VPN is not connecting

I am unable to connect VPN using

PacketTunnel
. I have successfully created network extension target and when i call '
startVPNTunnel()
' function it shows the status "VPN is connecting..." in '
NEVPNStatusDidChange
' observer and after that status never change.

It is not showing any kind of error also.


As i debug, '

startTunnel()
' function is never called in '
PacketTunnelProvider
' class which is subclass of '
NEPacketTunnelProvider
'. Even this class init method is also never getting called.


If i have some problem on server side then in that case is it also possible that startVPNTunnel() does not get call? or it returns some other error?


NOTE: I have added the

NetworkExtension
capabilities for both the target i.e, App main target and NetworkExtension Target.


NOTE: I also added '

NSExtensionPointIdentifier
' and '
NSExtensionPrincipalClass
' keys in NetworkExtension target plist fie.

Replies

If i have some problem on server side then in that case is it also possible that

startVPNTunnel
does not get call?

No. A packet tunnel provider is a form of custom VPN, which means that the provider is responsible for all interactions with the server. The system has no idea how your server works, and thus can’t possibly be talking to it, and that means that there’s nothing your server could be doing ‘wrong’.

Failures like this are usually the result of a packaging problem in your app, that is, there’s something in your app, or in the nested appex, that’s preventing the system from loading your appex.

Even this class init method is also never getting called.

How are you testing that?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

ps DTS is closed 21 Dec through 1 Jan.

Even this class init method is also never getting called.


How are you testing that?

I am trying by printing message in init method. But nothing is print on console.


override init() {

super.init()

print("Hello")

NSLog("provider init")

}


And i also check it by applying breakpoint and set Debug->Attach to process->Then i add NetworkExtension Target.



Failures like this are usually the result of a packaging problem in your app, that is, there’s something in your app, or in the nested appex, that’s preventing the system from loading your appex.

So can you please suggest what can be the possibilities (problems in packaging) that i have to check in my project.

Hi @eskimo,


I have checked my package but find nothing and i also create 2-3 times the extension target but getting the same issue again and again. Can you please help me in coming out from this problem or can you please suggest me any tutorial that i can follow for packaging. Thanks.

You wrote:

I am trying by printing message in init method. But nothing is print on console.

and:

And i also check it by applying breakpoint and set Debug->Attach to Process

Neither of these are valid tests, alas. NetworkExtension providers are started in a way that prevents Xcode from capturing

stdout
or from applying breakpoints that early. I recommend that you re-test using system log. That is:
  1. Write an initialise like this:

    class MyPacketTunnelProvider: NEPacketTunnelProvider {
    
    
    override init() {
        NSLog("qqq")
        super.init()
    }
    
    
    … more code here …
    }

    where

    qqq
    is some unique string that’s easy to search for.
  2. Launch Console on your Mac.

  3. Select your iOS device on the left.

  4. Make sure that Action > Include Info Messages and Action > Include Debug Message is set.

  5. Start a search for your unique string.

  6. Start your VPN.

IMPORTANT Using

NSLog
for this test is fine, but in the log term you should use the unified logging API.

Logging

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,


Thanks a lot eskimo. It helps me in resolving the problem.


Can you please confirm me that how can we implement Split Tunnel with Packet Tunnel in my app with Swift 4.2.

Can you please confirm me that how can we implement Split Tunnel with Packet Tunnel in my app with Swift 4.2.

A packet tunnel provider implements a full tunnel if it includes the default route (

.defaultRoute()
) in the
includedRoutes
property of the
NEIPv4Settings
and
NEIPv6Settings
settings objects it uses to configure the tunnel. If it doesn’t include the default route, it creates a split tunnel, one that only gets the traffic destined for the specific routes it did include.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi @eskimo


I assign blank array to 'includedRoutes' property that is all the trafic does not pass through the tunnel. All traffic should go direct because includedRoutes are empty.


networkSettings?.ipv4Settings?.includedRoutes = []
networkSettings?.ipv6Settings?.includedRoutes = []


But in that case when i am connected to VPN, 'Hotstar' is playing videos in Safari but it is not playing in Hotstar app showing error "VPN Detected". So why it still send the Hotstar app trafic via Tunnel.


And the second problem that i am facing is, when i exclude all the routes, it is not excluding the traffic. Even Hotstar is not playing videos in Safari but it should play videos because when excludedRoutes has default value then all the traffic should not pass via Tunnel.


networkSettings?.ipv4Settings?.excludedRoutes = [NEIPv4Route.default()]
networkSettings?.ipv6Settings?.excludedRoutes = [NEIPv6Route.default()]


If i am doing something wrong please correct me and help.

Hotstar app showing error "VPN Detected".

Are you sure that’s the case? Or is it detecting the VPN not via the traffic but via other means?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Hi,


Thanks for your response.


Are you sure that’s the case?


I am not sure how i will check it that how it is detecting VPN. Can you please suggest?


And as i checked my IP in safari browser when connected to VPN(exclude all the traffic) and when not connected to VPN , it is same, means all the traffic of safari goes directly not going via Tunnel.


Or is it detecting the VPN not via the traffic but via other means?


Yes it can be a possibility.



One more thing that i want to ask why excludedRoutes is not working when i set it to default. Please suggest.


networkSettings?.ipv4Settings?.excludedRoutes = [NEIPv4Route.default()] 
networkSettings?.ipv6Settings?.excludedRoutes = [NEIPv6Route.default()]


As per my understanding above code should also exclude all the traffic but it is not working as expected.

Hi @eskimo


Can you please suggest me that for creating the 'NEIPv4Route' object in 'destinationAddress' parameter, it is must to pass 'server address' or can we pass 'IP Address' or 'domain name'. If there is any way can you please suggest, how can we achieve this?


NEIPv4Route(destinationAddress: "208.67.220.123", subnetMask: "255.255.255.0")

@eskimo


Can you please confirm, is it possible to pass 'IP Address' or website URL 'domain name' in 'destinationAddress' parameter in creating 'NEIPv4Route' object?


NEIPv4Route(destinationAddress: "208.67.220.123", subnetMask: "255.255.255.0")


is it possible to pass … website URL 'domain name' in

destinationAddress
parameter in creating
NEIPv4Route
object?

No. A packet tunnel works at the packet level [1]. As such, the system decides whether to route traffic to the tunnel based on its destination IP address. This is far disconnected from the DNS name, if any, used by the app [2].

The fact that you asked about this suggests that you’re using a packet tunnel for stuff that it wasn’t intended to be used for (like content filtering). What’s your high-level goal here?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

[1] Unless it’s in per-app VPN mode.

[2] One DNS name can resolve to multiple IP addresses. And one IP address can be accessable via multiple DNS names. And some apps use legacy resolve-then-connect APIs, making it impossible for the system to do any sort of mapping.

thanks @eskimo

@yashipallav - did you solve the hotstar app detecting VPN issue? How did you over come this issue?

@eskimo - I have a similar problem with Hotstar, Spectrum TV apps detecting VPN (not through traffic) by some means. I have bypassed all traffic from these apps to going through tunnel, but still these apps won't work.