“includeAllNetworks”

@matt, thanks for the support :) The configuration for packet tunnel is that: protocolConfiguration type = plugin identifier = 7FCF645B-4707-42AE-BFB9-76903115D4F5 serverAddress = x.x.x.x:PORT // This is IP:PORT FORMAT identityDataImported = NO disconnectOnSleep = NO disconnectOnIdle = NO disconnectOnIdleTimeout = 0 disconnectOnWake = NO disconnectOnWakeTimeout = 0 includeAllNetworks = NO excludeLocalNetworks = YES enforceRoutes = NO pluginType = bundleIdentifier of the app that contains the extension authenticationMethod = 0 reassertTimeout = 0 And the code of the start tunnel override func startTunnel(options: [String : NSObject]?, completionHandler: @escaping (Error?) -> Void) { let newTunnel = ClientTunnel() newTunnel.delegate = self if let error = newTunnel.startTunnel(self) { completionHandler(error as NSError) } else { // Save the completion handler for when the tunnel is fully established. pendingStartCompletion = completionHandler tunnel = newTunnel } } And the VPNStatus is .connected My

I suspect you want to gather some information to provide to your VPN in aide in tunnel connection, and that is why you want to make a network call before the tunnel is connected. You understood it correctly. Let me explain it again in more detail. As part of establishing VPN connection, Just after successful SSL Handshake with Tunnel Server, Tunnel Server provides one URL, Packet Tunnel extension passes this URL to VPN Controller App, and using this URL Controller App fetches some settings(user auth required). Since Network connectivity is blocked until the VPN is connected, we are unable to make a call to URL provided by Tunnel Server, and we have to make this call to fetch some settings which is required in order to establish VPN connection(before we return completionHandler(nil)). are you able fetch those resources inside the provider? As I mentioned above, unfortunately No. ` Since Network connectivity is blocked until the VPN is connected, unable to fetch required resources inside the provider. so presum

I've since gone and uploaded yet another sysdiagnose where we seemingly see the same thing happens, this time, on every reinstall from Xcode. In this case, once the newly installed packet tunnel starts, all networking on the device is broken, and seemingly this reliably reproduces. However, it doesn't happen by default, usually after a day of not restarting the device and developing does this start happening again. I've barely had time to look at the sysdiagnose, but from the cursory look there's plenty of No route to host errors, which would explain why the packet tunnel is not able to connect. Why is there no route to host? Who knows. At the time of installation, the VPN profile of the app I'm developing is set to be used on-demand, and it is set to include all routes (0.0.0.0/0 and ::0/0). We are not using enforceRoutes or includeAllNetworks due to bugs. It seems that there is a discrepancy between the two packet tunnel instances (the old one and new one), and one of them is desperately trying to

[quote='841929022, RBmint, /thread/786651?answerId=841929022#841929022, /profile/RBmint'] supposedly can filter packets and redirect them into different TUN interface without changing the route table. [/quote] Apple platform do have something like this — like I said, two of everything! (-: — namely NECP. For some very limited details on that, see A Peek Behind the NECP Curtain. However, as a third-party developer you have a very limited view into NECP, and it certainly won’t help with this. The go-to doc on this is Routing your VPN network traffic. It explains: How includeAllNetworks represents a giant switch, which effectively disables destination IP routing. This setting is implemented using NECP. How enforceRoutes lets you continue using destination IP routing but prevents apps from bypassing that. [quote='841929022, RBmint, /thread/786651?answerId=841929022#841929022, /profile/RBmint'] I'm also a little bit curious about other VPN's split tunneling function. Do they not exist/not work on macOS at

Hi Matt,I able to fix the IPC issues. Now i could see it is saving the configuation correctly. But next my expectation was to get the callback on App proxy provider(i.e. AppProxyProvider) but not getting the callback. Looks like it is not able to get into the network system extension. Network preference, extension status showing as Connecting...) Any thought please? ( {n localizedDescription = MyExtension n enabled = YESn protocolConfiguration = {n serverAddress = <23-char-str>n disconnectOnSleep = NOn includeAllNetworks = NOn excludeLocalNetworks = NOn providerBundleIdentifier = com.sample.extensionn }n onDemandEnabled = NOn} )Extension info.plist:<?xml version=1.0 encoding=UTF-8?> <!DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd> <plist version=1.0> <dict> <key>CFBundleDevelopmentRegion</key> <string>$(DEVELOPMENT_LANGUAGE)</string> <key>CFBundleDisplayName</key> <string>FPNetwor