I have implemented OpenVPN in my macOS client using NEPacketTunnelProvider. In debug mode everything works as expected. But when i try to export the production app it says 'Profile doesn't support Network Extensions'. But my provisioning profile contains all the necessary entitlements.
Kindly help me to resolve this.
Show that app's .entitlements plist file
<key>com.apple.developer.networking.networkextension</key> <array> <string>app-proxy-provider</string> <string>packet-tunnel-provider</string> </array>
Your
.entitlementsShare and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"[1] It’s a bit weird that you’ve included
app-proxy-providerI can go upto 'select certificate and developer ID profiles'. While selecting my app's provisioning profile it says 'Profile doesn't support Network Extensions.'
While selecting my app's provisioning profile it says 'Profile doesn't support Network Extensions.'
Sounds like you need to enable the NetworkExtension entitlement on your distribution profile. Normally the profile picks this up from your App ID, and it’s curious that’s not happened here.
Anyway, here’s what I recommend.
Go to your account page on the developer web site.
Click Certificates, IDs & Profiles.
Click Identifiers > App IDs.
Click on your app’s App ID.
Click Edit.
Enable the Network Extensions checkbox.
Now got through and rebuild your distribution profile so that it picks up the entitlement change from your App ID.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"My App ID has Network Extensions enabled already. I have tried with different App ID too, still the problem occurs. But running from Xcode works fine.
The next step here would be to get a copy of the profile it’s trying to use, decode it, and then look to see if it correctly lists the NE entitlements you need. For example:
$ security cms -D -i 8023fbe6-4879-4ef3-95c6-e129ae60ffe4.mobileprovision
…
<dict>
…
<key>Entitlements</key>
<dict>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>app-proxy-provider</string>
<string>content-filter-provider</string>
<string>packet-tunnel-provider</string>
<string>dns-proxy</string>
</array>
<key>application-identifier</key>
<string>SKMME9E2Y8.com.example.apple-samplecode.QNEPacketTunnel-iOS</string>
<key>keychain-access-groups</key>
<array>
<string>SKMME9E2Y8.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>SKMME9E2Y8</string>
</dict>
…
</dict>
</plist>Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"NE entitlements is missing in my provisioning profile.
<key>Entitlements</key>
<dict>
<key>com.apple.developer.aps-environment</key>
<string>production</string>
<key>com.apple.application-identifier</key>
<string>TeamID.com.company.app-mac</string>
<key>keychain-access-groups</key>
<array>
<string>TeamID.*</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>TeamID</string>
</dict>
But in Developer portal it showing like below and my AppID has NE enabled.
Enabled Services:In-App Purchase, Network Extensions, Push Notifications
Sounds like you need to regenerate your profile.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"I have regenerated the profile. No luck, Still NE entitlements is missing in my provisioning profile.
I was facing similar issue while building a packet tunnel provider and I changed the entitlements to packet-tunnel-provider-systemextension (in both the app and appex entitlements file) and it seems to be working.
But the NE will not work anymore.