includeAllNetworks

Hi - We have had a packettunnel working well on iOS for a long time and now looking into one for Mac OS. However, we haven't been able to get it to work.Summary of what we see:The app can successfully install the VPN profile:nesessionmanager 11:06:26.027252-0700 NESMVPNSession[Primary Tunnel:XyzCatalyst:E2A089D5-A18B-4543-94F5-827E4DB3357D :(null)]: handling configuration changed: { name = XyzlizeCatalyst identifier = E2A089D5-A18B-4543-94F5-827E4DB3357D applicationName = XyzCatalyst application = com.xyz.mac.vpn grade = 1 VPN = { enabled = YES onDemandEnabled = NO disconnectOnDemandEnabled = NO protocol = { type = plugin identifier = 0A3DA48C-EE69-479C-A2CD-994028B01CC0 serverAddress = 127.0.0.1 identityDataImported = NO disconnectOnSleep = NO disconnectOnIdle = NO disconnectOnIdleTimeout = 0 disconnectOnWake = NO disconnectOnWakeTimeout = 0 disconnectOnUserSwitch = NO disconnectOnLogout = NO includeAllNetworks = NO excludeLocalNetworks = NO pluginType = com.xyz.mac.vpn authenticationMethod = 0 reas

Hi,I want a transparent proxy that captures all outgoing tcps so I used NETransparentProxyManager to start an AppProxyProvider with the following rule:networkSettings.includedNetworkRules = NENetworkRule( remoteNetwork: nil, remotePrefix: NSNotFound, localNetwork: nil, localPrefix: NSNotFound, protocol: .TCP, direction: NETrafficDirection.outbound )Everything works as expected except that, after the AppProxyProvider has been started:Any try of starting a tcp listener listening on 0.0.0.0 fails with error Protocol wrong type for socket. This can be easily reproduced by runningpython3 -m http.server, which fails with the error:OSError: [Errno 41] Protocol wrong type for socketTcp listeners that were already boud to 0.0.0.0 won't see incoming connections from local network.Is it a bug or were I doing something wrong?Also, I notice that the transparent proxy cannot capture tcp connections to localhost. I suppose it is by design but is there any way to achieve that? (setting includeAllNetworks to true and

Hi,I want a transparent proxy that captures all outgoing tcps so I used NETransparentProxyManager to start an AppProxyProvider with the following rule:networkSettings.includedNetworkRules = NENetworkRule( remoteNetwork: nil, remotePrefix: NSNotFound, localNetwork: nil, localPrefix: NSNotFound, protocol: .TCP, direction: NETrafficDirection.outbound )Everything works as expected except that, after the AppProxyProvider has been started:Any try of starting a tcp listener listening on 0.0.0.0 fails with error Protocol wrong type for socket. This can be easily reproduced by runningpython3 -m http.server, which fails with the error:OSError: [Errno 41] Protocol wrong type for socketTcp listeners that were already boud to 0.0.0.0 won't see incoming connections from local network.Is it a bug or were I doing something wrong?Also, I notice that the transparent proxy cannot capture tcp connections to localhost. I suppose it is by design but is there any way to achieve that? (setting includeAllNetworks to true and

I've implemented a VPN apps (for iOS and for macOS) with Packet Tunnel Provider.The includedRoutes contains all the IPv4 default routes:newSettings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]My question is regarding local networks:If I'm not using split tunnel (not including/excluding any other route), what happens to traffic to the local network? By local network I mean the network the device is connected to without the client.I expected that all traffic should go to the tunnel, but I see that I'm able to access resources on my local network even when the tunnel is up.In addition to that, I checked the new flag - includeAllNetworksr which is relevant only to macOS:If this flag is set, I can't access the local network when the VPN is up.So the question is how to configure if the user is able or unable to access resources on his local tunnel.Maybe using the above flag is the answer? And if it is the answer, then what about iOS?Edit: When includeAllNetworks is set, sometimes I don't have tra

We moved our macOS NKE-based VPN over to Network Extensions a while back. Although Network Extensions offered us less control over the system traffic it also let us have a single code base for the core functionality on iOS & macOS, as well as offering the possibilty of MDM.The talk on Network Extensions for Modern macOS offered us some of the control back. The includeAllNetworks and excludeLocalNetworks flags are great to see. But, the title of the talk said 'for Modern macOS', so:- Are they only on macOS, or are the Network Extension parts of that talk also applicable to iOS?- Will those Network Extension flags function if the user is running macOS Mojave?- iOS 12?Or are they only going to work on Cataline/iOS13 and later?Users do tend to upgrade their macOS & iOS versions, but corporate customers upgrade slowly, and they're our market.One abillity of NKEs that we lost with Network Extensions was the ability to do an 'Always On' VPN which made sure that all traffic from the system was tunnel