Is it possible to flag macOS Command line tools for NEAppProxyProvider VPN?

Is this a command line tool that you control? Or are you talking about a tool from Apple? Or some other third party?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

It is under our control and have our organization's bundle ID. So the usecase is something like this: we do some activity on Terminal application and it launches this command line tools and then this tool connects to our internal server.

Regards,

Sanjay.

You can probably do this by wrapping the tool within a bundle. At that point you can give it a bundle identifier and sign it just like an app, which is what you need to satisfy the App-to-Per-App VPN Mapping payload (

com.apple.vpn.managed.appmapping

I haven’t actually tried this myself, so I recommend you do a quick proof-of-concept test before going too far down this path.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

HI Quinn,

It does not work even after bundling it. I codesigned the tool with the same bundle id of the containing application and launched the tool via terminal but no success. Looks like there is no way to get this work then.

Also, if you are aware of any such alternative please let us know. As we can not flag Terminal to use per-app VPN due to "com.apple" bundle ID restriction, we were trying some alternatives with this approach.

Regards,

Sanjay.

I can’t think of any alternative means off the top of my head.

I am, however, surprised that the bundle approach doesn’t work. If you’d like me to look into this in more detail I recommend that you open a DTS tech support incident.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"