MyVPN didn't call subclass of NEPacketTunnelProvider

Hello,


I'm try to develop a VPN app for my self (macOS app).

But when I make a call:

let session: NETunnelProviderSession = tunnelManager?.connection as! NETunnelProviderSession
        do {
            log.debug("[SESSION][STATUS] \(session.status.rawValue)")
            try session.sendProviderMessage(data, responseHandler: completionHandler)
        } catch {
            log.error("Failed to send message to VpnExtension")
        }

The sub-class of NEPacketTunnelProvider didn't call.


I also configured the .entitlements files with:

- Code signing: set auto from xcode anf valid.

- Network Extension with package tunnel enabled.

- Personal VPN: allow

- App group: same group for app and network extension target.

- Keychain access group: enabled and set to same value.


So, anyone can help me or suggestion?


Thank for your reply.

Nguyen

Up vote post of nguyenbui2 Down vote post of nguyenbui2
405 views
Posted by
nguyenbui2
Reply
Add a Comment

Accepted Reply

A few key points here; VPNs created with NEPacketTunnelProvider and NETunnelProviderManager are Enterprise VPNs, not personal VPNs. If you are wanting to create a personal VPN I would investigate using NEVPNManger. Next, if you did intend on creating an Enterprise VPN then did you apply and obtain the com.apple.managed.vpn.shared entitlement (Keychain access Groups)? You will need to do so before activating the VPN. Quinn wrote an excellent post on how to apply for this entitlement on the Network Extension Framework Entitlement post here.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment

Replies

I follow up this: https://developer.apple.com/documentation/networkextension/nepackettunnelprovider

Posted by
nguyenbui2
Up vote reply of nguyenbui2 Down vote reply of nguyenbui2
Add a Comment

A few key points here; VPNs created with NEPacketTunnelProvider and NETunnelProviderManager are Enterprise VPNs, not personal VPNs. If you are wanting to create a personal VPN I would investigate using NEVPNManger. Next, if you did intend on creating an Enterprise VPN then did you apply and obtain the com.apple.managed.vpn.shared entitlement (Keychain access Groups)? You will need to do so before activating the VPN. Quinn wrote an excellent post on how to apply for this entitlement on the Network Extension Framework Entitlement post here.


Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment

Thank you!

After add `com.apple.managed.vpn.shared`, the subclass provider was called.


Regards,

Nguyen

Posted by
nguyenbui2
Up vote reply of nguyenbui2 Down vote reply of nguyenbui2
Add a Comment