Issue Description:
When VPN packet tunnel provider is configured as Full tunnel with Tunnel routes as below,
tunnelProvider.protocolConfiguration.includeAllNetworks = YES;
tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO;
tunnelProvider.protocolConfiguration.enforceRoutes = NO;
and saved to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” After saving the configuration to preferences and after receiving the NEVPNConfigurationChangeNotification we are starting the tunnel using “startVPNTunnelWithOptions”.
Not able to connect to VPN only from iOS 17 and above devices and internet is getting blocked throughout the device after trying to the start tunnel. Once this issue is occurred, need to restart the device to get the internet connection back.
On iOS 16 and Below:
Able to successful connect and start VPN tunnel.
On iOS 17 and Later:
Not able to connect to VPN. VPN tunnel status is getting changed from connecting to disconnected. Internet on the device is getting blocked after VPN gets disconnected. Need to restart the device to get the internet connection back.
We can see the below device console logs:
After applying the above NETunnelProviderManager preferences and starting the tunnel, we can see that the VPN status is changed to connecting,
14:59:22.599515+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to connecting
Later we can see the status is getting changed to Disconnected:
14:59:23.588634+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to disconnected, last stop reason None
14:59:23.589042+0530. nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: Updated network agent (inactive, compulsory, not-user-activiated, not-kernel-activated)
After this receiving the NEVPNStatusChanged notification in our application and NEVPNStatus is changed to Disconnected.
When checked the reason for disconnect using “fetchLastDisconnectErrorWithCompletionHandler” on NEVPNConnection, we can see below
Error string : The VPN session failed because an internal error occurred
Error code : 12
After sometime I see that the VPN status is again changed back to connecting,
14:59:24.615125+0530 nesessionmanager NESMVPNSession[Primary Tunnel:bng-pcs-gateway.pulsesecure.net/pulse:24711A15-54C6-44C7-987D-65B7BFF3F294:(null)]: status changed to connecting
But by this time there is no internet connection across device.
Steps to reproduce:
- Configure VPN packet tunnel provider as Full tunnel with Tunnel routes(as mentioned above)
- Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler”
- Try to connect to VPN
- From iOS 17 and above its observed that, not able to connect to VPN and internet connection in the device is getting blocked
Queries: From the above observation my queries are,
- Why are we receiving the Disconnected state during connection?
- Why is this issue occurring only with iOS 17 and above device?
- What changes specifically done around tunnel from iOS 17 and above?
