Connect On Demand not working as predicted on macOS browsers except Safari

We set below rule for IKEv2 / IPSec / NETunnelProviderManager custom protocols. where trusted domain contains www.whatismyipaddress.com and manually connected to VPN.

NEEvaluateConnectionRule *evalConnectionRule = [[NEEvaluateConnectionRule alloc] initWithMatchDomains:self.trustedDomains
                                                                                                        andAction:NEEvaluateConnectionRuleActionNeverConnect];
            
            NEOnDemandRuleEvaluateConnection *onDemandRule = [NEOnDemandRuleEvaluateConnection new];
            onDemandRule.connectionRules = @[ evalConnectionRule ];
            [activeRules addObject:onDemandRule];
[NEVPNManager sharedManager].onDemandRules = [evalConnectionRule];
[NEVPNManager sharedManager].onDemandEnabled = YES;
[NEVPNManager sharedManager].enabled = YES;
[[NEVPNManager sharedManager].connection startVPNTunnelAndReturnError:&connError];

www.whatismyipaddress.com shows correct public IP address and www.whatismyip.com shows correct VPN server address on Safari.

Above code snippet working fine on iOS / iPadOS on all bowsers but not on macOS browsers except Safari.

Is there something I'm missing here? Are there other settings that we have to configure in our NEVPNManager/NETunnelProviderManager for macOS specifically?

We are testing this in macOS Ventura.

Answered by DTS Engineer in 764222022

Above code snippet working fine on iOS / iPadOS on all bowsers but not on macOS browsers except Safari.

The most common cause of such problems is that the browser is not using one of our connect-by-name APIs. iOS browsers use WebKit, and WebKit use a connect-by-name API. Likewise for Safari on macOS. Third-party browsers on macOS can, and typically do, use their own networking stack, typically based on BSD Sockets, and this has problems with connect-by-name.

I recommend that you find a browser that has this problem and is open source and look at how its networking stack works.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Accepted Answer

Above code snippet working fine on iOS / iPadOS on all bowsers but not on macOS browsers except Safari.

The most common cause of such problems is that the browser is not using one of our connect-by-name APIs. iOS browsers use WebKit, and WebKit use a connect-by-name API. Likewise for Safari on macOS. Third-party browsers on macOS can, and typically do, use their own networking stack, typically based on BSD Sockets, and this has problems with connect-by-name.

I recommend that you find a browser that has this problem and is open source and look at how its networking stack works.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Connect On Demand not working as predicted on macOS browsers except Safari
 
 
Q