Search results for

“includeAllNetworks”

157 results found

Post

Replies

Boosts

Views

Activity

Reply to What is included in `excludeDeviceCommunications`?

Thankyou for pointing out the missing documentation for excludeDeviceCommunication. We will definitely fix that. Here is the brief description: If includeAllNetworks is set to YES and this property is set to YES, then network traffic used for communicating with devices connected via USB or Wi-Fi is excluded from the tunnel. For example, Xcode uses a network tunnel to communicate with connected development devices like iPhone, iPad and TV. The default value of this property is YES.

Networking

Networking Q&A

Reply to Packet Tunnel Provider - local networks

Interesting. I suspect something is capturing the local traffic for a specified interface before it is sent to the default route. Also if the includeAllNetworks or excludeLocalNetworks flags are set this could impact the situation as well. To figure out more on what is happening I would recommend opening a TSI so I can take a closer look at your entire configuration. If you do open a TSI, please attach a sample project that reproduces the your scenario.Matt EatonDTS Engineering, CoreOSmeaton3 at apple.com

App & System Services Networking

May ’20

Reply to `NEVPNProtocol.includeAllNetworks` and `NEPacketTunnelProvider.createTCPConnectionThroughTunnel`

Yeah, this one is odd. I have seen issues where using includeAllNetworks causes issues for networking tasks, e.g., DNS resolution or authentication outside of the VPN server before the tunnel comes up. In this case if your connection to the remote address is truly inside the tunnel then that should not be causing issues here. You mentioned earlier that you were using a WireGaurd base tunnel. If you go back to a vanilla install of NEPacketTunnelProvider, does this work for you?

App & System Services Networking

Jun ’22

Reply to Expected behavior of searchDomains

I tried with an app that lets us send ping, see the same issue there. Can try with a new sample app, but I expect it would behave the same. Yes, for this experiment it was in destinationIP mode. IncludeAllNetworks is off. For split tunnel mode, we don't set the default route (Which was the mode for this test). We do set the default route when testing with split tunnel off, where the expectation is all traffic goes through tunnel.

App & System Services Networking

Feb ’26

Reply to Failed to register Personal IncludeAllNetworks VPN Session NESMIKEv2VPNSession

Any ideas how to debug this? Well, not having any other VPN network configurations installed on the system and receiving the error for, Failed to register Personal IncludeAllNetworks VPN Session NESMIKEv2VPNSession due to Enterprise VPN session NESMVPNSession, is odd. I would try this on a fresh VM. If you can still reproduce the issue, take a sysdiagnose and open a bug report. - https://developer.apple.com/bug-reporting/ Matt Eaton DTS Engineering, CoreOS meaton3@apple.com

App & System Services Networking

Apr ’21

Reply to Simple transparent app proxy Network Extensions on macOS

That may not apply to your issue, but make sure that you don't have includeAllNetworks set to true (which would sound logical in the first place but causes all sorts of weird failures) in the NETunnelProviderProtocol instance you pass to the NETransparentProxyManager while configuring the proxy in the main app.Doing so causes a networking loop back into the transparent proxy that gets NECP deny messages, which really do not explain the base issue at all. Reported as FB7468866.

App & System Services Drivers

Apr ’20

Reply to How IP_BOUND_IF works to bind a socket to a specific interface?

Do not hard-code BSD interface names, like pdp_ip0. It will end badly. I have a bunch of backstory about this in the various posts linked to from Extra-ordinary Networking. socket still send data via utun, witch is a vpn interface That can happen if the VPN sets includeAllNetworks. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

App & System Services Networking

Jan ’24

Reply to iOS VPN Issue -Disconnecting VPN from Packet Tunnel Network Extension Causes Loss of Internet Connectivity

[quote='756357021, KhothAmit, /thread/756357, /profile/KhothAmit'] Observation : Interestingly, when we call the following method from the app side. The VPN disconnects and the device retains its internet connectivity. [enabledConfig.connection stopVPNTunnel]; [/quote] Right, it looks like there was a response on the radar mentioning that this is happening because includeAllNetworks is set and cancelling the tunnel from the provider side can leave the system in this state. While this is being worked out, please disconnect the VPN from the application side or through the VPN UI.

App & System Services Networking

Jun ’24

Reply to Simple transparent app proxy Network Extensions on macOS

Now I understand that when includeAllNetworks is enabled, split tunnel rules conflict with this setting and should not be used. But there is no clear documentation or error when settings split tunnel rules. So, I think it would be nicer to have documentation mention this conflict and its impact. I agree. I think this is a great enhancement request - https://developer.apple.com/bug-reporting/ for documentation on this matter. Please respond back with the Feedback ID when you have done so. Matt Eaton DTS Engineering, CoreOS meaton3@apple.com

App & System Services Drivers

May ’21

Reply to Some traffic bypassing VPN

I can’t speak to the behaviour of specific third-party clients, but I will say that it’s perfectly feasible for clients to force traffic to run over a specific interface.As to what you can do about this, my recommendation is that you look at the includeAllNetworks and excludeLocalNetworks properties we added to NEVPNProtocol in iOS 13 beta. Share and Enjoy — Quinn “The Eskimo!” Apple Developer Relations, Developer Technical Support, Core OS/Hardware let myEmail = eskimo + 1 + @apple.com

App & System Services Networking

Sep ’19

Reply to Packet Tunnel Provider + split tunnel + Proxy

Anyway to bypass this without changing the proxy settings? I suspect the immediate way to run your traffic through a proxy on the other side of the tunnel, but that may not be an option. Regarding: Isn't it a bug? Hard to say because if the full tunnel case uses something like includeAllNetworks in the NETunnelProviderProtocol then I would say, no this is not a bug. However, if this behavior has changed between versions, then yes, I would open a bug report. Matt Eaton DTS Engineering, CoreOS meaton3@apple.com

App & System Services Drivers

Jan ’22

Reply to Some traffic bypassing VPN

Hello !We did check with built in IPSEC profiles also. No any customizations whatever.Behaviour was similar, that Facebook Messenger was able to send out packets using IP address of underlying Wifi interface (and 4G). Even created .mobileconfig profile, which included ` OverridePrimary=1`.Still same behaviour on 12.3.1.Will try your suggestion with `includeAllNetworks` on iOS 13 beta. Btw. do you have deeper documentation on behaviour than onhttps://developer.apple.com/documentation/networkextension/nevpnprotocol/3143658-excludelocalnetworks?language=objcbest regards,taavi

App & System Services Networking

Sep ’19

Reply to Setting includeAllNetworks usually blocks GW connection in the extension, "kernel ALF, old data swfs_pid_entry"?

Still haven't figured out what to set to see the ALF data, but I noticed that there are some messages from netext about the connection that's failing. netext is a Microsoft Defender extension. If includeAllNetworks is on and Microsoft Defender is trying to do something with the traffic to the Gateway I suspect that it would be a problem. Are there any known issues that you can say anything about WRT anti-malware (e.g., Microsoft Defender) & proxy software (e.g., iBoss) interacting with VPN packet tunnels? It'll be tricky for me to find a test system which has none of these installed...

App & System Services Networking

Jul ’22

Reply to LAN traffic

includeAllNetworks is disabled. Oh, wow, I completely misread that. Sorry about the confusion. If you claim the default route then you’ll receive traffic for which there isn’t a specific route. By default Apple platforms add routes for all locally connected networks. So, if you have a Mac on Wi-Fi and a printer on that same Wi-Fi, the traffic to that printer shouldn’t come to your VPN. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = eskimo + 1 + @ + apple.com

App & System Services Networking

May ’24

Setting includeAllNetworks usually blocks GW connection in the extension, "kernel ALF, old data swfs_pid_entry"?

I'm seeing the connection to the VPN gateway failing in our Network Extension (not a System Extension) most of the time. Sometimes it succeeds. There's no difference in what the application or the extension are doing in the two cases. I can't see a pattern to when it fails, but In the console I see different messages. The only thing I've seen showing up consistently on failures but not successes is the message about the swfs_pid_entry. On failure: vpn_extension Gateway address 10.10.10.10, port 443 kernel ALF, old data swfs_pid_entry <private>, updaterules_msg <private>, updaterules_state <private> vpn_extension connect failed with error 65 (No route to host) kernel connect() - failed necp_set_socket_domain_attributes vpn_extension Connect returncode 65 On success: vpn_extension Gateway address 10.10.10.10, port 443 trustd User has disabled system data installation.

App & System Services Networking Network Extension