I'm attempting to learn more about the NEAppProxyProvider since I am trying to develop a macOS per app vpn. What have been achieved is that the app proxy could be started and with SafariDomains setting the stream from Safari could be captured by handleNewFlow in AppProxyProvider. Now I'm trying to capture some other stream from specified apps with com.apple.vpn.managed.appmapping set in the profile. But after install the profile there is only one settings shown in Profiles. I've googled around trying to find an example or template of the profile but get nothing helpful. Please help me with checking the following profile to see if there are any problems in it.
Here's the profile which include two dicts in the array. The first dict is for app proxy and it works. The second dict is for per-app vpn but it seems can not be installed correctly and does not work. How should it be modified to let the specified application's network stream be captured in appproxyprovider's handleNewFlow?
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>HasRemovalPasscode</key>
<false/>
<key>PayloadContent</key>
<array>
<dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>0</integer>
</dict>
<key>PayloadDescription</key>
<string>Configures VPN settings</string>
<key>PayloadDisplayName</key>
<string>VPN</string>
<key>PayloadIdentifier</key>
<string>com.apple.vpn.managed.C2615680-7DDA-49C7-B65B-83D1E35E0BDE</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed.applayer</string>
<key>PayloadUUID</key>
<string>C2615680-7DDA-49C7-B65B-83D1E35E0BDE</string>
<key>PayloadVersion</key>
<integer>1</integer>
<key>Proxies</key>
<dict>
<key>HTTPEnable</key>
<integer>0</integer>
<key>HTTPSEnable</key>
<integer>0</integer>
</dict>
<key>UserDefinedName</key>
<string>blob App Proxy</string>
<key>VPN</key>
<dict>
<key>AuthName</key>
<string>blob</string>
<key>AuthPassword</key>
<string>hello</string>
<key>AuthenticationMethod</key>
<string>Password</string>
<key>DisconnectOnIdle</key>
<integer>0</integer>
<key>OnDemandEnabled</key>
<integer>0</integer>
<key>OnDemandRules</key>
<array>
<dict>
<key>Action</key>
<string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>Any</string>
</dict>
</array>
<key>ProviderBundleIdentifier</key>
<string>com.blob.macappproxy.fzmacappproxy</string>
<key>ProviderType</key>
<string>app-proxy</string>
<key>RemoteAddress</key>
<string>1.1.1.1</string>
</dict>
<key>VPNSubType</key>
<string>com.blob.macappproxy</string>
<key>VPNType</key>
<string>VPN</string>
<key>VPNUUID</key>
<string>825886EA-BB00-4805-ADD6-1674C531669E</string>
<key>SafariDomains</key>
<array>
<string>.com</string>
</array>
<key>OnDemandMatchAppEnabled</key>
<integer>1</integer>
</dict>
<dict>
<key>AppLayerVPNMapping</key>
<array>
<dict>
<key>Identifier</key>
<string>com.google.Chrome</string>
<key>VPNUUID</key>
<string>825886EA-BB00-4805-ADD6-1674C531669E</string>
<key>DesignatedRequirement</key>
<string>(identifier "com.google.Chrome" or identifier "com.google.Chrome.beta" or identifier "com.google.Chrome.dev" or identifier "com.google.Chrome.canary") and certificate leaf = H"c9a99324ca3fcb23dbcc36bd5fd4f9753305130a"</string>
<key>SigningIdentifier</key>
<string>com.google.Chrome</string>
</dict>
</array>
<key>PayloadDescription</key>
<string>Per-App VPN Payload</string>
<key>PayloadDisplayName</key>
<string>Per-App VPN Payload</string>
<key>PayloadIdentifier</key>
<string>com.apple.vpn.managed.appmapping.C2615680-7DDA-49C7-B65B-83D1E35E0BDF</string>
<key>PayloadOrganization</key>
<string>blob</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed.appmapping</string>
<key>PayloadUUID</key>
<string>C2615680-7DDA-49C7-B65B-83D1E35E0BDF</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</array>
<key>PayloadDisplayName</key>
<string>blob App Proxy</string>
<key>PayloadIdentifier</key>
<string>Blobs-MacBook-Pro.8A5F1C68-069F-4B77-A0DB-3BE10E34C798</string>
<key>PayloadOrganization</key>
<string>blob</string>
<key>PayloadRemovalDisallowed</key>
<true/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<string>F881CE72-22F4-409F-90DE-0AC1AA9ED518</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>