3 Replies
      Latest reply on Feb 16, 2020 8:53 AM by eskimo
      emreeeee Level 1 Level 1 (0 points)

        Hi,

         

        we offer web content filtering functionality in our app using the NEFilterDataProvider and NEFilterControlProvider APIs.

        The functionality is well tested and has worked as expected so far.

         

        Currently, we are encoutering a problem that I could not find a solution for online or in the Apple documentations:

         

        • As soon as the content filtering is activated, it is not possible to connect to an L2TP VPN on the same device.
        • As soon as the content filtering is deactivated, it is possible to connect to the same L2TP VPN on the same device.
        • The VPN connection is configured directly in the iOS system settings (General -> VPN -> Add VPN Configuration) and not via a 3rd party app.
        • We only filter browser flows and not socket flows.

         

        Is there any reason why the content filtering might hinder the VPN connection being established successfully?

         

        Thanks in advance & Kind regards

        • Re: Content Filter Providers & L2TP VPN
          eskimo Apple Staff Apple Staff (13,035 points)

          Is there any reason why the content filtering might hinder the VPN connection being established successfully?

          Not that I can think of.  If you (temporarily) replace your content filtering code with no-op code (just return .allow() to all new flow requests in your data provider), do you still see the problem?

          Share and Enjoy

          Quinn “The Eskimo!”
          Apple Developer Relations, Developer Technical Support, Core OS/Hardware
          let myEmail = "eskimo" + "1" + "@apple.com"

            • Re: Content Filter Providers & L2TP VPN
              emreeeee Level 1 Level 1 (0 points)

              > If you (temporarily) replace your content filtering code with no-op code (just return .allow() to all new flow requests in your data

              > provider), do you still see the problem?

               

              Yes, I still see the problem, even after returning an allow verdict in every method of my data provider.

               

              The only way I can connect again to the VPN is by removing the configuration profile that contains the "Web Content Filter".

               

              After removing the configuration profile, I can see that the "-stopFilterWithReason:completionHandler:" method of my data provider is called. From this point on, the VPN connection can be established successfully.

                • Re: Content Filter Providers & L2TP VPN
                  eskimo Apple Staff Apple Staff (13,035 points)

                  Yes, I still see the problem, even after returning an allow verdict in every method of my data provider.

                  OK, I’m going to label that as a bug.  Please file it as such, and post your bug number, just for the record.  Make sure to

                  • Include a sysdiagnose log taken shortly after you notice the problem

                  • Before doing this, install the Network Diagnostics for iOS profile from our Bug Reporting > Profiles and Logs page

                  • Also the VPN (Network Extension) for iOS profile

                  It would also help if you included a project containing that cut down version of your filter, one that resolves every flow with .allow().

                  Share and Enjoy

                  Quinn “The Eskimo!”
                  Apple Developer Relations, Developer Technical Support, Core OS/Hardware
                  let myEmail = "eskimo" + "1" + "@apple.com"