VPN profile says "update required", doesn't load properties or init packet tunnel provider

App & System Services Networking
MarcoCarandenteDCL OP
Created Oct ’23
Replies 7
Boosts 1
Views 779
Participants 5

I'm setting up an app that will need to intercept all traffic on the device. Configuration is:

let manager = NETunnelProviderManager()
let protocolConfiguration = NETunnelProviderProtocol()

protocolConfiguration.providerBundleIdentifier = "com.***.PacketTunnelProvider"
protocolConfiguration.serverAddress = "VPN Server"
protocolConfiguration.providerConfiguration = ["key": "value"]
manager.protocolConfiguration = protocolConfiguration
manager.localizedDescription = "VPN Server"

The configuration is correctly saved but in the settings, the profile comes out with "Update required" and "must be updated by the developer before VPN Server can be connected"

Looking around the forums, I already checked the entitlements on the binary and everything comes out good:

<key>com.apple.developer.networking.networkextension</key>
<array>
<string>app-proxy-provider</string>
<string>packet-tunnel-provider</string>
</array>

on the main bundle and

	[Key] com.apple.developer.networking.networkextension
	[Value]
		[Array]
			[String] app-proxy-provider
			[String] packet-tunnel-provider

on packettunnelprovider.appex

When I try to start the tunnel with

func startProxyServer() {
        NETunnelProviderManager.loadAllFromPreferences { (managers, error) in
            if let error = error {
                print("Error loading preferences: \(error)")
                return
            }
            let manager = managers?.first(where: { $0.localizedDescription == "VPN Server" })
            
            manager!.loadFromPreferences { error in
                if let error = error {
                    print("Error loading preferences: \(error)")
                } else {
                    do {
                        try manager!.connection.startVPNTunnel(options: nil)
                        print("Started tunnel.")
                    } catch {
                        print("Failed to start tunnel: \(error)")
                    }
                }
            }
        }

putting a breakpoint will show that the profile gets loaded but it lacks completely the protocol configuration. Funnily enough, I don't get an error so I get to the "Started tunnel" code branch. Of course without the protocol configuration, even if the manager is "loaded" and connection.startVPNtunnel is called, the packettunnelprovider is never initialized and nothing actually starts.

Build targets are the same on both the main app and the packet tunnel provider target, and I tried lowering or raising them to no effect.

How to further debug this?

Replies  7
Boosts  1
Views  779
Participants  5
MarcoCarandenteDCL OP
Oct ’23

Going through the console, it actually seems that the profile is loaded properly:

NESMVPNSession[Primary Tunnel:XRTC Accelerator:6CB1FD0B-6268-4701-8968-2EE37DE109AC:(null)] starting with configuration: {
    name = ****
    identifier = 6CB1FD0B-6268-4701-8968-2EE37DE109AC
    applicationName = ***
    application = com.***.***
    grade = 1
    VPN = {
        enabled = YES
        onDemandEnabled = NO
        disconnectOnDemandEnabled = NO
        onDemandUserOverrideDisabled = NO
        protocol = {
            type = plugin
            identifier = E8C022C7-41EE-4627-B2CD-88CE84D2A1DD
            serverAddress = VPN Server
            identityDataImported = NO
            disconnectOnSleep = NO
            disconnectOnIdle = NO
            disconnectOnIdleTimeout = 0
            disconnectOnWake = NO
            disconnectOnWakeTimeout = 0
            includeAllNetworks = YES
            excludeLocalNetworks = YES
            excludeCellularServices = YES
            excludeAPNs = YES
            enforceRoutes = NO
            pluginType = com***
            authenticationMethod = 0
            providerConfiguration = {
                key = value,
            }
            providerBundleIdentifier = ***.PacketTunnelProvider
        }
        tunnelType = packet
    }
}

but then I get

[4768]: Tearing down XPC connection due to setup error: Error Domain=NEAgentErrorDomain Code=2 "(null)"

Any ideas on why this happens? Documentation on this error is quite sparse.

0
MarcoCarandenteDCL OP
Oct ’23

I also found this in the console:

Found 0 (0 active) registrations for ***.PacketTunnelProvider (com.apple.networkextension.packet-tunnel)

So I'm guessing the problem lies here. If any Apple dev is listening, this really oughta be an error that should be raised in the startVPNTunnel. Anybody have any idea on why this happens?

0
Anvesh_Prajapati OP
Feb ’24

Did anyone get the solution of this ? I am getting same error , i need help on this.

0
megaserj OP
Jun ’24

I have the same problem. Has anyone found the cause and solution for this issue?

0
garrow OP
Aug ’24

Any update on this issue, @ MarcoCarandenteDCL were you able to solve this issue?

I'll really appreciate if any info, clue on this subject is provided.

0
kkubkko OP
Aug ’24

Hey there!

Make sure of the following:

  • Your app and the extension targets have the same
    • minimum deployment target
    • version
  • Both targets contain necessary entitlements (depending on your NE type)
<key>com.apple.developer.networking.networkextension</key>
   <array>
   	<string>packet-tunnel-provider</string>
   </array>
  • Your network extension target bundle id just extends the main app bundle id
    • Main app: com.your.main.app
    • Extension: com.your.main.app.extension
  • Your main apps target contains YourNETarget.appex in Framework, Libraries, and Embeded Content section
0
garrow OP
Aug ’24

This could be an issue due to mis match in deployed OS and minimum OS version required.

In my case it turned out, default minimum OS was picked up and the device I was using for testing was on a lower version.

0
VPN profile says "update required", doesn't load properties or init packet tunnel provider
First post date Last post date
 
 
Q