iOS 12 VPN simple encaps

Hello! I'm trying to figure out a VPN in iOS. As a starting example, I took a project from a github:

https://github.com/lxdcn/NEPacketTunnelVPNDemo



On versions prior to 12, everything worked well. in Versions after 12, the message “Update required” appeared in the VPN configuration settings.

I’m interested in such a scheme - a simple encapsulation of traffic(with static settings). Please tell me - what needs to be updated for working on iOS 12+.

Accepted Reply

codesign -d --entitlements :- ./NEPacketTunnelVPNDemo.app

I don’t see the output from your appex here?

Also, you should remove

com.apple.developer.networking.vpn.api
. It’s only needed for Personal VPN.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

I’ve recently been helping someone with an issue like this and the latest theory is that they’ve not set the NE entitlement on their app extension. For an app containing NE app extensions, both the app and the app extension need the

com.apple.developer.networking.networkextension
entitlement.

Also, make sure you check the entitlements on the built binary, not on just the

.entitlements
file. The latter is just one input to the code signing machinery that sets the entitlements in the code signature.

You can dump a binary’s entitlements as follows:

$ codesign -d --entitlements :- /path/to/your/app/or/app/ex

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi! Thank you, for reply! I got app from archive and use your command. Result:


codesign -d --entitlements :- ./NEPacketTunnelVPNDemo.app

Executable=/Users/xfg/Documents/NEPacketTunnelVPNDemo.app/NEPacketTunnelVPNDemo

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

<plist version="1.0">

<dict>

<key>application-identifier</key>

<string>+++++++.--------.vpn</string>

<key>com.apple.developer.networking.networkextension</key>

<array>

<string>app-proxy-provider</string>

<string>content-filter-provider</string>

<string>packet-tunnel-provider</string>

</array>

<key>com.apple.developer.networking.vpn.api</key>

<array>

<string>allow-vpn</string>

</array>

<key>com.apple.developer.team-identifier</key>

<string>+++++++++</string>

<key>get-task-allow</key>

<true/>

</dict>

</plist>


But a didnt see NE entitlement in this output(i created 2 provision profile for different boundle id, both with NE) %)


Application target and NE have

<key>com.apple.developer.networking.networkextension</key>
<array>
<string>app-proxy-provider</string>
<string>content-filter-provider</string>
<string>packet-tunnel-provider</string>
</array>

in entitlement. Where is my mistake?

codesign -d --entitlements :- ./NEPacketTunnelVPNDemo.app

I don’t see the output from your appex here?

Also, you should remove

com.apple.developer.networking.vpn.api
. It’s only needed for Personal VPN.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you!! Recreate all provisions and extensions! Everything works.. Thank you!