Hi, In my attempt to reconnect NEPacketTunnelProvider, when there is a network change, I am making use of self.reasserting and setTunnelNetworkSettings, and I am calling it with similar parameters as during the startTunnelWithOptions callback and making sure to make a new call for setting the includedRoutes: NEPacketTunnelNetworkSettings.IPv4Settings.includedRoutes = @[NEIPv4Route.defaultRoute]; This works sometimes, when I switch to a new network, but most of the time the traffic flow stops and it only works when I switch back to the first network. The only difference I could see in the routing table when it works is when there is a presence of Apple Specific network routes as follows: 17.57.145.133 link#22 UHWIig utun4 17.57.145.135 link#22 UHWIig utun4 17.57.145.137 link#22 UHWIig utun4 or 13.107.246.47 link#22 UHW3Ig utun4 17.57.145.148 link#22 UHWIig utun4 17.57.145.149 link#22 UHWIig utun4 37.252.171.52 link#22 UHWIig utun4 37.252.173.215 link#22 UHWIig utun4 Note: utun4 has index of 22 or some other combination of routes for Apple, I am not sure what these routes are for but they are present when NEPacketTunnelProvider starts. When switching to a new network and calling setTunnelNetworkSettings of NEPacketTunnelProvider, in any case when these routes are not present the traffic flow stops and it works otherwise. Switching back the first network, brings back these routes and the traffic flow continues, although it also goes through the same setTunnelNetworkSettings call and logic. I am not sure if these route table entries could be the culprit, because I did try to add them manually and that didn't help but my guess is that some system calls are failing for some unknown reason which might be the reason for the missing routes and some other configuration needed for proper traffic flow, which I am not seeing. Any help or information would be greatly appreciated. Thanks.

XCode: 12.4 MacOS: 10.15.7 Signing Certificate: Sign to Run Locally Provisioning Profile: Xcode Managed Profile Capabilities: Network Extension, Personal VPN Issue: startTunnelWithOptions does get called, and then I call setTunnelNetworkSettings inside it. But it never gets executed. My assumption is that it might be some security policy or something. I am not familiar with App development for Mac systems and apparently it is quite confusing with very scarce documentation. Most of the errors throw in Console, I can't find documentation on them. At least not with simple googling, but ChatGPT has been helpful in explaining some of the errors. I have no intention of distributing the application through App Store. - (void)startTunnelWithOptions:(NSDictionary *)options completionHandler:(void (^)(NSError *))completionHandler { NEPacketTunnelNetworkSettings* settings = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@"20.21.13.24"]; NEIPv4Settings* settingsIPV4 = [[NEIPv4Settings alloc] initWithAddresses:@[@"20.21.13.24"] subnetMasks:@[@"255.255.255.255"]]; NEDNSSettings* settingsDNS = [[NEDNSSettings alloc] initWithServers: @[@"8.8.8.8", @"8.8.4.4"]]; settings.IPv4Settings = settingsIPV4; settings.IPv4Settings.includedRoutes = @[NEIPv4Route.defaultRoute]; settings.DNSSettings = settingsDNS; settings.MTU = [NSNumber numberWithInteger:@1500]; [self setTunnelNetworkSettings:settings completionHandler:^(NSError* _Nullable error) { NSLog(@"Completion Handler Called"); completionHandler(nil); }]; } Console Errors: Here are few of the errors from the console, there are many more and there are different processes throwing them so its hard for me to pin point which ones are related to my extension but these are the ones that look helpful in this case. CS_PLATFORM_BINARY set but not AppleSigned; prompt policy is Deny. Failed to add policy: order = 10810 result = { result-type = ip-tunnel secondary-result = pass } conditions = ( { condition-type = effective-application application-uuid = AADC77FD-D5E1-3A11-B327-8137FD04C0B5 }, { condition-type = real-application application-uuid = AADC77FD-D5E1-3A11-B327-8137FD04C0B5 }, { condition-type = all-interfaces }, { condition-type = effective-pid pid = 1337 }, ) Sandbox: nesessionmanager(851) System Policy: deny(1) system-privilege 10006