related logs.

This doesn't look like a code logic problem, is this a bug in the iOS system? Under what circumstances will this problem occur? How can I solve it?

Please get back to me with this question ASAP, my client is waiting for me to fix this, thanks.

Answered by YuanCan in 752210022

ios

Replies  4
Boosts  0
Views  437
Participants  2
DTS Engineer OP
Apple
May ’23

I am using NETunnelProviderManager to configure and start a NEPacketTunnelProvider on macOS.

This doesn't look like a code logic problem, is this a bug in the iOS system?

Is this macOS or iOS?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
YuanCan OP
May ’23
Accepted Answer

ios

0
YuanCan OP
May ’23

  1. This problem happens on iOS system.

  2. This problem occurs in multiple models and multiple systems, not in a specific iOS system or phone model.

  3. I've found several similar questions on the Apple Developer Forums, but none seem to have a final solution.

Similar problem:

VPN not starting: https://developer.apple.com/forums/thread/678399

NEPacketTunnelProvider Cannot Be Started
https://developer.apple.com/forums//thread/729069

0
DTS Engineer OP
Apple
May ’23

I've found several similar questions on the Apple Developer Forums, but none seem to have a final solution.

Note that your second link is just a link to this thread. Did you mean to post a link to some other thread?

Anyway, problems like this are hard to track down. If you’re able to reproduce it with any degree of reliability, please do the following:

  1. Install the VPN (Network Extension) for iOS debug profile on the device. Get this from our Bug Reporting > Profiles and Logs page.

  2. Reproduce the problem.

  3. Immediately thereafter, trigger a sysdiagnose.

  4. File a bug, including that sysdiagnose log and a rough timestamp of when you hit the problem.

Please post your bug number here, just for the record.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
NEPacketTunnelProvider Cannot Be Started
First post date Last post date
 
 
Q