“includeAllNetworks”

When enforceRoutes = YES is set on a split tunnel VPN configuration containing only excluded routes, all traffic matching the included routes is silently dropped — no packets reach the VPN tunnel. Only the excluded routes route correctly via the physical adapter. Setting enforceRoutes = NO with an identical configuration restores full connectivity immediately, confirming the issue is specific to the combination of enforceRoutes = YES and a non-empty excludedRoutes. This has been verified on iPadOS 26. Test Environment Device: iPad pro 4th gen OS Version: iPadOS 26.0 VPN Type: NEPacketTunnelProvider VPN Configuration (NEPacketTunnelNetworkSettings) tunnelRemoteAddress = 103.135.123.108 DNSSettings = { protocol = cleartext server = (10.34.250.51) } IPv4Settings = { configMethod = manual addresses = (10.34.247.235) subnetMasks = (255.255.255.255) includedRoutes = ( { destinationAddress = 0.0.0.0 destinationSubnetMask = 0.0.0.0 } ) excludedRoutes = ( { destinationAddress = 10.168.10.182 destinationSubnetMask = 25

Hello, I'm having some problems starting my DNS proxy network extension. Even after I call NEDNSProxyManager.saveToPreference() successfully I don't see any logs from my dns proxy. This is the code from the user space app: import SwiftUI import NetworkExtension func configureDNSProxy() { let dnsProxyManager = NEDNSProxyManager.shared() dnsProxyManager.loadFromPreferences { error in if let error = error { print(Error loading DNS proxy preferences: (error)) return } dnsProxyManager.localizedDescription = my DNS proxy let proto = NEDNSProxyProviderProtocol() proto.providerBundleIdentifier = com.myteam.dns-proxy-tests.ne dnsProxyManager.providerProtocol = proto // Enable the DNS proxy. dnsProxyManager.isEnabled = true dnsProxyManager.saveToPreferences { error in if let error = error { print(Error saving DNS proxy preferences: (error)) } else { NSLog(DNS Proxy enabled successfully) } } } } @main struct dns_proxy_testsApp: App { var body: some Scene { WindowGroup { ContentView() } } init() { configureDNSProxy() } }

Hi - We have had a packettunnel working well on iOS for a long time and now looking into one for Mac OS. However, we haven't been able to get it to work.Summary of what we see:The app can successfully install the VPN profile:nesessionmanager 11:06:26.027252-0700 NESMVPNSession[Primary Tunnel:XyzCatalyst:E2A089D5-A18B-4543-94F5-827E4DB3357D :(null)]: handling configuration changed: { name = XyzlizeCatalyst identifier = E2A089D5-A18B-4543-94F5-827E4DB3357D applicationName = XyzCatalyst application = com.xyz.mac.vpn grade = 1 VPN = { enabled = YES onDemandEnabled = NO disconnectOnDemandEnabled = NO protocol = { type = plugin identifier = 0A3DA48C-EE69-479C-A2CD-994028B01CC0 serverAddress = 127.0.0.1 identityDataImported = NO disconnectOnSleep = NO disconnectOnIdle = NO disconnectOnIdleTimeout = 0 disconnectOnWake = NO disconnectOnWakeTimeout = 0 disconnectOnUserSwitch = NO disconnectOnLogout = NO includeAllNetworks = NO excludeLocalNetworks = NO pluginType = com.xyz.mac.vpn authenticationMethod = 0 reas

Hi All, I have a NEDNSProxyProvider System Extension and my logs are full of sandbox violations, all like: error 2021-09-21 10:42:30.557390 -0400 sandboxd com.apple.sandbox.reporting violation System Policy: com.myCompany.mac(640) deny(1) system-privilege 10006 Violation: deny(1) system-privilege 10006 Process: com.myCompany.mac [640] Path: /Library/SystemExtensions/4375ED6E-69A9-4897-8B39-4252AD9843AD/com.myCompany.macos.netext.dnsproxy.systemextension/Contents/MacOS/com.myCompany.macos.netext.dnsproxy Load Address: 0x1028a8000 Identifier: com.myCompany.macos.netext.dnsproxy Version: 78 (2.0.0) Code Type: arm64 (Native) Parent Process: launchd [1] Responsible: /Library/SystemExtensions/4375ED6E-69A9-4897-8B39-4252AD9843AD/com.myCompany.macos.netext.dnsproxy.systemextension/Contents/MacOS/com.myCompany.macos.netext.dnsproxy User ID: 0 Date/Time: 2021-09-21 10:42:30.522 EDT OS Version: macOS 11.6 (20G165) Report Version: 8 MetaData: {uid:0,summary:deny(1) system-privilege 10006,errno:1,hardware:J293,operation:

First sorry for the long message, but I wanted to give as much info as possible. I have a VPN app that uses Network Extension and OpenVPN on Ventura (13.1). Before Ventura everything worked fine. I have a problem with sockets created from network extension. The sockets created into the extension are assigned on the tunnel interface (utun3 in my case). Scenario: Start the VPN (includeAllNetworks=true) => OS creates utun3 and enters into startTunnel from NE app On extension the app connects to VPN server. Call setTunnelNetworkSettings with the new configuration and when finished calls the completionBlock from startTunnel and reasseting = false After 2 seconds create a new socket (C API) into NE and connect => socket is bound to tunnel interface. # lsof output wifi ip=192.168.0.163 utun3 IP=10.7.1.4 8u IPv4 0xb394555904672715 0t0 TCP 192.168.0.163:60266->VPN_SERVER_IP (ESTABLISHED) 9u IPv4 0xb394555904673d35 0t0 TCP 10.7.1.4:60284->SOME_WEBSITE_IP:http (ESTABLISHED) From this point on, all t

Hi, I've got into a very strange no internet situation on macos 13.3(others reproduced on others too, e.g. 10.15). After I've disconnected from VPN, connected with includeAllNetworks=true, CFNetwork returned no internet connection (error code: -1009). Some apps, e.g. Chrome, Firefox, ping are running, but other of apps e.g. Safari, AppStore, returns no internet. In logs I can see for cloudd is also not working: default 2023-04-12 06:57:50.383656 +0200 cloudd _CFNetworkIsConnectedToInternet returning 0, flagsValid: 1, flags: 0x0 error 2023-04-12 06:57:50.383688 +0200 cloudd Task <925C1A17-8E2C-44C3-A730-38C9BB556990>.<23> HTTP load failed, 0/0 bytes (error code: -1009 [1:50]) default 2023-04-12 06:57:50.383820 +0200 cloudd Task <925C1A17-8E2C-44C3-A730-38C9BB556990>.<23> summary for task failure {transaction_duration_ms=4, response_status=-1, connection=483, reused=1, request_start_ms=0, request_duration_ms=0, response_start_ms=0, response_duration_ms=0, request_bytes=0, respon

I have an app that contains an NEPacketTunnelProvider network extension. Some users are reporting that after upgrading their devices to iOS 14 they are no longer able to start the VPN. We have manage to reproduce the issue, and it only happens when all the following conditions are true: The app is managed by MDM The App Store version of the app is installed (not an enterprise signed ipa) The device is running iOS 14 If any of the above conditions are not true, the VPN can be started without any issues. Because of the requirement to use the App Store version of the app to reproduce, it's very difficult to debug. What I would like to understand is if something changed in iOS 14 that would make an app with a network extension behave differently when under MDM management. I did try sysdiagnose, and I see this pattern of messages generated by nesessionmanager: default 2020-09-25 14:42:32.086975 -0700 nesessionmanager : Register Enterprise VPN Session: NESMVPNSession[Primary Tunnel::5FC13677-04FA-46AD-B91B-4BB9E630