Create a principal class for Network Extension Provider app extensions that implement the client-side of a custom network tunneling protocol.


Each NETunnelProvider instance corresponds to a single tunneling session, with a single associated configuration.

Subclassing Notes

The NETunnelProvider class should not be subclassed directly. Instead, you should create subclasses of NETunnelProvider subclasses.

Methods to Override


Work with the Tunnel Configuration

var appRules: [NEAppRule]?

The app rules dictating which apps will use the current tunneling session.

var protocolConfiguration: NEVPNProtocol

The configuration of the current tunneling session.

var routingMethod: NETunnelProviderRoutingMethod

The method by which network traffic is routed to the tunnel.

Set the Tunnel Network Settings

Communicate with the Containing App

func handleAppMessage(Data, completionHandler: ((Data?) -> Void)? = nil)

Handle messages sent by the tunnel provider extension’s containing app

Set the Tunnel Status

var reasserting: Bool

Indicate to the system that the tunnel is being re-established.



Tunnel Provider error codes


Network traffic routing methods


Inherits From

Conforms To