Search results for

includeAllNetworks

150 results found

Post

Replies

Boosts

Views

Activity

Reply to includeAllNetwork Problems.
Kevin, Regarding: The main issue I see at this point is that when I define includeAllNetworks and it takes effect, I can no longer connect to the gateway, even by IP address. That's when we're trying to open the actual VPN connection to the Gateway. How are we supposed to open the socket that's going to carry the gateway traffic in this case? The VPN connection that you are trying to open, is it to the address/hostname reported in NETunnelProviderProtocol's serverAddress and out in initWithTunnelRemoteAddress for NEPacketTunnelNetworkSettings? If so, then I would open a bug report - https://developer.apple.com/bug-reporting/ about this and please respond back here with the Feedback ID. Matt Eaton DTS Engineering, CoreOS meaton3@apple.com
Topic: App & System Services SubTopic: Networking Tags:
Apr ’21
Reply to Failed to register Personal IncludeAllNetworks VPN Session NESMIKEv2VPNSession
Any ideas how to debug this? Well, not having any other VPN network configurations installed on the system and receiving the error for, Failed to register Personal IncludeAllNetworks VPN Session NESMIKEv2VPNSession due to Enterprise VPN session NESMVPNSession, is odd. I would try this on a fresh VM. If you can still reproduce the issue, take a sysdiagnose and open a bug report. - https://developer.apple.com/bug-reporting/ Matt Eaton DTS Engineering, CoreOS meaton3@apple.com
Topic: App & System Services SubTopic: Networking Tags:
Apr ’21
NEPacketTunnelProvider can't get device's packets
Hi, I'm new in this area. I have several questions to ask. I'm implementing a vpn client by using NETunnelProviderProtocol(). After I start the tunnel successfully, I can't get any packets from self.packetFlow.readPacketObjects. Is the NETunnelProviderProtocol able to gather the packet from whole device ?(just work like a normal vpn client) Is it safe to turn includeAllNetworks() to true? thanks
Topic: App & System Services SubTopic: Networking Tags:
15
0
1.1k
May ’21
Reply to Simple transparent app proxy Network Extensions on macOS
Thanks for the update Matt. However, I received this issue with Packet Tunnel. Whenever includeAllNetworks is enabled, if PacketTunnelProvider tries to apply a split tunnel rule, the rule fails to apply (but no error returned) and packet tunnel receives all the traffic as if its full tunnel and wildcard match domain. Now I understand that when includeAllNetworks is enabled, split tunnel rules conflict with this setting and should not be used. But there is no clear documentation or error when settings split tunnel rules. There is just a cryptic message in Console.app System Policy: deny(1) system-privilege 10006 which is easy to miss. It does not even specify the problem. So, I think it would be nicer to have documentation mention this conflict and its impact. It would be even nicer to have NETunnelProvider.setTunnelNetworkSettings method return an error in its completion block when such conflicts take place.
Topic: App & System Services SubTopic: Drivers Tags:
May ’21
Reply to Simple transparent app proxy Network Extensions on macOS
Now I understand that when includeAllNetworks is enabled, split tunnel rules conflict with this setting and should not be used. But there is no clear documentation or error when settings split tunnel rules. So, I think it would be nicer to have documentation mention this conflict and its impact. I agree. I think this is a great enhancement request - https://developer.apple.com/bug-reporting/ for documentation on this matter. Please respond back with the Feedback ID when you have done so. Matt Eaton DTS Engineering, CoreOS meaton3@apple.com
Topic: App & System Services SubTopic: Drivers Tags:
May ’21
Reply to PacketTunnelProvider Simple tunnel not work
@matt, thanks for the support :) The configuration for packet tunnel is that: protocolConfiguration type = plugin identifier = 7FCF645B-4707-42AE-BFB9-76903115D4F5 serverAddress = x.x.x.x:PORT // This is IP:PORT FORMAT identityDataImported = NO disconnectOnSleep = NO disconnectOnIdle = NO disconnectOnIdleTimeout = 0 disconnectOnWake = NO disconnectOnWakeTimeout = 0 includeAllNetworks = NO excludeLocalNetworks = YES enforceRoutes = NO pluginType = bundleIdentifier of the app that contains the extension authenticationMethod = 0 reassertTimeout = 0 And the code of the start tunnel override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let newTunnel = ClientTunnel() newTunnel.delegate = self if let error = newTunnel.startTunnel(self) { completionHandler(error as NSError) } else { // Save the completion handler for when the tunnel is fully established. pendingStartCompletion = completionHandler tunnel = newTunnel } } And the VPNStatus is .connected My
Topic: App & System Services SubTopic: General Tags:
Aug ’21
Some questions on NEPacketTunnelProvider on iOS 15
Recently I tested my VPN application on iOS 15 beta 8 / Xcode 13 beta 5. It looks like that the precedence is IPSec VPN > iCloud private relay > NEPacketTunnelProvider VPN. When the iCloud private relay is switched on if use IPSec VPN(I think it's using the IPSec interface) the browser's network traffic is still being routed to the IPSec tunnel. But for the implementation with NEPacetTunnelProvider VPN(UTUN interface) the browser's traffic is being routed to the private relay. I don't see any doc describing this but it seems this is the design. And another question is the IncludeAllNetworks setting for the VPN. If set the IncludeAllNetworks to be 1 then the device global traffic would be routed to the VPN, but the excludedRoutes settings in the VPN would be unavailable, no routes would be excluded. Is the above understanding correct?
Topic: App & System Services SubTopic: General Tags:
2
0
908
Sep ’21
NEDNSProxyProvider sandbox violation system-privilege 10006
Hi All, I have a NEDNSProxyProvider System Extension and my logs are full of sandbox violations, all like: error 2021-09-21 10:42:30.557390 -0400 sandboxd com.apple.sandbox.reporting violation System Policy: com.myCompany.mac(640) deny(1) system-privilege 10006 Violation: deny(1) system-privilege 10006 Process: com.myCompany.mac [640] Path: /Library/SystemExtensions/4375ED6E-69A9-4897-8B39-4252AD9843AD/com.myCompany.macos.netext.dnsproxy.systemextension/Contents/MacOS/com.myCompany.macos.netext.dnsproxy Load Address: 0x1028a8000 Identifier: com.myCompany.macos.netext.dnsproxy Version: 78 (2.0.0) Code Type: arm64 (Native) Parent Process: launchd [1] Responsible: /Library/SystemExtensions/4375ED6E-69A9-4897-8B39-4252AD9843AD/com.myCompany.macos.netext.dnsproxy.systemextension/Contents/MacOS/com.myCompany.macos.netext.dnsproxy User ID: 0 Date/Time: 2021-09-21 10:42:30.522 EDT OS Version: macOS 11.6 (20G165) Report Version: 8 MetaData: {uid:0,summary:deny(1) system-privilege 10006,errno:1,hardware:J293,operation:
Topic: App & System Services SubTopic: Drivers Tags:
4
0
1.5k
Sep ’21
Reply to Packet Tunnel Provider + split tunnel + Proxy
Anyway to bypass this without changing the proxy settings? I suspect the immediate way to run your traffic through a proxy on the other side of the tunnel, but that may not be an option. Regarding: Isn't it a bug? Hard to say because if the full tunnel case uses something like includeAllNetworks in the NETunnelProviderProtocol then I would say, no this is not a bug. However, if this behavior has changed between versions, then yes, I would open a bug report. Matt Eaton DTS Engineering, CoreOS meaton3@apple.com
Topic: App & System Services SubTopic: Drivers Tags:
Jan ’22
OpenVPNProvider
am using to NETunnelProvider in a openvpn client that is bridged in react-native but no luck there .. the connection to server keep disconnect every time. the Network Extension is configurated. <?xml version=1.0 encoding=UTF-8?> <!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> <plist version=1.0> <dict> <key>NSExtension</key> <dict> <key>NSExtensionPointIdentifier</key> <string>com.apple.networkextension.packet-tunnel</string> <key>NSExtensionPrincipalClass</key> <string>$(PRODUCT_MODULE_NAME).PacketTunnelProvider</string> </dict> </dict> </plist> typescript side is getting events from vpnStateObserver connecting ... Object { message: The VPN is in the process of connecting, state: 1, } Object { message: The VPN is in the process of disconnecting, state: 3, } Object { message: The VPN is disconnected, state: 0, } tunel: type = plugin identifier = xxxxxxx
Topic: Programming Languages SubTopic: General Tags:
1
0
608
Mar ’22
Reply to Why binding INADDR_ANY in Network Extension is not allowed other apps to connect it using localhost
You essentially have a few options here. Go full tunnel VPN, to which you could claim all the routes on your system by hand, or go with the includeAllNetworks flag on NETunnelProviderProtocol. Or, you could go with Per-App VPN and claim traffic for specific apps. Having apps connect to a listener so that you can route their traffic through the VPN in not the way to go here.
Topic: App & System Services SubTopic: Networking Tags:
May ’22