I recently investigated the interaction between VPN and sleep as part of a DTS incident. I’ve included the resulting info below. I think that’ll answer a bunch of your questions. If there’s any remaining, please post back with the specifics.
Your tunnel provider can work in one of two modes:
disconnectOnSleepis set (
<NetworkExtension/NEVPNProtocol.h>), the system will automatically stop the tunnel as the device goes to sleep. In that case the tunnel won’t automatically start again on wake (unless triggered by an on demand rule).
disconnectOnSleepis false, the system does not automatically stop the tunnel on sleep. In that case:
Your provider should override the
In the ‘sleep’ override it should quiesce the tunnel as appropriate for your protocol. In the ‘wake’ override it should reactivate the tunnel.
If the reactivation fails (for example, because the network environment changed in a way that prevents reactivation) your provider should stop the tunnel by calling one of the ‘cancel’ methods (for example,
-cancelTunnelWithErrorfor a packet tunnel provider).
Between the tunnel quiesce and reactivate your provider should set
reassertingto true (
<NetworkExtension/NETunnelProvider.h>) so that the system knows it’s not connected.
While reactivating you can choose to clear out your tunnel settings by calling
-setTunnelNetworkSettings:completionHandler:with nil for the
<NetworkExtension/NETunnelProvider.h>). Doing this will stop traffic flowing into the tunnel, which might be a nice thing to do for the user if the reactivation takes a long time.
Share and Enjoy
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
Thanks, no more questions