Hello, I found the source code for an older version of Network.framework here: https://github.com/xamarin/binding-tools-for-swift-reflector/tree/master/stdlib/public/Darwin/Network But when I check the latest repository of swift from https://github.com/apple/swift. I can't find the path to stdlib/public/Darwin/Network. Does anyone know where these source codes are now? Thanks

Hi, I have installed content filter network extension which is almost same as https://developer.apple.com/documentation/networkextension/filtering_network_traffic. I have another app. As part of this app, I am sending messages from server process to client process by using unix domain sockets which is almost same as https://github.com/devlights/go-unix-domain-socket-example. If network traffic is little bit more then my client is failing to send messages with write: no buffer space available error. If I stop content filter network extension then there is no issue. How can I handle this type of error with network extension? Note: This is happening on both monterey and ventura mac os (both intel and m1).

We have code inside our network extension to create NWConnection with destination to loopback address 127.0.0.1 with a specific port number that another process is listening to. This method has been working fine until we test it on macOS 14.2 Beta (23C5030f) where we observed the following error: (Network) [com.apple.network:connection] nw_connection_copy_connected_local_endpoint_block_invoke [C42] Connection has no local endpoint and accessing the connection.currentPath.localEndpoint would return nil. This eventually leads to connection failure. This error is only observed with connection to loopback address. NWConnection created with destination to real address (Eg. on en0 interface) does not have any issue. This error is not observed with all connections to loopback address. Some NWConnection objects would still contain the localEndpoint. Here is an example of all log messages we get for a specific connection: (Network) [com.apple.network:connection] [C42 D9F43B3D-6832-4581-9B3B-12F6F5C7C408 127.0.0.1:49154 tcp, attribution: developer, context: Default Network Context (private), proc: 0D165C5B-CDFE-3F43-BC52-1DFCD61739E6, prefer no proxy] start (Network) [com.apple.network:connection] [C42 127.0.0.1:49154 initial parent-flow ((null))] event: path:start @0.000s (Network) [com.apple.network:connection] [C42 127.0.0.1:49154 waiting parent-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: path:satisfied @0.000s, uuid: 6655EA53-47F9-4B16-85D6-7B81FA0C360E (Network) [com.apple.network:connection] [C42 127.0.0.1:49154 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:start_connect @0.000s (Network) [com.apple.network:connection] nw_connection_report_state_with_handler_on_nw_queue [C42] reporting state preparing (Network) [com.apple.network:connection] nw_socket_handle_socket_event [C42:1] Socket received CONNECTED event (Network) [com.apple.network:connection] nw_flow_connected [C42 127.0.0.1:49154 in_progress socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] Output protocol connected (socket) (Network) [com.apple.network:connection] [C42 127.0.0.1:49154 ready socket-flow (satisfied (Path is satisfied), viable, interface: lo0)] event: flow:finish_connect @0.000s (Network) [com.apple.network:connection] nw_connection_report_state_with_handler_on_nw_queue [C42] reporting state ready (Network) [com.apple.network:connection] [C42 D9F43B3D-6832-4581-9B3B-12F6F5C7C408 127.0.0.1:49154 tcp, prefer no proxy, attribution: developer] cancel (Network) [com.apple.network:connection] nw_connection_copy_connected_local_endpoint_block_invoke [C42] Connection has no local endpoint (Network) [com.apple.network:connection] [C42 D9F43B3D-6832-4581-9B3B-12F6F5C7C408 127.0.0.1:49154 tcp, prefer no proxy, attribution: developer] cancelled [C42 6655EA53-47F9-4B16-85D6-7B81FA0C360E <NULL><->127.0.0.1:49154] Connected Path: satisfied (Path is satisfied), interface: lo0 Privacy Stance: Not Eligible Duration: 0.001s, TCP @0.000s took 0.000s bytes in/out: 0/0, packets in/out: 0/0, rtt: 0.001s, retransmitted bytes: 0, out-of-order bytes: 0 ecn packets sent/acked/marked/lost: 0/0/0/0 Questions: Why is loopback address special in this case as issue is only observed with connections to loopback address? What we should do in terms of updating our code inside network extension to get this working in macOS 14.2?

Hi guys, I am trying to get my on Unreal Engine based iOS app running with OSC (https://de.wikipedia.org/wiki/Open_Sound_Control). OSC uses UDP as base to send network messages that can be used to interact with DAWs (like Ableton or Logic Pro). It works fine on MacOS (and all other platforms, except latest iOS). I can RECEIVE OSC messages within the iOS app, but can't SEND some. Meanwhile I know this is related to privacy system around com.apple.developer.networking.multicast entitlement. I learned a lot from that posts: *https://developer.apple.com/forums/thread/663271 and https://forum.unity.com/threads/ios-14-5-can-not-send-udp-broadcast.1116352/. So far I did the following: Got the com.apple.developer.networking.multicast approval - yeah Enabled it in my provisioning file Changed my info.plist to include NSLocalNetworkUsageDescription and the Bonjour services <key>NSLocalNetworkUsageDescription</key> <string>Exchange OSC messages with nearby devices.</string> <key>NSBonjourServices</key> <array> <string>_APP_NAME._tcp</string> <string>_APP_NAME._udp</string> </array> Add entitlement to my Xcode project Confirmed that, after build and signing app includes entitlement (as described in link *) But still, I never see a request for access to local network nor does it SEND messages, which is kind of frustrating. It seems iOS never "sees" an access to local network that triggers ask for permission, which is weird because in log I can see LogSocket warning about using IP4 instead of IP6: LogSockets: Warning: Destination protocol of 'IPv4' does not match protocol: 'IPv6' for address: '192.168.172.32:1338' Assumptions: My OSC implementation uses plugin from UE (which is based on C++) and is not using Bonjour service. Do I still have to add *._tcp and *._udp keys to *.plist file? I used name of my app, but I think it should be name of the actual used service, shouldn't it? How can I get this? Is there a way to trace or log the services? I can't see any blocking message for my socket connection in the logs, is there a way to do "deeper" traces? Any other suggestions, I am really stuck a bit with ideas to get it running. All the best, Max

I'm currently trying to use an ESP8266, connecting to my home WiFi and starting a mDNS service. Then im trying to discover this service using the bonsoir package in flutter. So far so good. On Android everything works fine, but i want to use the app on the iPhone too. As far as i understood the information in this video 'developer.apple.com' i need to add this to my info.plist: <key>NSLocalNetworkUsageDescription</key> <string>Some understandable text for the user.</string> <key>NSBonjourServices</key> <array> <string>_http._tcp.</string> </array> I wrote a short python script which resolves the service in my network and im getting the following output: Service ESP8266Control._http._tcp.local. added, service info: ServiceInfo(type='_http._tcp.local.', name='ESP8266Control._http._tcp.local.', addresses=[b'\xc0\xa8\x02\xa0'], port=80, weight=0, priority=0, server='ESP8266Control.local.', properties={b'SN': b'10 - 00001'}, interface_index=None) Address: ['192.168.2.160'] Port: 80 Service Name: ESP8266Control._http._tcp.local. Server: ESP8266Control.local. Properties: {b'SN': b'10 - 00001'} My flutter app should be correct because on android everything works as expected. I tried to discover the service in my network by building my app on a mac book for ios. The popup for using the network appears with the defined message "Some understandable text for the user." and i have to confirm the usage of network discovery usage. But when i hit the button in my app to search for my wordclock, the following error is output: [discovery] [28317] Bonsoir has encountered an error during discovery : ["NSNetServicesErrorCode": -72008, "NSNetServicesErrorDomain": 10] [VERBOSE-2:dart_vm_initializer.cc(41)] Unhandled Exception: PlatformException(discoveryError, Bonsoir has encountered an error during discovery., {NSNetServicesErrorCode: -72008, NSNetServicesErrorDomain: 10}, null) Is my syntax wrong in my info.plist? I also tried to use this ESP8266Control._http._tcp. and several combinations with .local at the end, with and without the service name and with _http and _tcp seperated as 2 individual entries. I tried A LOT of combinations, but nothing changes anything. This is one of the combinations i've tried: <array> <string>_ESP8266Control._http._tcp</string> </array> <key>NSLocalNetworkUsageDescription</key> <string>Need access to connect with the clock itself.</string> <key>NSLocationAlwaysUsageDescription</key> <string>This app needs access to location when in the background.</string> <key>NSLocationWhenInUseUsageDescription</key> <string>This app needs access to your location to show nearby networks to connect the Wordclock to.</string> I would apprecciate help so much, we wasted so much time on this and the apple support told they can't help us... Best regards MeisterTubi

I have been testing a VPN app on a phone connected to Wi-Fi but with no SIM card, and a couple of times now I've noticed that NWPathMonitor reports changes to network path in rapid succession. Usually between 20 seconds and down to 2 or 3 seconds for each update, alternating between "satisfied" and "unsatisfied". Resetting the network settings seems to fix the problem. Any idea as to why this happens? Here's an excerpt from the logs: [2023-11-13 10:18:11.379][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:18:17.355][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:18:23.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:18:44.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:18:47.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:18:50.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:18:53.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:18:56.357][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:19:02.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:19:23.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:19:26.355][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:19:29.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:19:32.357][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:19:35.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:19:38.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:19:41.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:19:47.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:19:50.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:19:53.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:20:02.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:20:05.357][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:20:17.358][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable. [2023-11-13 10:20:20.356][TunnelManager][info] Status: waiting for connectivity, network unreachable. [2023-11-13 10:20:23.356][TunnelManager][info] Status: reconnecting to se-sto-wg-001, network reachable.

We are a company dedicated to network security. Our app accesses the ARP table on iOS/iPhone to identify devices on the Wi-Fi network. In the iPhone simulator we already obtain this information. But when we publish the app to the App Store, on a real iPhone, iOS returns "02:00:00:00:00:00", it seems that the app's access to MAC addresses is disabled. Is it possible that they enable us to access the ARP table?

I recently watched the WWDC 2023 video titled "Ready, set, relay: Protect app traffic with network relays" (Session 10002), which mentioned that iOS 17 should support Secure HTTP CONNECT. I came across the init(httpCONNECTProxy:tlsOptions:) API, indicating that iOS provides some support for this. However, I couldn't find detailed documentation on how to set up a proxy to support Secure HTTP CONNECT. Could you provide guidance on implementing Secure HTTP CONNECT in iOS 17? Are there any RFCs or additional documentation available that explain the protocol and its setup?

I have 7 applications with the same structure, however in one of them I suddenly got this error that I cannot solve why. The error appears to be related to Network Framework. The other 6 applications do not present this problem. /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS17.0.sdk/System/Library/Frameworks/Network.framework/Headers/quic_options.h:97:21 Unknown type name 'sec_protocol_options_t'; did you mean 'nw_protocol_options_t'? /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS17.0.sdk/System/Library/Frameworks/Network.framework/Headers/tls_options.h:72:21 Unknown type name 'sec_protocol_options_t'; did you mean 'nw_protocol_options_t'?

Hello Apple Support team, Steps tried out till now to resolve the scan issue for POS machines(Android Devices) in iOS 15.x: Changed UDP Listener’s Port Numbers according to the mentioned port numbers on Apple’s website. Checked the Network Framework provided by Apple for any related methods/properties that can resolve the issue. Updated the Deployment target from iOS 13.x to iOS 15.x for POSLib SDK in order to set the Network’s parameter attribution to the user so that networking performed using these parameters is directed to content specified by the user, not the developer. As per the R&D done till now, it appears the UDP connection is established properly and data is sent to the server but when we receive the data it is nil and also connection is cancelled. Thanks & Regards

Can we return NEPacketTunnelProvider's NEPacket to macOS kernel? Snippet- packetFlow.readPacketObjects {[weak self] packets in As per network rules, packets read from packetFlow. After parsing packets, in some conditional use cases(such as ip), if we decide not to handle the packets, could we return it to kernel? We can easily achieve it in NETransparentProxyProvider by returning false from below method. We are looking for similar mechanisms to do return the traffic to Kernel. override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool May we achieve the same with any other Network.framework or low level API? If any advance Code-level support could solve this issue, we could raise a TSI as well.

I'm trying to use L4S queue management feature in MacOS Sonoma. I've followed the online guides: "Reduce network delays with L4S" and "Testing and Debugging L4S in Your App". Basically I setup "Internet sharing" to allow traffic to pass through a Mac Mini using Linux devices as the endpoints. (This requires two ethernet ports so I use an USB Ethernet adapter as the second port). The Linux client sends the TCP SYN with the correct flags enabled ECE, CWR and AE. However, at the receive side, the SYN is received with only the flags ECE, CWR. This causes a fallback to classic ECN which means there's no L4S (TCP Prague) enabled. Anyone know why this happens. Do I need to enable something? I have used the following: defaults write -g network_enable_l4s -bool true And also tried an undocumented (?) sysctl option: sysctl -w net.inet.tcp.accurate_ecn=1 However, that doesn't seem to make a difference. Does anyone know how to get the AccurateECN negotation to work?

I'm running a webserver for a specific service on port 8900 I'm using telegraph to run the webserver, so that opens and claims the port. I also want to advertise the service on bonjour - ideally with the correct port. This is trivial with NetService - but that's deprecated, so I should probably move to the Network framework. I can advertise without specifying a port listener = try NWListener(service: service, using: .tcp) but, then my service broadcasts addresses with port:61443 I can advertise using listener = try NWListener(using: .tcp, on: <myport>) however, that fails in my use case because (unsurprisingly) the Listener isn't able to get the port (my server already has it) Is this just a gap in the new API, or am I missing something?

I'm attempting to get the receiveTime on each received UDP packet from a NWConnection provided by a NWListener. I've found that @eskimo talks about using this property in this post - "Use receive timestamps to probe point E. In BSD Sockets, set the SO_TIMESTAMP option and access the timestamps by looking at the SCM_TIMESTAMP value returned from recvmsg. In Network framework, set the shouldCalculateReceiveTime property and access the timestamps using the receiveTime property." I have the listeners parameters set up like so: let parameters = NWParameters.udp if let options = parameters.defaultProtocolStack.internetProtocol as? NWProtocolIP.Options { options.shouldCalculateReceiveTime = true } I do have a custom protocol framer involved and working in the network stack. I have been trying the following but the only metadata available is the custom protocol framers: connection.receiveMessage { data, context, isComplete, error in if let metadata = context?.protocolMetadata(definition: NWProtocolIP.definition) { print(metadata) } } Where in a framer implementation can I grab the IP metadata and how, if i do indeed need to, pass it up to the application?

Hello there, We have an iPad application which uses mDNS to find specific devices on the network then it resolves an IP address so then the application can connect to it through websocket. It has been working for years now. Recently our clients started to update their iPads to iOS 17 and suddenly this functionality stopped working. When I wanted to test out what's going on I found out that when I run the application on an iPad simulator on my macbook it can resolve the IP address immediately but when I run it on an iPad it cannot. That seemed weird so I decided to look into the code and I saw that the NetServiceBrowser api had been deprecated and I thought that maybe that's the problem so I refactored the code to use NWBrowser which was rather easy it found the service, but then when I wanted to meg an NWConnection to it the same error happened. From macOS it works fine but on the iPad the connection's state never gets ready, it hangs on the preparing state. I created a new test application just with this functionality to test it on an iPhone too. Well it seems that the issue is appearing on the iOS too. One other thing to mention, I created a simple node.js application which uses mDNS broadcast to simulate this device which we're trying to connect. The weird part that both the iPad and the iPhone can resolve it's address. I'm curious if something has changed since iOS 16, I couldn't find anything and I don't know where to go next, or how can somebody reproduce this error without the device. Any help is appreciated. Here is my discovery code: import UIKit import Network class ViewController: UIViewController { var browser: NWBrowser! override func viewDidLoad() { super.viewDidLoad() browser = NWBrowser(for: .bonjour(type: "_http._tcp", domain: ""), using: .tcp) browser.stateUpdateHandler = { newState in switch newState { case .failed(let error): print("NW Browser: now in Error state: \(error)") self.browser.cancel() case .ready: print("NW Browser: new bonjour discovery - ready") case .setup: print("NW Browser: ooh, apparently in SETUP state") default: break } } browser.browseResultsChangedHandler = { ( results, changes ) in print("NW Browser: Scan results found:") for result in results { switch result.endpoint { case let .service(name: name, type: _, domain: _, interface: _): // All of our device has 'justfit' in their name if name.uppercased().contains("JUSTFIT"){ print(name) let proto: NWParameters = .tcp if let opt = proto.defaultProtocolStack.internetProtocol as? NWProtocolIP.Options { opt.version = .v4 } let connection = NWConnection(to: result.endpoint, using: proto) connection.stateUpdateHandler = { state in if state == .ready { if let path = connection.currentPath, let endpoint = path.remoteEndpoint { switch(endpoint) { case let .hostPort(host: host, port: port): print("IP: \(host), port: \(port)") break default: break } connection.cancel() } } else { print(state) } } connection.start(queue: .main) } default: break } } } browser.start(queue: .main) } }

Hi, I'm looking for feedback regarding SCNetworkReachability under macOS Sonoma. It seems that since beta 3 the notifications behaviour changed. In a LaunchAgent I'm using SCNetworkReachabilityCreateWithName + SCNetworkReachabilitySetCallback + SCNetworkReachabilityScheduleWithRunLoop and wait for callbacks looking at the kSCNetworkReachabilityFlagsReachable flag. This is running fine under macOS 12.x, 13.x and 14.0 for more than a year. If I log all callback entries I observe unexpected notifications as if the looked host became unreachable for very small amount of time (ms). The host is flagged as unreachable then few ms later reachable again then unreachable again. Fast switching is fine, I can accept that the service is unreachable even for 1s but the probleme is the latest status do not reflect actual reachability of the service. This is in a corporate network with the complexity of using a proxy.pac. Does anybody noticed something similar ? I filled a Feedback FB13442134 in case it could be a regression of 14.2

I created one application using Websocket when TLS version was 1.2 connection establishment working fine but when server team update TLS1.2 to TLS1.3 due to security enhancement in my project i am getting SSL Handshake fails with code 9836. and NSOSStatusErrorDomain with code 9836. here is my info.plist NSAppTransportSecurity NSAllowsArbitraryLoads NSExceptionDomains myserver.com NSIncludesSubdomains NSExceptionMinimumTLSVersion TLSv1.3 So my query here is that even if we specify TLSv1.3 for myserver.com as: NSExceptionMinimumTLSVersion TLSv1.3 we want to restrict only to TLS1.3, even if my request fails, how to achieve this?

There seems to be a bug in macOS 14 (14-14.1.2) that causes VPN connections to regularly disconnect after 24 or 48 minutes, causing a short network interrupt for 1-2 seconds. Prior macOS versions up to 13 do not have the issue. Release notes do not mention any breaking changes for 14, or 14.1. The bug seems to be on the macOS side somewhere in the rekey/cert/proposal process. My vpn servers run libreswan 4.12 and are set to match the default security params from apple dev docs ikesecurityassociationparameters and childsecurityassociationparameters:. How can I modify a VPN Profile (e.g. mobileconfig) to workaround the bug, or is there some new security param requirement in macos 14? macOS logs Console logs from macOS 14.1.2 process = NEIKEv2Provider show rekey failures. After each disconnect though, the connection successfully reconnects. 10:18 NEIKEv2Provider [CREATE_CHILD_SA R resp2 8A7ADF123EF55B23-DCF9CDCBGFBDE2A1] Rekey child received notify error Error Domain=NEIKEv2ProtocolErrorDomain Code=14 "NoProposalChosen" UserInfo={NSDebugDescription=NoProposalChosen} 10:18 NEIKEv2Provider Failed to process Create Child SA packet 10:18 NEIKEv2Provider <NEIKEv2Provider: Primary Tunnel (ifIndex 15)>: : Failed to set interface availability for ipsec0 10:18 NEIKEv2Provider Bootstrapping; external subsystem UIKit_PKSubsystem refused setup 10:18 NEIKEv2Provider cannot open file at line 46986 of [554764a6e7] 10:18 NEIKEv2Provider os_unix.c:46986: (2) open(/private/var/db/DetachedSignatures) - No such file or directory 10:18 NEIKEv2Provider [IKE_SA_INIT R resp0 BBA5FCDAD5CCD32C-09141E6F23975F7C] Initiator init received notify error Error Domain=NEIKEv2ProtocolErrorDomain Code=17 "InvalidKEPayload" UserInfo={NSDebugDescription=InvalidKEPayload} 10:18 NEIKEv2Provider <NEIKEv2Provider: Primary Tunnel (ifIndex 15)>: : Failed to set interface availability for ipsec0 10:18 NEIKEv2Provider <NEIKEv2Provider: Primary Tunnel (ifIndex 15)>: : Failed to set interface availability for ipsec0 VPN Server Logs (running Libreswan latest v4.12) In recreating the issue, I noticed a difference on first connection when the client sets OnDemandEnabled=0 vs OnDemandEnabled=1. To be clear though, disconnects happen either way, perhaps after the first connection is cached on the system. With OnDemandEnabled=0, the server shows the macOS sent only 1 proposal. Dec 6 9:53:22 pluto "ikev2-cp" #1: proposal 1:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Dec 6 9:53:22 pluto "ikev2-cp" #2: proposal 1:ESP=AES_CBC_256-HMAC_SHA2_256_128-DISABLED SPI=04591279 chosen from remote proposals 1:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] However, with OnDemandEnabled=1 the server shows macOS sent 4 proposals. Dec 6 9:54:27 pluto "ikev2-cp" #5: proposal 4:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Dec 6 9:54:27 pluto "ikev2-cp" #6: proposal 4:IKE=AES_CBC_256-HMAC_SHA2_256-HMAC_SHA2_256_128-MODP2048 chosen from remote proposals 1:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=ECP_256 2:IKE:ENCR=AES_GCM_C_256;PRF=HMAC_SHA2_256;DH=MODP2048 3:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=ECP_256 4:IKE:ENCR=AES_CBC_256;PRF=HMAC_SHA2_256;INTEG=HMAC_SHA2_256_128;DH=MODP2048[first-match] Dec 6 9:54:27 pluto "ikev2-cp" #7: proposal 3:ESP=AES_CBC_256-HMAC_SHA2_256_128-DISABLED SPI=0490053d chosen from remote proposals 1:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 2:ESP:ENCR=AES_GCM_C_256;ESN=DISABLED 3:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED[first-match] 4:ESP:ENCR=AES_CBC_256;INTEG=HMAC_SHA2_256_128;ESN=DISABLED

Hello all, Does anyone know how long it will take Apple to approve multicast entitlement approval after the Apple form is submitted? Any input would be appreciated. Thank you Allyson

Our web server sets pf rules to block all 443 traffice that doesn't come from CloudFlare whitelisted servers. Allowed traffic is forwarded to the application running on another port. It appears a client updated 14.1.1 to 14.1.2 and after that no traffic is getting thru. I didn't want to waste a lot of time diagnosing this if the issue is out of my control.