Missing entry com.apple.managed.vpn.shared in provisioning profile

Hi,


We are using Network Extension entitlement to build a VPN app and extension. The provisioning profile generated for the app extension needs to have com.apple.managed.vpn.shared in the keychain-access-groups entitlements.


This was working for us until couple of days back. However, now any provisioning profile we generate on the developer portal (Development, Ad Hoc or App Store) does not have this entry in the provisioning profile entitlements.


As a result of this, we are not able to read the authentication data from the profile and are stuck.


This seems to be an issue in the provisioning profile generation code as we have not changed anything on the App definition.


Please help.


Thanks,

XWu.

Replies

Hi Eskimo,


We are also seeing this issue.

After creating new Provisioning Profile from apple portal it is missing "com.apple.managed.vpn.shared" keychain sharing key. We tried it without this string in our entitlements but have no ability to access the client certificate in the configuration profile, so it can’t start a VPN.


Do we have a fix or workaround for this?


Thanks

Do we have a fix or workaround for this?

Alas, nothing has changed since I responded on this thread on 9 Jan.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

I'm stuck waiting on the same issue. I filed bug report 30155113. Eagerly looking forward to a solution. Thanks Eskimo for keeping us updated!

I just updated my Network Extension Framework Entitlements post with information about how you can get access to the

com.apple.managed.vpn.shared
keychain access group. Yay!

I appreciate everyone’s patience here.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Eskimo,


#8 — On the Mac, can Developer ID apps host Network Extension providers?

Currently this is not possible; only Mac App Store apps can host Network Extension providers.


We are building a Mac VPN app with Packet Tunnel Provider, so how can we debug and test it? can we do it locally, or do we need to submit it to Mac App Store in order to test it?


Thanks!

Thanks very much! I filed a TSI per your instructions.

We are building a Mac VPN app with Packet Tunnel Provider, so how can we debug and test it?

You can test the same way you test any Mac App Store app, by building it with a Mac App Store development profile. When creating the profile in the Certificates, Identifiers & Profiles page, select Mac App Development.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi Eskimo, We are facing exactly the same issue and I have been closely following this forum. I didn't post anything untill now becuase enough people had already reported this issue. Now as per your FAQ#9, We filed a DTS to request this missing entitlement and below is the response we got in return. As per their email I contacted developer program and they pointed me to the new way of generating profiles by enabling the Network Extension service for AppID, Which we did but the new profiles too didnt work becuase ours is the case you mentioned in FAQ#9. Please suggest where do we go from here. We are blocked.


As always thanks for your awesomeness!

-Surender

-----

Thank you for contacting Apple Developer Technical Support (DTS). We provide support for code-level questions on hardware & software development, and are unable to help you with your question.

For such questions, please contact the Apple Developer Program Support Team. You can contact them directly via web form <Also, when contacting them, be sure to mention that you were referred by DTS.

While a Technical Support Incident (TSI) was initially debited from your Apple Developer Program account for this request, we have assigned a replacement incident back to your account.

We hope this information is helpful to you.

Apple Developer Support

Worldwide Developer Relations

----

I didn't post anything untill now becuase enough people had already reported this issue.

Indeed.

Now as per your FAQ#9, We filed a DTS to request this missing entitlement and below is the response we got in return.

It seems your request got misidentified. Please email me (my email address is in my signature, below) the follow-up number and I’ll take a look.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks very much Eskimo. We are able to generate the provisioning profile correctly now.

Same issue here. Filed TSI with follow up # 662220389

Hey hey! During my one-on-one with my boss last night I told him that these requests have completely dried up, and now you’ve made me a liar (-: Oh well, never mind.

We’ll be in touch shortly via official channels.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"