My application needs local network access. When it is started for the first time, the user gets a prompt to enable local network access (as expected). The application is then shown as enabled in Privacy & Security / Local Network and local network access is working. If macOS is then shutdown and restarted, local network access is blocked for the application even though it is still shown as enabled in Privacy & Security / Local Network. Local network access can be restored either by toggling permission off and on in Privacy & Security / Local Network or by disabling and enabling Wi-Fi. This behaviour is consistent on Sequoia 15.1. It happens sometimes on 15.0 and 15.0.1 but not every time. Is my application doing something wrong or is this a Sequoia issue? If it is a Sequoia issue, is there some change I can make to my application to work around it?

Hello, I was able to use the TicTackToe code base and modify it such that I have a toggle at the top of the screen that allows me to start / stop the NWBrowser and NWListener. I have it setup so when the browser finds another device it attempts to connect to it. I support N devices / connections. I am able to use the NWParameters extension that is in the TickTackToe game that uses a passcode and TLS. I am able to send messages between devices just fine. Here is what I used extension NWParameters { // Create parameters for use in PeerConnection and PeerListener. convenience init(passcode: String) { // Customize TCP options to enable keepalives. let tcpOptions = NWProtocolTCP.Options() tcpOptions.enableKeepalive = true tcpOptions.keepaliveIdle = 2 // Create parameters with custom TLS and TCP options. self.init(tls: NWParameters.tlsOptions(passcode: passcode), tcp: tcpOptions) // Enable using a peer-to-peer link. self.includePeerToPeer = true } // Create TLS options using a passcode to derive a preshared key. private static func tlsOptions(passcode: String) -> NWProtocolTLS.Options { let tlsOptions = NWProtocolTLS.Options() let authenticationKey = SymmetricKey(data: passcode.data(using: .utf8)!) let authenticationCode = HMAC<SHA256>.authenticationCode(for: "HI".data(using: .utf8)!, using: authenticationKey) let authenticationDispatchData = authenticationCode.withUnsafeBytes { DispatchData(bytes: $0) } sec_protocol_options_add_pre_shared_key(tlsOptions.securityProtocolOptions, authenticationDispatchData as __DispatchData, stringToDispatchData("HI")! as __DispatchData) sec_protocol_options_append_tls_ciphersuite(tlsOptions.securityProtocolOptions, tls_ciphersuite_t(rawValue: TLS_PSK_WITH_AES_128_GCM_SHA256)!) return tlsOptions } // Create a utility function to encode strings as preshared key data. private static func stringToDispatchData(_ string: String) -> DispatchData? { guard let stringData = string.data(using: .utf8) else { return nil } let dispatchData = stringData.withUnsafeBytes { DispatchData(bytes: $0) } return dispatchData } } When I try to modify it to use QUIC and TLS 1.3 like so extension NWParameters { // Create parameters for use in PeerConnection and PeerListener. convenience init(psk: String) { self.init(quic: NWParameters.quicOptions(psk: psk)) self.includePeerToPeer = true } private static func quicOptions(psk: String) -> NWProtocolQUIC.Options { let quicOptions = NWProtocolQUIC.Options(alpn: ["h3"]) let authenticationKey = SymmetricKey(data: psk.data(using: .utf8)!) let authenticationCode = HMAC<SHA256>.authenticationCode(for: "hello".data(using: .utf8)!, using: authenticationKey) let authenticationDispatchData = authenticationCode.withUnsafeBytes { DispatchData(bytes: $0) } sec_protocol_options_set_min_tls_protocol_version(quicOptions.securityProtocolOptions, .TLSv13) sec_protocol_options_set_max_tls_protocol_version(quicOptions.securityProtocolOptions, .TLSv13) sec_protocol_options_add_pre_shared_key(quicOptions.securityProtocolOptions, authenticationDispatchData as __DispatchData, stringToDispatchData("hello")! as __DispatchData) sec_protocol_options_append_tls_ciphersuite(quicOptions.securityProtocolOptions, tls_ciphersuite_t(rawValue: TLS_AES_128_GCM_SHA256)!) sec_protocol_options_set_verify_block(quicOptions.securityProtocolOptions, { _, _, sec_protocol_verify_complete in sec_protocol_verify_complete(true) }, .main) return quicOptions } // Create a utility function to encode strings as preshared key data. private static func stringToDispatchData(_ string: String) -> DispatchData? { guard let stringData = string.data(using: .utf8) else { return nil } let dispatchData = stringData.withUnsafeBytes { DispatchData(bytes: $0) } return dispatchData } } I get the following errors in the console boringssl_session_handshake_incomplete(241) [C3:1][0x109d0c600] SSL library error boringssl_session_handshake_error_print(44) [C3:1][0x109d0c600] Error: 4459057536:error:100000ae:SSL routines:OPENSSL_internal:NO_CERTIFICATE_SET:/Library/Caches/com.apple.xbs/Sources/boringssl/ssl/tls13_server.cc:882: boringssl_session_handshake_incomplete(241) [C4:1][0x109d0d200] SSL library error boringssl_session_handshake_error_print(44) [C4:1][0x109d0d200] Error: 4459057536:error:100000ae:SSL routines:OPENSSL_internal:NO_CERTIFICATE_SET:/Library/Caches/com.apple.xbs/Sources/boringssl/ssl/tls13_server.cc:882: nw_endpoint_flow_failed_with_error [C3 fe80::1884:2662:90ca:b011%en0.65328 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: en0[802.11], scoped, ipv4, dns, uses wifi)] already failing, returning nw_endpoint_flow_failed_with_error [C4 192.168.0.98:65396 in_progress channel-flow (satisfied (Path is satisfied), viable, interface: en0[802.11], scoped, ipv4, dns, uses wifi)] already failing, returning quic_crypto_connection_state_handler [C1:1] [2ae0263d7dc186c7-] TLS error -9858 (state failed) nw_connection_copy_connected_local_endpoint_block_invoke [C3] Client called nw_connection_copy_connected_local_endpoint on unconnected nw_connection nw_connection_copy_connected_remote_endpoint_block_invoke [C3] Client called nw_connection_copy_connected_remote_endpoint on unconnected nw_connection nw_connection_copy_protocol_metadata_internal_block_invoke [C3] Client called nw_connection_copy_protocol_metadata_internal on unconnected nw_connection quic_crypto_connection_state_handler [C2:1] [84fdc1e910f59f0a-] TLS error -9858 (state failed) nw_connection_copy_connected_local_endpoint_block_invoke [C4] Client called nw_connection_copy_connected_local_endpoint on unconnected nw_connection nw_connection_copy_connected_remote_endpoint_block_invoke [C4] Client called nw_connection_copy_connected_remote_endpoint on unconnected nw_connection nw_connection_copy_protocol_metadata_internal_block_invoke [C4] Client called nw_connection_copy_protocol_metadata_internal on unconnected nw_connection Am I missing some configuration? I noticed with the working code that uses TCP and TLS that there is an NWParameters initializer that accepts tls options and tcp option but there isnt one that accepts tls and quic. Thank you for any help :)

On iOS beta, monitoring network usage using the getifaddrs API sporadically causes system volume spikes. This happens even though the application does not interact with any audio-related code. The issue persists across different polling intervals (e.g., 0.05s to 1s) and only occurs when invoking getifaddrs. Replacing the API calls with mock data eliminates the problem, suggesting a potential issue with getifaddrs in the beta environment. The application updates UI elements based on network activity, but the volume spikes occur independently of UI or other observable app behavior. Steps to Reproduce: Create an app that monitors network usage using the getifaddrs API. Fetch network statistics on a timer (e.g., every 0.05 seconds). Observe system behavior while running the app on iOS beta. Note sporadic volume spikes during app runtime. Expected Result: Polling network usage with getifaddrs should not affect system volume or other unrelated resources. Actual Result: System volume spikes occasionally when network statistics are retrieved using getifaddrs. iOS 18.2 Beta, Tested on physical device ( iPhone 15 Pro )

There is no Network Extension icon missing in System Settings. Sequoia 15.1 (24B83) Screenshot attached

Hi, TLDR: On iOS, when my PacketTunnel is running, can I exclude DNS requests from going into the tunnel? I have a test app, using Apple's AsyncDNSResolver, that makes a DNS call and it works when the tunnel is not running. If the tunnel is running it times out after 30 seconds and I get the error -65568. Here's how I'm setting up the tunnel func setup(tunnelRemoteAddress: String) { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: tunnelRemoteAddress) settings.ipv4Settings = NEIPv4Settings(addresses: [tunnelRemoteAddress], subnetMasks: ["255.255.255.255"]) settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()] let proxySettings = NEProxySettings() proxySettings.httpEnabled = true proxySettings.httpServer = NEProxyServer(address: ProxyServerConfiguration.host, port: ProxyServerConfiguration.port) proxySettings.httpsEnabled = true proxySettings.httpsServer = NEProxyServer(address: LocalProxyServerConfiguration.host, port: LocalProxyServerConfiguration.port) proxySettings.excludeSimpleHostnames = true proxySettings.exceptionList = nil let dnsSettings = NEDNSSettings(servers: ["8.8.8.8"]) settings.dnsSettings = dnsSettings settings.proxySettings = proxySettings setTunnelNetworkSettings(settings) { error in // ... } } I've tried all combinations of setting/excluding the NEDNSSettings but the DNS call always fails when the tunnel is running. Thanks for any help.

Is it possible to build an iOS app with the purpose of content filtering? I'll give an example. This app would block access to example.com, therefore if I were on the Safari or any iOS compatible browser, if I were to try to navigate to example.com access would be blocked. The same would happen if I were on let's say Instagram and it attempted to make an outbound api call to example.com, that too would fail. Is this device wide content filtering possible on the iOS platform? Furthermore would you be able to implement redirect logic. As in the user tries to visit example.com but it is redirected to google.com?

Whenever I'm working on my content filter for macOS, I usually keep SIP disabled and with developer mode on (systemextensionsctl) as a convenience. The issue: content filter stopped receiving any kind of traffic when SIP is disabled. I don't see any log lines in Console for new flows, and the filter can't block anything, since it doesn't get any flows. Issue started yesterday. I tried several things and did some investigation, here are some findings: Reboot: rebooting did not fix the issue (while keeping SIP disabled). Reenabling SIP fixes the issue for both App Store and Xcode builds. Code: latest published version also stopped working with SIP disabled. This version is stable and confirmed to work as reported by users. Clean Xcode + rebuild did not fix the issue. Lastly, I inspected the logs and did not see any errors standing out. I noticed the filter does get started (startFilter is called) and registered, but after that there are no errors/new flows or anything, just silence (logs below). com.apple.networkextension default 15:22:22.270746-0300 : Calling startFilterWithCompletionHandler com.extension.MyExtension info 15:22:22.270998-0300 Success applying filter settings com.apple.networkextension debug 15:22:22.272705-0300 NESMFilterSession[My Extension:B9F3F30E-E0E0-4E53-8B32-EFC285E3CF6A]: Checking providerBundleIdentifier com.extension.MyExtension for pluginClass 4 com.apple.networkextension debug 15:22:22.272717-0300 Checking for com.extension.MyExtension - com.apple.networkextension.filter-data com.apple.networkextension default 15:22:22.272728-0300 Found 1 registrations for com.extension.MyExtension (com.apple.networkextension.filter-data) com.apple.networkextension debug 15:22:22.272778-0300 NESMFilterSession[My Extension:B9F3F30E-E0E0-4E53-8B32-EFC285E3CF6A]: com.extension.MyExtension is registered for pluginClass 4 Here are some additional info about my system: macOS 15.1 Between yesterday and today, the only new Installation is XProtectPlistConfigData at 12:10AM Thanks!

I am planning to implement Peer to Peer data exchange between 2 iOS devices. I have the following queries. My devices are connected through Ethernet. I would prefer to use this route if possible before switching over to Wifi. I can see there is an option to use prohibitedInterfaceTypes but that doesn't guarantee the route to use Ethernet when there are multiple available. Does the connection automatically switch between ethernet and Wifi or does that have to be handled via isViable and betterPathAvailable? I'm unsure when I should be using a custom framing protocol. I just need to exchange codable objects between the devices. Is the custom protocol required only if I use TCP as the underlying protocol? Can NSURLSessionStreamTask be used for this use case?

I have a pretty straightforward code to connect to a given ip address and port using NWConnection. On the first attempt to connect to the Local Network I see the "Local Network Privacy" dialog and sometimes if I press "Don't Allow" on that dialog everything starts to fail. No matter I do I keep receiving the following error: POSIXErrorCode(rawValue: 50): Network is down Obviously going to settings and allowing local network access to the app doesn't fix the issue. Neither deleting the app and installing it again. The only workaround I found is to restart my device which is unacceptable for a user. My code is really simple, I tried a lot of different approaches to connect but neither approach worked. I am on iOS 18. Is it a known bug? could be possible a bug on my code? Any idea would be really appreciated, thanks!

We use as content filter in our app to monitor flows, we gather data about the flow and block flows deemed suspicious. Our content filter is activated/deactivated by a UI app but the flows are reported via XPC to a separate daemon process for analysis. As of macOS 15, we are seeing cases where flows are missing or flows are not received at all by the content filter. The behaviour is not consistent, some devices seem to receive flows normally but others don't. It appears Intel devices are much less prone to showing the problem, whereas Arm devices routinely exhibit missing flows. On macOS 14 or earlier, there is no sign of missing flows. Testing on earlier beta versions of macOS 15 did not appear to show the problem, however I can't rule out if issue was present but it wasn't spotted. Experimenting with simple examples of using a content filter (e.g. QNE2FilterMac) does not appear to reproduce the issue. Questions, What has changed between macOS 14 and 15 that could be the cause of the lack of flows? Is our approach to using an app activated content filter reporting to a daemon connected via XPC unsupported?

Hello all, I have a question, I am developing an application that uses the apply() function of the NEHotspotConfigurationManager class to switch the Wifi of the device. In the completionHandler of the apply() function, the error argument contains “Internal Error(8)” and the wifi switching may fail. We have never seen this problem during development, and since it occurs only in the market, we are at a loss as to the cause and countermeasure. Do you know the cause of the “Internal Error(8)” and how to fix it? A similar phenomenon has already been discussed in the following thread, but after countermeasures were taken in iOS12, it also occurs in iOS13 and later and no progress has been made since then. https://developer.apple.com/forums/thread/107851 I would appreciate it if someone could clarify what is happening with this error, as there is not much information on the web regarding this error. Thank you in advance.

So I have a small homebuilt device that has a simple Arduino-like chip with wifi capabilities (to be precise, the Xiao Seeed ESP32C, for anyone who cares), and I need my iOS app to talk to this device. Using the CoreBluetooth framework, we've had no problems --- except that in "noisy" environments sometimes we have disconnects. So we want to try wifi. We assume that there is no public wifi network available. We'd love to do peer-to-peer networking using Network, but that's only if both devices are from Apple. They're not. Now, the Xiao device can act as an access point, and presumably I could put my iPhone on that network and use regular TCP calls to talk to it. The problem is that my app wants to both talk to this home-built device, but ALSO make http calls to my server an amazon. So: how do I let my iOS app talk over wifi to this simple chip, while not losing the ability to also have my app reach a general server (and receive push notifications, etc.) To be more concrete, imagine that my app needs to be able to discover the access point provided by my device, use low-level TCP socket calls to talk to this local wifi device, all without losing the ability to also make general http calls and be just accessible to push notifications as it was before connecting to this purely local (and very short range, i.e. no more than 30 meters distant) device. Does this make sense? Have I explained it well enough?

Ex Windows programmer trying to evolve to Mac... please go easy. :-) As part of my transition I'm trying to get some older stuff I wrote for myself to work. I have a command line utility program which uses socket(), connect(), send(), select/recv() to create a RAW socket and send a ICMP_ECHO packet to a host and then await its return. Essentially, PING with some minor variation in its output. Got it built in Xcode. Found that socket() with SOCK_RAW failed until I ran as root (via SUDO). OK, no problem. Now it sends, but it never receives a response. The select() always times out rather than receiving the reply. When I run my Windows cmd line version on the same machine under Parallels, it works fine. So I'm confident the other host is able to be reached from my network, etc. I can use actual PING from the command line just fine too. Is there some other permission facility in MacOS that would prevent me from receiving the reply packets? What would it be called, how would I either turn it off or work with it? Thanks for any help!

Hi, I have been using iPhones 14Pro, 15Pro for the last couple of years for 5G SA research applications. As far as the iPhone14 Pro goes, even with the latest upgrade 18.2 beta 2 it works flawlessly, upon inserting the SIM CARD, I can activate VoLTE and then there is a toggle that enables 5G SA. The phone connects to the network using PLMN 001 01 and functions perfectly. iPhone 15 Pro is behaving completely different. Upon inserting the SIMCARD it also lets enabling the 5G SA functionality but the phone never searches for a cell. Even putting the phone into mobile field test, it never searches for NR even with the same SIM card working in the 14 PRO. This particular mobile phone did work in the first iOS versions and stopped working after upgrading to 18.1. Just a few days ago, I bought a 16 PRO to try it with our 5G SA networks, and it is behaving the exact same way as the iPhone 15 PRO. It never tries to attach to the 5G SA even with the same SIM card as the 14PRO. I would like to understand this difference in behaviour across all these devices and understand if this is a new implementation or a SW bug. In the case this is a new implementation, please point me towards novel documentation so I can understand what to change in the network configurations to have the communication back. Thanks.

Hi, I'm using the Network framework to browse for devices on the local network. Unfortunately, I get many crash reports that crash in nw_browser_cancel, of which two are attached. This discussion seems to have a similar issue, but it was never resolved: https://forums.developer.apple.com/forums/thread/696037 Contrary to the situation in the linked thread, my implementation uses DispatchQueue.main as the queue for the browser, so I don't think over-releasing the queue is the problem. I am unable to reproduce this problem myself, but one of my users can reproduce it reliably it seems. How can I resolve this crash? 2024-11-10_14-24-35.3886_+0100-4fdbdb8e944a4b655d60df53da3aa8c759f4fd1f.crash 2024-11-08_08-54-31.6366_+0100-303cabefb74bf89cdea3127b1cad122ee46016f2.crash

Hi Everyone, Is there a framework or pattern to allow peer to peer communication between multiple iOS application? The use case would be as follow: An organizer creates a session with multiple users. The users receive an invitation (initially via email or sms), they install the app, upon accepting the invitation, they join a session. The session then allow peer to peer communication between users, not necessarily in the form of text messages, but more on information and synchronization between states of models between the members. Is there a framework for such a communication, or are we forced to go through a server to relay messages? I found the Multipeer communication Framework but it is for the discovery of devices, not for communication between applications. Thanks a lot.

Kindly suggest the best approach for the below requirement. Requirement Summary: I have a camera that generates its own Wi-Fi network with some specifications, and I need my iOS app to automatically connect to that Wi-Fi whenever it's in range. This Wi-Fi network is used for transferring files between the camera and the iOS app and to give commands to camera to do certain actions. This Wi-Fi does not provide internet access. Details: The iOS app should automatically connect to the camera's Wi-Fi network once it launches. The camera's Wi-Fi does not have internet access; it is purely for file transfers (e.g., photos/videos) between the camera and the iOS app and to command camera to do certain actions The iOS device should still use mobile data for internet access while connected to the camera's Wi-Fi. The mobile data will be used to upload files to the cloud, as I have a large data plan available for internet use. The app should maintain the connection to the camera's Wi-Fi as long as the iOS device is within proximity of the camera. If the device moves out of range and then comes back, the iOS app should prefer and reconnect to the camera's Wi-Fi over any other available networks. I am looking for a solution or approach that can make this seamless, ensuring a stable connection between the camera and the iOS app while prioritizing mobile data for internet connectivity.

Hello, I have a company laptop thats connected to the internet without a VPN. I need to be able to resolve my company's sub domains using a specific dns server, and have all other domains resolved by the system wide name server. In windows, this is trivial to do. In an admin powershell I run "Add-DnsClientNrptRule -Namespace ".foo.mycompany.com" -Nameserver "127.0.0.1" and resolution requests for *.foo.mycompany.com is sent to a name server running on the localhost. All other dns resolution requests are handled by the system configured resolver. MacOS does have the /etc/resolver/ solution for this, but my understanding from these forums is that this is not the recommended approach. Note - I have tried it and it works. AFAIU, the recommended approach is to create a system Network extension using NEDNSProxyProvider, override handleNewFlow() and do what's necessary. The issue with this solution is that it requires handling all the dns flow parsing of DNS datagrams to extract the host forwarding the datagrams to the appropriate dns server Handle responses. Deal with flow control Handle edge cases. I was hoping for something much simpler than us needing to implement datagram parsing. Could you please shed light on our options and how we could proceed ?

In the past, I used to ping my iPhone‘s local IP address via UDP. If local network permissions were not enabled, it would return an error. If they were enabled, it would return success, which I used to determine whether my app had local network permissions enabled. Now, with iOS 18, it seems to not work anymore. Regardless of whether local network permissions are enabled, pinging the iPhone‘s local IP address always returns success. Is there any other good method to check this permission status? Case-ID: 9934335

I'm use iPad OS 17.5.1, when I try to use socket to connect to an ipv6 address created by PacketTunnelProvider in my iOS device, an error occurs. Here is the code to create socket server and client: #include &lt;stdio.h&gt; #include &lt;string.h&gt; #include &lt;sys/socket.h&gt; #include &lt;netinet/in.h&gt; #include &lt;arpa/inet.h&gt; #include &lt;unistd.h&gt; int dx_create_ipv6_server(const char *ipv6_address, int port) { int server_fd; struct sockaddr_in6 server_addr; server_fd = socket(AF_INET6, SOCK_STREAM, 0); if (server_fd == -1) { perror("socket() failed"); return -1; } memset(&amp;server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &amp;server_addr.sin6_addr) &lt;= 0) { perror("inet_pton() failed"); close(server_fd); return -1; } if (bind(server_fd, (struct sockaddr *)&amp;server_addr, sizeof(server_addr)) == -1) { perror("bind() failed"); close(server_fd); return -1; } if (listen(server_fd, 5) == -1) { perror("listen() failed"); close(server_fd); return -1; } printf("Server is listening on [%s]:%d\n", ipv6_address, port); return server_fd; } int dx_accept_client_connection(int server_fd) { int client_fd; struct sockaddr_in6 client_addr; socklen_t client_addr_len = sizeof(client_addr); client_fd = accept(server_fd, (struct sockaddr *)&amp;client_addr, &amp;client_addr_len); if (client_fd == -1) { perror("accept() failed"); return -1; } char client_ip[INET6_ADDRSTRLEN]; inet_ntop(AF_INET6, &amp;client_addr.sin6_addr, client_ip, sizeof(client_ip)); printf("Client connected: [%s]\n", client_ip); return client_fd; } int dx_connect_to_ipv6_server(const char *ipv6_address, int port) { int client_fd; struct sockaddr_in6 server_addr; client_fd = socket(AF_INET6, SOCK_STREAM, 0); if (client_fd == -1) { perror("socket() failed"); return -1; } memset(&amp;server_addr, 0, sizeof(server_addr)); server_addr.sin6_family = AF_INET6; server_addr.sin6_port = htons(port); if (inet_pton(AF_INET6, ipv6_address, &amp;server_addr.sin6_addr) &lt;= 0) { perror("inet_pton() failed"); close(client_fd); return -1; } if (connect(client_fd, (struct sockaddr *)&amp;server_addr, sizeof(server_addr)) == -1) { perror("connect() failed"); close(client_fd); return -1; } printf("Connected to server [%s]:%d\n", ipv6_address, port); close(client_fd); return 0; } @implementation SocketTest + (void)startSever:(NSString *)addr port:(int)port { [[NSOperationQueue new] addOperationWithBlock:^{ int server_fd = dx_create_ipv6_server(addr.UTF8String, port); if (server_fd == -1) { return; } int client_fd = dx_accept_client_connection(server_fd); if (client_fd == -1) { close(server_fd); return; } close(client_fd); close(server_fd); }]; } + (void)clientConnect:(NSString *)addr port:(int)port{ [[NSOperationQueue new] addOperationWithBlock:^{ dx_connect_to_ipv6_server(addr.UTF8String, port); }]; } @end PacketTunnelProvider code: override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -&gt; Void) { let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: "fd84:306d:fc4e::1") let ipv6 = NEIPv6Settings(addresses: ["fd84:306d:fc4e::1"], networkPrefixLengths: 64) settings.ipv6Settings = ipv6 setTunnelNetworkSettings(settings) { error in if error == nil { self.readPackets() } completionHandler(error) } } private func readPackets() { // do nothing packetFlow.readPackets { [self] packets, protocols in self.packetFlow.writePackets(packets, withProtocols: protocols) self.readPackets() } } At main target, in viewcontroller's viewDidAppear, after starting the VPN, executed following code: [SocketTest startSever:@"fd84:306d:fc4e::1" port:12345]; sleep(3); [SocketTest clientConnect:@"fd84:306d:fc4e::1" port:12345]; The startSever is executed correctly, but when executing： connect(client_fd, (struct sockaddr *)&amp;server_addr, sizeof(server_addr)) in clientConnect, the code is blocked until it times out and returns -1. **Even if I use GCDAsyncSocket or BlueSocket, I get the same error. The strange thing is that if I use the ipv4 address in PacketTunnelProvider, and change the above code to the ipv4 version and connect to ipv4 address, or use GCDAsyncSocket to perform the corresponding operation, it can be executed correctly. ** I tried to search Google for problems with ios-related ipv6 addresses, but I still couldn't find a solution. Is this a bug in the ios system or is there something wrong with my code? I hope to get your help! Stackoverflow url: iOS Socket cannot connect ipv6 address when use PacketTunnelProvider