NEVPNProtocolIPSec unavailible on Apple TV?

Question

dosipa OP

Created Jul ’23

Replies 3

Boosts 0

Participants 3

I'm porting my VPN app to tvOS 17. Here's some code which works just fine in iOS but doesn't in tvOS 17:

 func toggleVPN() {
    let vpnManager = NEVPNManager.shared()

    vpnManager.loadFromPreferences { (error) in
      if let error = error {
        print("Could not load VPN Configurations: \(error.localizedDescription)")
        return
      }

      if vpnManager.connection.status == .connected || vpnManager.connection.status == .connecting {
        vpnManager.connection.stopVPNTunnel()
      } else {
        vpnManager.isEnabled = true
        vpnManager.isOnDemandEnabled = true
        vpnManager.localizedDescription = "tvpn"
        let p = NEVPNProtocolIPSec()
        p.authenticationMethod = .sharedSecret // or .certificate
        p.serverAddress = <REDACTED>
        p.username = "client"
        p.useExtendedAuthentication = true
        // Retrieve password and shared secret references from the keychain

        let secretData = <REDACTED>.data(using: .utf8)!
        let passData = <REDACTED>.data(using: .utf8)!
        p.sharedSecretReference = try! VPNKeychain.persistentReferenceFor(service: "vpn", account: "SharedSecret", password: secretData) // I took this part from Apple dev forums, it's tested in iOS
        p.passwordReference = try! VPNKeychain.persistentReferenceFor(service: "vpn", account: "Password", password: passData)

        vpnManager.protocolConfiguration = p
        vpnManager.saveToPreferences { (error) in
          if let error = error {
            print("Could not save VPN Configurations: \(error.localizedDescription)")
            return
          }

          do {
            try vpnManager.connection.startVPNTunnel()
          } catch {
            print("Could not start VPN Connection: \(error.localizedDescription)")
          }
        }
      }
    }
  }

in iOS the VPN connects successfully, however in tvOS saveToPreferences returns error Code 1: Could not save VPN Configurations: Missing protocol or protocol has invalid type

Another thing I noticed, that there's no com.apple.developer.networking.vpn.api entitlement for tvOS, but NEVPNManager is available there according to documentation.

Could you advise what's the problem with my code?

Boost

Answer 1

DTS Engineer OP

Apple

Jul ’23

NEVPNManager is available there according to documentation

Right. Remember that NEVPNManager serves two roles:

You use it directly for Personal VPN.
You use its subclass, NETunnelProviderManager, when configuring an NE tunnel provider.

Support for the latter does not necessarily imply support for the former.

I’m not sure whether tvOS 17 beta is meant to support Personal VPN, but the fact that you can’t use the necessary entitlement means it’s not going to work right now. If you’d like to see that change, I recommend that you file a bug about this.

Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 2

HusseinKandil OP

Sep ’23

@eskimo Hello can you please tell me how to use Personal VPN subclass, NETunnelProviderManager

0

Answer 3

DTS Engineer OP

Apple

Sep ’23

can you please tell me how to use Personal VPN subclass, NETunnelProviderManager

Personal VPN doesn’t use NETunnelProviderManager.

iOS supports two types of VPN:

Personal VPN, where a simple app creates a VPN configuration for the built-in VPN transports, like IKEv2
NE VPN provider, where you have an app with an embedded Network Extension provider app extension that implements a custom VPN transport

NETunnelProviderManager is only relevant to the second, not the first.

tvOS 17 adds support for the second, not the first.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0