4 Replies
      Latest reply on Dec 12, 2019 3:23 AM by app.factorts@gmail.com
      app.factorts@gmail.com Level 1 Level 1 (0 points)

        Hello! I'm trying to figure out a VPN in iOS. As a starting example, I took a project from a github:

        https://github.com/lxdcn/NEPacketTunnelVPNDemo

         

         

        On versions prior to 12, everything worked well. in Versions after 12, the message “Update required” appeared in the VPN configuration settings.

        I’m interested in such a scheme - a simple encapsulation of traffic(with static settings). Please tell me - what needs to be updated for working on iOS 12+.

        • Re: iOS 12 VPN simple encaps
          eskimo Apple Staff Apple Staff (13,095 points)

          I’ve recently been helping someone with an issue like this and the latest theory is that they’ve not set the NE entitlement on their app extension.  For an app containing NE app extensions, both the app and the app extension need the com.apple.developer.networking.networkextension entitlement.

          Also, make sure you check the entitlements on the built binary, not on just the .entitlements file.  The latter is just one input to the code signing machinery that sets the entitlements in the code signature.

          You can dump a binary’s entitlements as follows:

          $ codesign -d --entitlements :- /path/to/your/app/or/app/ex

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: iOS 12 VPN simple encaps
              app.factorts@gmail.com Level 1 Level 1 (0 points)

              Hi! Thank you, for reply! I got app from archive and use your command. Result:

               

              codesign -d --entitlements :- ./NEPacketTunnelVPNDemo.app

              Executable=/Users/xfg/Documents/NEPacketTunnelVPNDemo.app/NEPacketTunnelVPNDemo

              <?xml version="1.0" encoding="UTF-8"?>

              <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">

              <plist version="1.0">

              <dict>

                <key>application-identifier</key>

                <string>+++++++.--------.vpn</string>

                <key>com.apple.developer.networking.networkextension</key>

                <array>

                <string>app-proxy-provider</string>

                <string>content-filter-provider</string>

                <string>packet-tunnel-provider</string>

                </array>

                <key>com.apple.developer.networking.vpn.api</key>

                <array>

                <string>allow-vpn</string>

                </array>

                <key>com.apple.developer.team-identifier</key>

                <string>+++++++++</string>

                <key>get-task-allow</key>

                <true/>

              </dict>

              </plist>

               

              But a didnt see NE entitlement in this output(i created 2 provision profile for different boundle id, both with NE) %)

               

              Application target and NE have

              <key>com.apple.developer.networking.networkextension</key>
              <array>
              <string>app-proxy-provider</string>
              <string>content-filter-provider</string>
              <string>packet-tunnel-provider</string>
              </array>

              in entitlement.  Where is my mistake?