Personal VPN install error

We have an app that among other things installs a Personal VPN. This has been working fine for many years but recently we have gotten reports from customers that they are getting an error when installing the VPN. This has only started happening on iOS/iPadOS 17. I hadn't been able to reproduce the issue myself until I tried on an iPad with iPadOS 17.1.1 installed and this actually ties in with one of the customer reports.

When I get the error I see the following:

Xcode debug console:

Updating selectors after delegate addition failed with: Error Domain=NSCocoaErrorDomain Code=4099 "The connection to service with pid 90 named com.apple.commcenter.coretelephony.xpc was invalidated from this process." UserInfo={NSDebugDescription=The connection to service with pid 90 named com.apple.commcenter.coretelephony.xpc was invalidated from this process.}

Failed to save configuration [App Name]: Error Domain=NEConfigurationErrorDomain Code=10 "permission denied" UserInfo={NSLocalizedDescription=permission denied} Failed to save configuration: Error Domain=NEVPNErrorDomain Code=5 "permission denied" UserInfo={NSLocalizedDescription=permission denied}

Mac Console:

Saving configuration [App Name] with existing signature (null)

Failed to save configuration [App Name]: Error Domain=NEConfigurationErrorDomain Code=10 "permission denied" UserInfo={NSLocalizedDescription=permission denied} Failed to save configuration: Error Domain=NEVPNErrorDomain Code=5 "permission denied" UserInfo={NSLocalizedDescription=permission denied}

When the error occurs you don't even see the system prompt to allow the VPN be installed. We are using the code below to save the configuration and as stated it fails when trying saveToPreferences without ever showing the prompt

private func setup(with vpnProtocol: NEVPNProtocol, rules: [NEOnDemandRule], completion: @escaping VPNConfigurationCompletionHandler) {
    let setupBlock: (NEVPNManager) -> () = {manager in
        manager.isEnabled = true
        manager.isOnDemandEnabled = true
        manager.localizedDescription = L("app.vpn.description")
        manager.protocolConfiguration = vpnProtocol
        manager.onDemandRules = rules
        manager.saveToPreferences { (error) in
            completion(self.extractErrorCode(from: error))
        }
    }
    
    vpnManager.loadFromPreferences { (error) in
        if error == nil {
            setupBlock(self.vpnManager)
        } else {
            completion(.generalFailure)
        }
    }
}

Any suggestions as to what may be going wrong?

Thanks Alan

Up vote post of AlanC74 Down vote post of AlanC74
470 views
Posted by
AlanC74
Reply
Add a Comment

Replies

My general advice for Personal VPN problems is that you start by creating a configuration profile that embodies the VPN settings you’re trying to apply. That rules out any incompatibilities down at the VPN layer.

In this case it’s probably worth doing, just to be sure, but I doubt it’ll reveal anything interesting. This seems to be an issue with applying the settings in the first place. I recommend that you file a bug about that. When doing that, follow the VPN (Network Extension) for iOS instructions on our Bug Reporting > Profiles and Logs page; by doing that your sysdiagnose log will capture more info relevant to VPN.

Please post your bug number, just for the record.

I tried on an iPad with iPadOS 17.1.1 installed and this actually ties in with one of the customer reports.

Do you think that all users with that configuration are having this problem? Or is it just some subset?

In the latter case, there’s likely something about the user’s configuration that’s triggering this, and a potential way to clear that is to reset the device’s network settings. Have any of your affected user’s tried that?

Note You probably don’t want to try this on your iPad because, if it does clear the problem, it leaves you without a device on which to test any potential fix.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Thanks for response Quinn

My general advice for Personal VPN problems is that you start by creating a configuration profile that embodies the VPN settings you’re trying to apply. That rules out any incompatibilities down at the VPN layer.

In this case it’s probably worth doing, just to be sure, but I doubt it’ll reveal anything interesting. This seems to be an issue with applying the settings in the first place. I recommend that you file a bug about that. When doing that, follow the VPN (Network Extension) for iOS instructions on our Bug Reporting > Profiles and Logs page; by doing that your sysdiagnose log will capture more info relevant to VPN.

I tried configuring via a profile and it worked as expected so I have logged a bug: FB13384090

Do you think that all users with that configuration are having this problem? Or is it just some subset?

I would guess it's a subset or we would have heard more via our support team.

In the latter case, there’s likely something about the user’s configuration that’s triggering this, and a potential way to clear that is to reset the device’s network settings. Have any of your affected user’s tried that?

I actually tried this yesterday before posting but it didn't fix the issue.

Thanks again.

Posted by
AlanC74
Up vote reply of AlanC74 Down vote reply of AlanC74
Add a Comment