Search results for

includeAllNetworks

150 results found

Post

Replies

Boosts

Views

Activity

Reply to Configure IKEv2 VPN with always-on
Thanks for both of you for the answers! And regarding to 'includeAllNetworks' - it sounds similar to always-on, but I want to force the user to always use the VPN, or he won't have traffic, but without letting him the option to disable this behaviour (so he won't be able to uncheck the on-demand for example). Is it possible? This way it will behave just like always-on when the user is not allowed to stop automatic connections.
Topic: App & System Services SubTopic: Networking Tags:
Jun ’20
Reply to Configure IKEv2 VPN with always-on
For AlwaysON VPN, to lock down the VPN, the iOS device is supervised and the AlwaysON VPN profile will be marked as non-removable by user. There is no UI option for user to turn off the VPN to allow traffic to pass. With VPN IncludeAllNetworks, you can put the device in supervised mode and also marked the profile as non-removable. But the VPN UI will allow the user to turn the VPN on/off, allowing users to bypass VPN. Sounds like you need an option to disallow user to be able to turn off VPN via UI. Please file a radar for the request.
Topic: App & System Services SubTopic: Networking Tags:
Jun ’20
includeAllNetworks - can't connect the VPN
I've implemented a custom VPN app for macOS (Packet Tunnel Provider). I've added to the protocol configuration the flag 'includeAllNetworks'. For some reason, there are multiple times where the initial connection to the VPN fails. I'm using sockets, getaddrinfo func, and lib curl. But when this flag is set, it seems that there's no internet access, even before the first connection of the VPN. The weird thing is - that sometimes the VPN connects without a problem. Without this flag the VPN always connects without a problem. Are there any limitations I should know regarding to using this flag?
Topic: App & System Services SubTopic: Networking Tags:
1
0
511
Jun ’20
Reply to When mobile data is switched on WhatsApp bypass VPN
For programmingly set VPN set this property which is available after iOS 14 var includeAllNetworks: Bool { get set } https://developer.apple.com/documentation/networkextension/nevpnprotocol/3131931-includeallnetworks of NEVPNProtocol to be true could fix this issue. We could see on this page https://developer.apple.com/documentation/devicemanagement/vpn/vpn that includeAllNetworks is available for iOS 4.0+ and macOS 10.7+. But in this document https://developer.apple.com/business/documentation/Configuration-Profile-Reference.pdf includeAllNetworks doesn't exist yet.
Topic: App & System Services SubTopic: Networking Tags:
Jun ’20
Reply to When mobile data is switched on WhatsApp bypass VPN
IncludeAllNetworks support is in iOS14 (in the current beta). Here is the behavior summary once VPN is enabled with IncludeAllNetworks set to true: all traffic will be dropped if tunnel is not up once tunnel is up, all traffic will be policed by traffic policies to go over tunnel if VPN is enabled manually (via UI), tunnel will be re-established, in case it came down, automatically This IncludeAllNetworks will solve the WhatsApp issue that you mentioned.
Topic: App & System Services SubTopic: Networking Tags:
Jun ’20
includeAllNetworks - Can't establish tunnel when includeAllNetworks is set
I've implemented a custom VPN app for macOS (using Packet Tunnel Provider). I set includeAllNetworks at the protocolConfiguration. When this field is set, I can't connect and I can't send traffic even at the extension. Even simple calls at the extension, like getaddrinfo or curl fails. If I'm unsetting this variable (includeAllNetworks = false) then I can connect without a problem. In addition I can see those lines at the Xcode Console: Connection 2: encountered error(1:53) Connection 3: encountered error(1:53) Connection 1: encountered error(1:53) And those lines at the Console: No mDNS_Keepalive for interface en8/IOSkywalkLegacyEthernetInterface kr 0xE00002C0 NetWakeInterface: en8 <private> no WOMP uDNS_CheckCurrentQuestion: host unreachable error for DNS server <private> for question failed to send packet on InterfaceID 0x5 en8/4 to <private>:53 skt 74 error -1 errno 65 (No route to host)
Topic: App & System Services SubTopic: Networking Tags:
16
0
3.4k
Jul ’20
Reply to includeAllNetworks - Can't establish tunnel when includeAllNetworks is set
If you are using a local DNS server that cannot be accessed due to all traffic going through the tunnel then this would explain why calls to getaddrinfo are failing. The logs in the console look like traffic is still trying to go over an interface that is not utun or ipsec related though. I'm wondering if you are getting this because of a routing change for the VPN's virtual interface and this traffic is not respecting that change. If you remove and includeAllNetworks and restart the VPN, does this resolve the errors in the log below? Not that this is a solution to your problem, I'm just trying to work through why this traffic is going around the tunnel interfaces if you instructed it not to. No mDNSKeepalive for interface en8/IOSkywalkLegacyEthernetInterface kr 0xE00002C0 NetWakeInterface: en8 <private> no WOMP uDNSCheckCurrentQuestion: host unreachable error for DNS server <private> for question failed to send packet on InterfaceID 0x5 en8/4 to <private>:53 skt 74 error -1 errno 6
Topic: App & System Services SubTopic: Networking Tags:
Jul ’20
Reply to includeAllNetworks - Can't establish tunnel when includeAllNetworks is set
Removing 'includeAllNetworks' and restarting the VPN resolve all the errors. There are no logs like 'host unreachable error for DNS server'. Setting 'includeAllNetworks' and restarting the VPN will print those logs. I'm not using local DNS server, I'm just calling to getaddrinfo which suppose to query public DNS servers. More details: The problem is that I can't connect at all: In order to connect I need to get responses from getaddrinfo, but as I said getaddrinfo fails. I also tried to use lib curl which also failed. I've set the includeAllNetworks and I tried to connect - my extension uses some C code to establish the connection using BSD sockets and low level code. I'm not using high level functions like 'createUDPSessionThroughTunnelToEndpoint' at the extension. Since I can't connect I don't have the tunnel - I'm creating the tunnel only after I found the server's IP, so how can the traffic go only via a tunnel which isn't exists yet? P.S - sry for the delay.
Topic: App & System Services SubTopic: Networking Tags:
Jul ’20
Reply to includeAllNetworks - Can't establish tunnel when includeAllNetworks is set
It's not even restarting the tunnel I it was existed before, it's also for creating it for the first time. Even if I simulate a new user - just creating a profile with includeAllNetworks = true, and start the VPN for the first time, I have the above problem. Doing the same thing but with includeAllNetworks = false, and there's no problem at all. Removing the profile also works. It's just this flag which causes the problem - all the traffic at the extension gets blocked, even if it's the first time I'm trying to create the tunnel.
Topic: App & System Services SubTopic: Networking Tags:
Jul ’20
Reply to includeAllNetworks - Can't establish tunnel when includeAllNetworks is set
Interesting. The bottom line is that it sounds like traffic is escaping the tunnel some how with includeAllNetworks = true and is therefore being dropped. At this point I think it would be good to open a DTS incident - https://developer.apple.com/support/technical/ so I can take a closer look at what is happening. Matt Eaton DTS Engineering, CoreOS meaton3@apple.com
Topic: App & System Services SubTopic: Networking Tags:
Jul ’20
Managed app is unable to start its network extension in iOS 14
I have an app that contains an NEPacketTunnelProvider network extension. Some users are reporting that after upgrading their devices to iOS 14 they are no longer able to start the VPN. We have manage to reproduce the issue, and it only happens when all the following conditions are true: The app is managed by MDM The App Store version of the app is installed (not an enterprise signed ipa) The device is running iOS 14 If any of the above conditions are not true, the VPN can be started without any issues. Because of the requirement to use the App Store version of the app to reproduce, it's very difficult to debug. What I would like to understand is if something changed in iOS 14 that would make an app with a network extension behave differently when under MDM management. I did try sysdiagnose, and I see this pattern of messages generated by nesessionmanager: default 2020-09-25 14:42:32.086975 -0700 nesessionmanager : Register Enterprise VPN Session: NESMVPNSession[Primary Tunnel::5FC13677-04FA-46AD-B91B-4BB9E630
Topic: Business & Education SubTopic: Device Management Tags:
3
0
718
Sep ’20
Reply to With VPN switched on no messages can be seen on console and can not connect with Xcode
Thanks Matt. Just raised a bug report: FB8815876 (With VPN switched on no messages can be seen on console and can not connect with Xcode) Also add more details here for others to see if they can reproduce the same issue step by step. Description of the issue: When I tested with my iPhone SE(1st generation, iOS 14.0.1) on Mac OS Catalina 10.15.7 / Xcode 12.0.1 I found that with the VPN(NETunnelProvider, 'includeAllNetworks' set to be true) switched on there are no messages being shown on the console, and also on Xcode it shows 'iPhone(unavailable)'. After I switched off the VPN it came back to normal. I was using a USB cable to connect the iOS device with the MBP's left side USB port. Steps to reproduce: An iPhone SE(1st generation, iOS 14.0.1) / Mac OS Catalina 10.15.7 / Xcode 12.0.1; A VPN application coded with NETunnelProvider, set 'includeAllNetworks' to be true (if it's false then cannot reproduce this issue); Install the VPN application on the iPhone and switch it on; Connect the iPhon
Topic: App & System Services SubTopic: Core OS Tags:
Oct ’20