“includeAllNetworks”

I am connecting to VPN connection with NEPacketTunnelProvider configuration as IncludeAllNetworks=YES; ExcludeLocalNetwork=NO; which is tunneling all the traffic generated on my device which is expected. But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked unless I restart the device. This behavior is not seen with iOS 16 and things work smooth. Kindly update as soon as possible

I've implemented a custom system extension VPN for macOS using a Packet Tunnel Provider. At the Protocol Configuration, the 'includeAllNetworks' flag is unset. At the provider, I included all routes (IPv4 default route). What is the expected behavior for LAN traffic? Should the LAN traffic go via the VPN? By 'LAN traffic', I'm referring to local hosts, ssh, printer access, etc.

Hey! We discovered an unexpected side-effect of enabling enforceRoutes in our iOS VPN application - video airplay from iOS to tvOS stopped working (Unable to Connect popup appears instead). Our flags combination is: includeAllNetworks = false enforceRoutes = true excludeLocalNetworks = true Interestingly, music content can be AirPlayed with the same conditions. Also, video AirPlay from iOS device to the macOS works flawlessly. Do you know if this is a known issue? Do you have any advice if we can fix this problem on our side, while keeping enforcRoutes flag enabled?

Now that the flag includeAllNetworks is working as expected (see https://developer.apple.com/forums/thread/722156), I tried to set it and also the ExcludeLocalNetworks flag. As described in the documentation, I'm able to use AirPlay and AirDrop while being connected, but what I was hoping for was to exclude from the tunnel all the LAN traffic, including pings to local hosts, ssh, printer access, etc. Isn't it what ExcludeLocalNetworks should accomplish? If not, how can I exclude LAN traffic from a full tunnel (i.e. not a split tunnel)? [Custom VPN, macOS, Packet Tunnel Provider, system extension]

Hi, I'm new to iOS development and would like to gain some understanding about how NEPacketTunnelProvider handles for UDP traffic. In my code, I've created NEPacketTunnelNetworkSettings let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: proxyHost) let ipv4Settings = NEIPv4Settings( addresses: [127.0.0.1], subnetMasks: [255.255.255.255] ) settings.ipv4Settings = ipv4Settings let proxySettings = NEProxySettings() ... settings.proxySettings = proxySettings and passed it to the setTunnelNetworkSettings function. And I was able to start the VPN with no issues. However, in the debug tool, I couldn't see any UDP traffic which I'm sure there should be some. The only UDP connection had no traffic constantly. Does the NEProxySettings only work for TCP? What am I missing here? (I've set protocolConfiguration?.includeAllNetworks = true in my NETunnelProviderManager) Thanks

We are using an NEPacketTunnel provider for our custom VPN solution, and doing so we are setting NEPacketTunnelNetworkSettings with setting IPv4 and IPv6 default routes. We are then setting DNS networkSettings.dnsSettings?.matchDomains = [] However, apps like FaceTime still go around the VPN. Once you set setTunnelNetworkSettings is there no way to ask the system to return what the current saved configuration? Testing, Ive also tried turning off IPv6 on my home network and cell data to force all traffic to my IPv4 default routes. Ive seen FaceTime work on one session, relaunch the app and never again. Note: IncludeAllNetworks does work, but comes with a lot of downsides too. Our goal is to securely and redundantly help with video calls , streaming apps etc.

We're seeing nessionmanager problems caused by having a configuration present on the system which. Has includeAllNetworks set in the protocol Was previously connected & then disconnected After VPN disconnection we sometimes see that DNS and other things are not working. The VPN extension is no longer running, so I'd expect that settings would have been cleaned up, but they aren't in some cases. The system won't recover on its own, and when we delete the VPN configuration we see a set of messages from VPN session manager. There are two I've seen, on different systems. One shows the utun interface being cleaned up, and various network settings being removed. The other refers to deregistering an Enterprise VPN Session, [NESMVPNSession unsetDefaultDropAll], and IP Drop-All disabled. In both of these cases the cleanup is being done hours after the session was disconnected and the extension unloaded from memory. Does anyone know what exactly is happening there, and why the OS isn't cleaning up on disco

Hi,I want a transparent proxy that captures all outgoing tcps so I used NETransparentProxyManager to start an AppProxyProvider with the following rule:networkSettings.includedNetworkRules = NENetworkRule( remoteNetwork: nil, remotePrefix: NSNotFound, localNetwork: nil, localPrefix: NSNotFound, protocol: .TCP, direction: NETrafficDirection.outbound )Everything works as expected except that, after the AppProxyProvider has been started:Any try of starting a tcp listener listening on 0.0.0.0 fails with error Protocol wrong type for socket. This can be easily reproduced by runningpython3 -m http.server, which fails with the error:OSError: [Errno 41] Protocol wrong type for socketTcp listeners that were already boud to 0.0.0.0 won't see incoming connections from local network.Is it a bug or were I doing something wrong?Also, I notice that the transparent proxy cannot capture tcp connections to localhost. I suppose it is by design but is there any way to achieve that? (setting includeAllNetworks to true and

Hi,I want a transparent proxy that captures all outgoing tcps so I used NETransparentProxyManager to start an AppProxyProvider with the following rule:networkSettings.includedNetworkRules = NENetworkRule( remoteNetwork: nil, remotePrefix: NSNotFound, localNetwork: nil, localPrefix: NSNotFound, protocol: .TCP, direction: NETrafficDirection.outbound )Everything works as expected except that, after the AppProxyProvider has been started:Any try of starting a tcp listener listening on 0.0.0.0 fails with error Protocol wrong type for socket. This can be easily reproduced by runningpython3 -m http.server, which fails with the error:OSError: [Errno 41] Protocol wrong type for socketTcp listeners that were already boud to 0.0.0.0 won't see incoming connections from local network.Is it a bug or were I doing something wrong?Also, I notice that the transparent proxy cannot capture tcp connections to localhost. I suppose it is by design but is there any way to achieve that? (setting includeAllNetworks to true and

I've implemented a VPN apps (for iOS and for macOS) with Packet Tunnel Provider.The includedRoutes contains all the IPv4 default routes:newSettings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()]My question is regarding local networks:If I'm not using split tunnel (not including/excluding any other route), what happens to traffic to the local network? By local network I mean the network the device is connected to without the client.I expected that all traffic should go to the tunnel, but I see that I'm able to access resources on my local network even when the tunnel is up.In addition to that, I checked the new flag - includeAllNetworksr which is relevant only to macOS:If this flag is set, I can't access the local network when the VPN is up.So the question is how to configure if the user is able or unable to access resources on his local tunnel.Maybe using the above flag is the answer? And if it is the answer, then what about iOS?Edit: When includeAllNetworks is set, sometimes I don't have tra

We are developing a network extension that utilises the NEPacketTunnelProvider. We have noticed when the extension is running, and the phone screen is off, after about 10 seconds the device goes to system sleep (as evidenced by messages like “suspended timer for imminent system sleep” in the console logs) and the network extension simply won’t run any code during this time, therefore stopping traffic flow. When the device wakes up from sleep, such as when the screen comes on the network extension resumes executing code and runs normally. The use case is relaying traffic from a device on the same Wi-Fi network to our server via the iPhone's cell socket. As such, we need it to work reliably when the screen is off and not freeze the network extension. Is there any way to prevent the device from sleeping and freezing our extension when the screen is off? Also, if sleep causes the extension to pause code execution, then how would system services like APNS or includeAllNetworks (which forces all traffic th

We moved our macOS NKE-based VPN over to Network Extensions a while back. Although Network Extensions offered us less control over the system traffic it also let us have a single code base for the core functionality on iOS & macOS, as well as offering the possibilty of MDM.The talk on Network Extensions for Modern macOS offered us some of the control back. The includeAllNetworks and excludeLocalNetworks flags are great to see. But, the title of the talk said 'for Modern macOS', so:- Are they only on macOS, or are the Network Extension parts of that talk also applicable to iOS?- Will those Network Extension flags function if the user is running macOS Mojave?- iOS 12?Or are they only going to work on Cataline/iOS13 and later?Users do tend to upgrade their macOS & iOS versions, but corporate customers upgrade slowly, and they're our market.One abillity of NKEs that we lost with Network Extensions was the ability to do an 'Always On' VPN which made sure that all traffic from the system was tunnel

am using to NETunnelProvider in a openvpn client that is bridged in react-native but no luck there .. the connection to server keep disconnect every time. the Network Extension is configurated. <?xml version=1.0 encoding=UTF-8?> <!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> <plist version=1.0> <dict> <key>NSExtension</key> <dict> <key>NSExtensionPointIdentifier</key> <string>com.apple.networkextension.packet-tunnel</string> <key>NSExtensionPrincipalClass</key> <string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string> </dict> </dict> </plist> typescript side is getting events from vpnStateObserver connecting ... Object { message: The VPN is in the process of connecting, state: 1, } Object { message: The VPN is in the process of disconnecting, state: 3, } Object { message: The VPN is disconnected, state: 0, } tunel: type = plugin identifier = xxxxxxx

Hi, everyone! Our application has the ability to run the Network Extension when there is no internet connection. While testing our application, we found incorrect behavior in the Network Extension disconnect process when there is no internet connection, sometimes the Network Extension hangs in a .disconnecting state when it finishes. In most cases, the work in this case finishes correctly. So for example. We monitor changes in the Network Extension connection status using NEVPNStatusDidChange notifications. We turn off the Internet and try to connect to the VPN tunnel using next NETunnelProviderManager configuration: { localizedDescription = enabled = YES protocolConfiguration = { serverAddress = <13-char-str> disconnectOnSleep = NO includeAllNetworks = NO excludeLocalNetworks = YES enforceRoutes = NO providerBundleIdentifier = } onDemandEnabled = NO } Next, we get the configuration and try to start the Network Extension via NEVPNConnection.startVPNTunnel(options:). When call finished, we get

Title: Loss of Internet Connectivity on iOS Device When Packet Tunnel Crashes Feedback ticket: https://feedbackassistant.apple.com/feedback/14162605 Product: iPhone 12 Version: iOS - 17.5.1 Configuration: NETunnelProviderManager Configuration Description: We are developing an iOS VPN client and have configured our packet tunnel provider according to Apple's guidelines. The configuration is as follows: includeAllNetworks = YES excludeLocalNetworks = NO enforceRoutes = NO This setup works as expected when the VPN successfully connects. However, we encounter a blocker issue where the device loses internet connectivity if the packet tunnel crashes. Steps to Reproduce: Configure the NETunnelProviderManager with the above settings. Connect the VPN, which successfully establishes a connection. Verify that resources are accessible and internet connectivity is functional. Packet tunnel to crash unexpectedly.Observe that the NE process (Packet Tunnel) restarts automatically, as expected and attempts to reconne