"Unsupported authen type: (null)."

I've been working on an experiment with an NEAppProxyProvider to read traffic flows with the end goal of an on-device content filter (not an ideal use of AppProxyProvider, I know)


In order to properly test the app proxy provider, I need to figure out a proper profile for the per-app VPN configuration.


The following is the configuration profile I'm using.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  ...
  <key>PayloadContent</key>
  <array>
  <dict>
  <key>IPv4</key>
  <dict>
  <key>OverridePrimary</key>
  <integer>0</integer>
  </dict>
            <key>VPN</key>
            <dict>
                <key>RemoteAddress</key>
                <string>localhost</string>
            </dict>
            <key>VPNSubType</key>
            <string>org.example.PacketTunnelProviderApp</string>
            <key>VPNType</key>
            <string>VPN</string>
            <key>VPNUUID</key>
            <string>76c971d6-516f-4c79-b2b4-44313d249b38</string>
            <key>AuthenticationMethod</key>
            <string>None</string>
  <key>PayloadDescription</key>
  <string>Configures VPN settings</string>
  <key>PayloadDisplayName</key>
  <string>VPN</string>
  <key>PayloadIdentifier</key>
  <string>com.apple.vpn.managed.applayer.236F34CC-E35C-43E8-AA57-57F3823FB67E</string>
  <key>PayloadType</key>
  <string>com.apple.vpn.managed.applayer</string>
  <key>PayloadUUID</key>
  <string>236F34CC-E35C-43E8-AA57-57F3823FB67E</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
  <key>ProviderType</key>
  <string>app-proxy</string>
  <key>Proxies</key>
  <dict>
  <key>HTTPEnable</key>
  <integer>0</integer>
  <key>HTTPSEnable</key>
  <integer>0</integer>
  </dict>
  <key>UserDefinedName</key>
  <string>CloudVeil VPN</string>
  <key>VendorConfig</key>
  <dict/>
  </dict>
  </array>
  <key>PayloadDescription</key>
  <string>This profile configures per-app VPN and VPN mappings for the packet tunnel</string>
  <key>PayloadDisplayName</key>
  <string>CloudVeil VPN Profile</string>
  <key>PayloadIdentifier</key>
  <string>CloudVeil-VPN.1B7F99BE-F5F4-44C1-BE70-7C52100D557E</string>
  <key>PayloadOrganization</key>
  <string>CloudVeil Technology, Inc.</string>
  <key>PayloadRemovalDisallowed</key>
  <true/>
  <key>PayloadType</key>
  <string>Configuration</string>
  <key>PayloadUUID</key>
  <string>4CB93F9C-D51C-45C6-A276-5CC96FDB78B2</string>
  <key>PayloadVersion</key>
  <integer>1</integer>
</dict>
</plist>


And here are a few log entries from the configuration profile install.

default15:22:34.729567 -0700authdSucceeded authorizing right 'system.privilege.admin' by client '/usr/libexec/mdmclient' [8929] for authorization created by '/usr/libexec/mdmclient' [8929] (3,0) (engine 231)
error15:22:34.752179 -0700mdmclientNEConfiguration configurePluginWithPayload: unsupported authen type (null).
error15:22:34.756208 -0700mdmclient[ERROR] <<<<< PlugIn: InstallPayload [NEProfileIngestionPlugin] Error: Error Domain=ConfigProfilePluginDomain Code=-319 "The ‘VPN Service’ payload could not be installed. The VPN service could not be created." UserInfo={NSLocalizedDescription=The ‘VPN Service’ payload could not be installed. The VPN service could not be created.} <<<<<
default15:22:34.757148 -0700mdmclientMessageTracer: load_domain_whitelist_search_tree:73: Search tree file's format version number (0) is not supported
default15:22:34.782463 -0700authdSucceeded authorizing right 'system.privilege.admin' by client '/usr/libexec/mdmclient' [8929] for authorization created by '/usr/libexec/mdmclient' [8929] (3,0) (engine 232)
error15:22:34.806946 -0700mdmclientCPProfileManager.installProfile returning error -319 (<private>)
default15:23:05.667172 -0700mdmclientAttempting idle exit: mdmclient agent


I think the error that's causing the problem is "unsupported authen type (null).", but there are no indications of that error anywhere. Has anyone ever run into this problem? What am I missing from my configuration profile?


Any suggestions are greatly appreciated.

Up vote post of kfreezen Down vote post of kfreezen
960 views
Posted by
kfreezen
Reply
Add a Comment

Replies

Your profile seems to have nesting issues. For example, the 

AuthenticationMethod
property is meant to be nested inside the 
VPN
dictionary.

There are two ways you can avoid problems like this:

  • Create a dummy profile using Apple Configurator — It’s not able to create per-app VPN configurations, but you can create a normal VPN configuration to act as a template and then edit things from there.

  • Carefully study Configuration Profile Reference — Admittedly, it’s a pretty opaque document, and it’s had nested-related mistakes in the past )-:

Anyway, to get you up’n’limping I’ve pasted in below the relevant sections of the profile I use for testing this stuff.

ps In future it would help if you indented your profile correctly. It’s hard to understand the profile you posted because, for example, it looks like lines 14 through 26 are elements of a dictionary that starts an line 13. Looking at it again that’s clearly not the case, but it threw me for a loop the first time around.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware 

let myEmail = "eskimo" + "1" + "@apple.com"
<key>PayloadContent</key>
<array>
    <dict>
        <key>PayloadUUID</key>
        <string>E6671FFB-66C2-49F7-AB1B-CD5A0AB4EE26</string>
        <key>PayloadType</key>
        <string>com.apple.vpn.managed.applayer</string>
        <key>PayloadIdentifier</key>
        <string>com.apple.vpn.managed.applayer.388257C2-7902-42B5-BDAE-6E69A441C3A2</string>
        <key>VPNType</key>
        <string>VPN</string>
        <key>VPNSubType</key>
        <string>com.example.apple-samplecode.QNEAppProxy-iOS</string>
        <key>UserDefinedName</key>
        <string>QNEAppProxy</string>
        <key>PayloadDescription</key>
        <string>Configures VPN settings</string>
        <key>PayloadDisplayName</key>
        <string>VPN</string>
        <key>PayloadVersion</key>
        <integer>1</integer>
        <key>VPNUUID</key>
        <string>825886EA-BB00-4805-ADD6-1674C531669E</string>
        <key>VPN</key>
        <dict>
            <key>RemoteAddress</key>
            <string>example.com</string>
            <key>AuthenticationMethod</key>
            <string>Password</string>
            <key>AuthName</key>
            <string>mrgumby</string>
            <key>AuthPassword</key>
            <string>opendoor</string>
        </dict>
        <key>Proxies</key>
        <dict>
            <key>HTTPEnable</key>
            <integer>0</integer>
            <key>HTTPSEnable</key>
            <integer>0</integer>
        </dict>
        <key>VendorConfig</key>
        <dict>
            <key>dummy</key>
            <integer>1</integer>
        </dict>
        <key>SafariDomains</key>
        <array>
            <string>httpbin.org</string>
        </array>
    </dict>
</array>
Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment