General: DevForums tag: Network Extension Network Extension framework documentation Routing your VPN network traffic article Filtering Network Traffic sample code TN3120 Expected use cases for Network Extension packet tunnel providers technote TN3134 Network Extension provider deployment technote TN3165 Packet Filter is not API technote Network Extension and VPN Glossary DevForums post Debugging a Network Extension Provider DevForums post Exporting a Developer ID Network Extension DevForums post Network Extension vs ad hoc techniques on macOS DevForums post Extra-ordinary Networking DevForums post Wi-Fi management: Wi-Fi Fundamentals DevForums post TN3111 iOS Wi-Fi API overview technote How to modernize your captive network developer news post iOS Network Signal Strength DevForums post See also Networking Resources. Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I’m developing an app designed for hospital environments, where public internet access may not be available. The app includes two components: the main app and a Local Connectivity Extension. Both rely on persistent TCP socket connections to communicate with a local server. We’re observing a recurring issue where the extension’s socket becomes unresponsive every 1–3 hours, but only when the device is on the lock screen, even if the main app remains in the foreground. When the screen is not locked, the connection is stable and no disconnections occur. ❗ Issue Details: • What’s going on: The extension sends a keep-alive ping packet every second, and the server replies with a pong and a system time packet. • The bug: The server stops receiving keep alive packets from the extension.  • On the server, we detect about 30 second gap on the server, a gap that shows no packets were received by the extension. This was confirmed via server logs and Wireshark).  • On the extension, from our logs there was no gap in sending packets. From it’s perspective, all packets were sent with no error.  • Because no packet are being received by the server, no packets will be sent to the extension. Eventually the server closes the connection due to keep-alive timeout.  • FYI we log when the NEAppPushProvider subclass sleeps and it did NOT go to sleep while we were debugging. 🧾 Example Logs: Extension log: 2025-03-24 18:34:48.808 sendKeepAliveRequest() 2025-03-24 18:34:49.717 sendKeepAliveRequest() 2025-03-24 18:34:50.692 sendKeepAliveRequest() ... // continuous sending of the ping packet to the server, no problems here 2025-03-24 18:35:55.063 sendKeepAliveRequest() 2025-03-24 18:35:55.063 keepAliveTimer IS TIME OUT... in CoreService. // this is triggered because we did not receive any packets from the server 2025-03-24 18:34:16.298 No keep-alive received for 16 seconds... connection ID=95b3... // this shows that there has been no packets being received by the extension ... 2025-03-24 18:34:30.298 Connection timed out on keep-alive. connection ID=95b3... // eventually closes due to no packets being received 2025-03-24 18:34:30.298 Remote Subsystem Disconnected {name=iPhone|Replica-Ext|...} ✅ Observations: • The extension process continues running and logging keep-alive attempts. • However, network traffic stops reaching the server, and no inbound packets are received by the extension. • It looks like the socket becomes silently suspended or frozen, without being properly closed or throwing an error. ❓Questions: • Do you know why this might happen within a Local Connectivity Extension, especially under foreground conditions and locked ? • Is there any known system behavior that might cause the socket to be suspended or blocked in this way after running for a few hours? Any insights or recommendations would be greatly appreciated. Thank you!

We have used ::gethostname to retrieve hostname in our tunnel provider extension and found it returns "localhost" on iOS 17+. So we changed to use [[NSProcessInfo processInfo] hostName]. However it often caused 30+ delay in the extension process on a few devices and always returns "localhost". The sysdiagnose shows a lot of DNS query logs as below: default mDNSResponder 2025-03-19 17:15:12.453769 +0800 75281: 0x11ad501 [R80937] DNSServiceCreateConnection START PID[79767](ACExtension) default mDNSResponder 2025-03-19 17:15:12.453892 +0800 75281: 0x11ad501 [R80938] DNSServiceQueryRecord START -- qname: <mask.hash: 'fNnSAdyuhKXqCny8+neXvw=='>, qtype: PTR, flags: 0x15000, interface index: -1, client pid: 79767 (ACExtension), name hash: 84de01e1 default mDNSResponder 2025-03-19 17:15:12.458395 +0800 75281: 0x11ad501 [R80939] DNSServiceQueryRecord START -- qname: <mask.hash: '2X6qN/YT0yh2psKwrGWokg=='>, qtype: PTR, flags: 0x15000, interface index: 0, client pid: 79767 (ACExtension), name hash: f25c923e default mDNSResponder 2025-03-19 17:15:12.462924 +0800 75281: 0x11ad501 [R80940] DNSServiceQueryRecord START -- qname: <mask.hash: 'peyRWEblLKbNvcOXPjSeMQ=='>, qtype: PTR, flags: 0x15000, interface index: 0, client pid: 79767 (ACExtension), name hash: 83323cc4

We’re looking to implement a custom IPSec IKEv2 VPN using the Packet Tunnel Provider network extension on iOS because we need to add extra information to EAP, which the built-in IKEv2 VPN configuration does not support. Is it possible to handle the full IKEv2 negotiation and IPSec tunneling within the Packet Tunnel Provider extension? Or are there limitations that would prevent implementing a full IKEv2 stack this way? Any insights or alternative approaches would be appreciated. Thanks!

I'm seeking help troubleshooting a persistent com.apple.IdentityLookup.error.messagefilter Code=3 error when my Message Filter Extension tries to defer to network. I’ve exhausted Apple documentation and forum posts, and Apple Support has asked me to escalate this via the forums to reach engineering. ✅ My Setup: Xcode: 16.2 macOS: Sequoia 15.3.1 (Apple Silicon Mac mini) Device: iPhone 14 Pro iOS: 18.3.2 (Developer Mode enabled) Tested via: TestFlight install on real device 📦 App Structure: Main App Target (minimal "hello world" logic) Message Filter Extension Target Messages Extension Target Message Reporting Extension Target Notifications Extension Target ✅ Capabilities & Configurations Main App Capabilities: App Groups: group.com.example.shared Network Extensions: Content Filter Associated Domains: messagefilter:my-api.example.com applinks:my-api.example.com Message Filter Capabilities: App Groups: same as main app Network Extensions: Content Filter Associated Domains: same as above 📄 Info.plist Config Main App Info.plist: NSAppTransportSecurity with: NSAllowsArbitraryLoads = YES Exception domain my-api.example.com with: NSIncludesSubdomains = YES NSTemporaryExceptionAllowsInsecureHTTPLoads = YES NSTemporaryExceptionMinimumTLSVersion = TLSv1.2 MessageFilter Info.plist: Same ATS settings as above NSExtension block: <key>NSExtension</key> <dict> <key>NSExtensionAttributes</key> <dict> <key>ILMessageFilterExtensionNetworkURL</key> <string>https://my-api.example.com/api/sms-filter</string> <key>ILClassificationExtensionSMSReportDestination</key> <string>+10000000000</string> </dict> <key>NSExtensionPointIdentifier</key> <string>com.apple.identitylookup.message-filter</string> <key>NSExtensionPrincipalClass</key> <string>$(PRODUCT_MODULE_NAME).MessageFilterExtension</string> </dict> 📜 Entitlements Main App Entitlements <key>com.apple.developer.associated-domains</key> <array> <string>messagefilter:my-api.example.com</string> <string>applinks:my-api.example.com</string> </array> <key>com.apple.developer.networking.networkextension</key> <array> <string>content-filter-provider</string> </array> <key>com.apple.security.application-groups</key> <array> <string>group.com.example.shared</string> </array> Message Filter Extension Entitlements Identical to main app’s, scoped to the extension. 📄 AASA File (Hosted on https://my-api.example.com/.well-known/apple-app-site-association) Serves as application/json, returns 200 OK, and is reachable on device via Safari. Logs confirm AASA is downloaded and installed successfully during TestFlight install. { "applinks": { "apps": [], "details": [ { "appID": "TEAMID.com.example.app", "paths": ["*"] }, { "appID": "TEAMID.com.example.app.MessageFilter", "paths": ["*"] } ] }, "messagefilter": { "apps": [], "details": [ { "appID": "TEAMID.com.example.app", "filterType": "URL", "domains": ["my-api.example.com"] }, { "appID": "TEAMID.com.example.app.MessageFilter", "filterType": "URL", "domains": ["my-api.example.com"] } ] }, "classificationreport": { "apps": [], "details": [ { "appID": "TEAMID.com.example.app", "domains": ["my-api.example.com"] }, { "appID": "TEAMID.com.example.MessageReporting", "domains": ["my-api.example.com"] } ] } } ❌ The Problem When the extension launches and receives an SMS to classify, logs show: deferQueryRequestToNetwork failed: The operation couldn’t be completed. (com.apple.IdentityLookup.error.messagefilter error 3.) The extension loads, network URL is available, the AASA is installed, and yet the extension is not allowed to defer to network. This occurs every time. 🧪 Other Notes Tried rebuilding everything from scratch Archiving to TestFlight, not running via Xcode Clean entitlements verified using codesign -d --entitlements :- Console logs show no issues with AASA download or validation Any help or insights from Apple engineering or others in the community who have successfully deployed a working Message Filter Extension would be hugely appreciated. Thanks in advance 🙏

The newly introduced enum value NEProviderStopReasonInternalError (macOS 15.1) is not documented (assuming being documented means having at least a sentence describing the enum value). [Q] What kind of situation is the NEProviderStopReasonInternalError enum value supposed to describe? An internal error that requires to try to restart the provider? A fatal error that requires to reinstall macOS? A fatal error that requires to purchase a new Mac? Something less serious but with a human friendly description in the headers (I'm using Xcode 16.2) and online documentation.

We are developing a macOS application for distribution outside the Mac App Store. This application requires additional entitlements, including Keychain access groups, Network Extension, App Groups, and Sandbox. Both the app and the network extension import a custom framework. After creating the .app via Xcode, I ensured that a new Developer ID Application provisioning profile was generated. These profiles were then injected into the Contents folder of the .app and Plugins/.netappex as embedded.provisionprofile. Next, .entitlements files were created with the necessary "-systemextension" entitlement for the network extension and used for code signing. When inspecting the extracted entitlements from the .provisioningprofile as described in TN3125, everything appears correct. Code signing flow: codesign --force --options runtime --timestamp --sign "Developer ID Application: <team>" <.app>/Contents/Frameworks/<sdk>.framework/ codesign --force --options runtime --timestamp --sign "Developer ID Application: <team>" <.app>/Contents/PlugIns/vpn.appex/Contents/Frameworks/<sdk>.framework/Versions/A/<sdk> codesign --force --options runtime --entitlements <vpn-plist>.entitlements --timestamp --sign "Developer ID Application: <team>" <.app>/Contents/PlugIns/vpn.appex/ codesign --force --options runtime --entitlements <app-plist>.entitlements --timestamp --sign "Developer ID Application: <team>" <.app> The .app is then zipped with ditto -c -k --keepParent and set off for notarization, which is succesful and the .app is stapled. After that, a .dmg or .pkg is created, which is then sent for notarization and subsequently stapled. The problem occurs when the app is distributed to the client. Opening the extracted .app fails, as Gatekeeper refuses to launch it with the following error message: 661 debug staticCode syspolicyd Security 0x88d68d818 done serializing <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>com.apple.application-identifier</key><string><teamid.bundleid></string><key>com.apple.developer.networking.networkextension</key><array><string>packet-tunnel-provider-systemextension</string></array><key>com.apple.developer.team-identifier</key><string>team-id</string><key>com.apple.security.app-sandbox</key><true/><key>com.apple.security.application-groups</key><array><string>teamid.group.appgroup</string></array><key>com.apple.security.files.user-selected.read-write</key><true/><key>com.apple.security.network.client</key><true/><key>com.apple.security.network.server</key><true/><key>keychain-access-groups</key><array><string>teamid.group.appgroup</string></array></dict></plist> com.apple.securityd 22207 debug ProvisioningProfiles taskgated-helper ConfigurationProfiles entitlements: { "com.apple.developer.networking.networkextension" = ( "packet-tunnel-provider-systemextension" ); "com.apple.developer.team-identifier" = team-id; "keychain-access-groups" = ( “teamid.group.appgroup” ); } com.apple.ManagedClient 22207 error ProvisioningProfiles taskgated-helper ConfigurationProfiles <bundle-id>: Unsatisfied entitlements: com.apple.developer.team-identifier, com.apple.developer.networking.networkextension, keychain-access-groups com.apple.ManagedClient After encountering this problem every time, we tried using a different development team with a new bundle ID, app groups, developer ID, developer ID certificate, and provisioning profiles. The .entitlements file remained the same (with different IDs), as did the capabilities for the App IDs in App Store Connect. With this new development team, we were successful, and the gatekeeper did not block the launch job. From a configuration standpoint, everything appears identical. Updating the App Store Connect App ID capabilities and generating new provisioning profiles for the first development team did not resolve the issue. Thank you for your help.

Hi everyone, I developed an Android version of a VPN app built with Flutter using OpenVPN, and it works perfectly on Android. However, when porting it to iOS, I’ve encountered an issue: the app connects successfully but then automatically disconnects when tested via TestFlight. We’ve already added all the necessary network extensions. Despite this, we decided to submit the app to the App Store. It’s been five days now, and the app is still 'Waiting for Review.' Could anyone share their experience deploying and working on an iOS version of a VPN app? I’d really appreciate your insights!

We have developed a DNS filter based on NEDNSProxyProvider. It works great for a minute, then it stops responding. Our logs indicate that during the outage our extension gets DNS requests and formulates DNS responses that it hands back to the OS, but from outside of our code it is as though our extension is not responding.

When I used the iPhone 11 to scan the wifi connection, the system reported an error,   ‘’’ let config = NEHotspotConfiguration(ssid: name, passphrase: passwd, isWEP: false) let manager = NEHotspotConfigurationManager() manager.apply(config) { error in      } ’’’ NEHotspotConfigurationErrorDomain Code=8 “internal error.” , the only thins that fixes this issue it restarting the iPhone. What is the reason for this and how to solve it? Reference link: https://developer.apple.com/forums/thread/111638 https://cloud.tencent.com/developer/ask/sof/114654981

I would like to develop a macOS app that would automatically switch Network Locations based on certain criteria. I want to publish this on the Mac App Store, but I'm unsure if this functionality is permitted. I've searched through the App Store Review Guidelines and documentation on NetworkExtension and SystemConfiguration frameworks, but I haven't found clear information on whether: Programmatically changing Network Locations is allowed in sandboxed App Store apps What specific entitlements would be required If there are any API-approved ways to do this without shell commands I'd like to avoid investing significant development time if this type of functionality would ultimately be rejected. As a relatively new Apple platform developer, any guidance on: The appropriate frameworks/APIs to use Required entitlements Whether this functionality is even permitted for App Store distribution would be incredibly helpful. Thank you in advance for any insights!

Hello, I'm having some problems starting my DNS proxy network extension. Even after I call NEDNSProxyManager.saveToPreference() successfully I don't see any logs from my dns proxy. This is the code from the user space app: import SwiftUI import NetworkExtension func configureDNSProxy() { let dnsProxyManager = NEDNSProxyManager.shared() dnsProxyManager.loadFromPreferences { error in if let error = error { print("Error loading DNS proxy preferences: \(error)") return } dnsProxyManager.localizedDescription = "my DNS proxy" let proto = NEDNSProxyProviderProtocol() proto.providerBundleIdentifier = "com.myteam.dns-proxy-tests.ne" dnsProxyManager.providerProtocol = proto // Enable the DNS proxy. dnsProxyManager.isEnabled = true dnsProxyManager.saveToPreferences { error in if let error = error { print("Error saving DNS proxy preferences: \(error)") } else { NSLog("DNS Proxy enabled successfully") } } } } @main struct dns_proxy_testsApp: App { var body: some Scene { WindowGroup { ContentView() } } init() { configureDNSProxy() } } This is the code for my network extension(DNSProxyProvider.swift): import NetworkExtension class DNSProxyProvider: NEDNSProxyProvider { override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) { NSLog("dns proxy ne started") completionHandler(nil) } override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { NSLog("dns proxy ne stopped") completionHandler() } override func sleep(completionHandler: @escaping () -> Void) { NSLog("dns proxy ne sleep") completionHandler() } override func wake() { NSLog("dns proxy ne wake") } override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { NSLog("dns proxy ne flow") return true } } The bundle identifier for my network extension is: com.myteam.dns-proxy-tests.ne and both the user space app and the network extension have the DNS Proxy capability. Both have the same app group capability with the same group name group.com.myteam.dns-proxy-test. The info.plist from the network extension look like this(I didn't really modify it from the default template created by xcode) <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>NetworkExtension</key> <dict> <key>NEMachServiceName</key> <string>$(TeamIdentifierPrefix)com.example.app-group.MySystemExtension</string> <key>NEProviderClasses</key> <dict> <key>com.apple.networkextension.dns-proxy</key> <string>$(PRODUCT_MODULE_NAME).DNSProxyProvider</string> </dict> </dict> </dict> </plist> In the logs I do see DNS Proxy enabled successfully and also I see: NESMDNSProxySession[Primary Tunnel:my DNS proxy:<...>:(null)] starting with configuration: { name = my DNS proxy identifier = <..> applicationName = dns-proxy-tests application = com.myteam.dns-proxy-tests grade = 1 dnsProxy = { enabled = YES protocol = { type = dnsProxy identifier = <...> identityDataImported = NO disconnectOnSleep = NO disconnectOnIdle = NO disconnectOnIdleTimeout = 0 disconnectOnWake = NO disconnectOnWakeTimeout = 0 disconnectOnUserSwitch = NO disconnectOnLogout = NO includeAllNetworks = NO excludeLocalNetworks = NO excludeCellularServices = YES excludeAPNs = YES excludeDeviceCommunication = YES enforceRoutes = NO pluginType = com.myteam.dns-proxy-tests providerBundleIdentifier = com.myteam.dns-proxy-tests.ne designatedRequirement = identifier "com.myteam.dns-proxy-tests.ne" <...> /* exists */ } } } But then I see: Checking for com.myteam.dns-proxy-tests.ne - com.apple.networkextension.dns-proxy But then finally Found 0 registrations for com.myteam.dns-proxy-tests.ne (com.apple.networkextension.dns-proxy) So I think that last log probably indicates the problem. I'm a bit lost at what I'm doing wrong so I'd be super thankful for any pointer!

We have a NEFilterDataProvider extension that intercepts all TCP and UDP IPv4/6 traffic. At times just after wakeup from sleep, it causes internet access issues, such as showing "This site can't be reached" when opening websites. The traffic is not being dropped by the extension. According to the logs, the connection is being closed after approximately 4 minutes. During the issue, the flow logs are as follows: Flow 515129771 is connecting New flow: NEFlow type = stream, app = com.google.Chrome.helper... Detaching, ref count = 2 (logged after ~4 minutes) Sending close, how = 2 Removing from group 2, ref count = 2 Destroying, app tx 0, tunnel tx 0, tunnel rx 0 Closing reads, not closed by plugin Closing writes, not sending close Any suggestions on the possible cause and how to further debug it?

I am working on a macos application that uses NetworkExtension and works fine in the debug environment. However, when I use the Release package, I am always prompted that my description file does not contain NetworkExtension. I am sure that my description file does contain NetworkExtension. How to solve this problem

I am writing to seek clarification on two technical issues related to iOS frameworks (CoreBluetooth and NetworkExtension). These observations are critical for optimizing our app's performance, and I would appreciate any official guidance or documentation references. CoreBluetooth Scanning Frequency and Cycle Issue: We noticed inconsistent BLE device discovery times (ranging from 0.5s to 1.5s) despite the peripheral advertising at 2Hz (500ms interval). Questions: Does iOS regulate the BLE scan interval or duty cycle internally? If yes, what factors affect this behavior (e.g., foreground/background state, connected devices)? Are there recommended practices to reduce discovery latency for peripherals with fixed advertising intervals? Is there a way to configure scan parameters (e.g., scan window/interval) programmatically, similar to Android's BluetoothLeScanner? Test Context: Device: iPhone 13 mini (iOS 17.6.1) Code: CBCentralManager.scanForPeripherals(withServices: nil, options: [CBCentralManagerScanOptionAllowDuplicatesKey: true]) NEHotspotConfigurationManager Workflow and Latency Issue: Using NEHotspotConfigurationManager.shared.apply(_:) to connect to Wi-Fi occasionally takes up to 8 seconds to complete. Questions: What is the internal workflow of the apply method? Does it include user permission checks, SSID scanning, authentication, or IP assignment steps? Are there known scenarios where this method would block for extended periods (e.g., waiting for user interaction, network timeouts)? Is the latency related to system-level retries or radio coexistence with other wireless activities (e.g., Bluetooth)? Test Context: Configuration: NEHotspotConfiguration(ssid: "TestSSID") Behavior: Delay occurs even when the Wi-Fi network is in range and credentials are correct.

I am writing to seek clarification on two technical issues related to iOS frameworks (CoreBluetooth and NetworkExtension). These observations are critical for optimizing our app's performance, and I would appreciate any official guidance or documentation references. CoreBluetooth Scanning Frequency and Cycle Issue: We noticed inconsistent BLE device discovery times (ranging from 0.5s to 1.5s) despite the peripheral advertising at 2Hz (500ms interval). Questions: Does iOS regulate the BLE scan interval or duty cycle internally? If yes, what factors affect this behavior (e.g., foreground/background state, connected devices)? Are there recommended practices to reduce discovery latency for peripherals with fixed advertising intervals? Is there a way to configure scan parameters (e.g., scan window/interval) programmatically, similar to Android's BluetoothLeScanner? Test Context: Device: iPhone 13 mini (iOS 17.6.1) Code: CBCentralManager.scanForPeripherals(withServices: nil, options: [CBCentralManagerScanOptionAllowDuplicatesKey: true]) NEHotspotConfigurationManager Workflow and Latency Issue: Using NEHotspotConfigurationManager.shared.apply(_:) to connect to Wi-Fi occasionally takes up to 8 seconds to complete. Questions: What is the internal workflow of the apply method? Does it include user permission checks, SSID scanning, authentication, or IP assignment steps? Are there known scenarios where this method would block for extended periods (e.g., waiting for user interaction, network timeouts)? Is the latency related to system-level retries or radio coexistence with other wireless activities (e.g., Bluetooth)? Test Context: Configuration: NEHotspotConfiguration(ssid: "TestSSID") Behavior: Delay occurs even when the Wi-Fi network is in range and credentials are correct.

I am developing an App based on Network Extension that lets all network requests on device access the Internet through a private Relay. I created an empty iOS App and only the entitlements file and ViewController.swift(Main.storyboard) file have been modified. The code was copied from the official video https://developer.apple.com/videos/play/wwdc2023/10002/ But, running the App on iPhone, the saveToPreferences API reported Error Domain=NERelayErrorDomain Code=3 "(null)" and the App doesn't look like it's changed at all (it doesn't jump to the Settings - VPN&Relay). Does anyone know why？Any reply would be greatly appreciated. The contents of the entitlements file: <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.developer.networking.networkextension</key> <array> <string>relay</string> </array> </dict> </plist> ViewController.swift: import UIKit import NetworkExtension class ViewController: UIViewController { override func viewDidLoad() { super.viewDidLoad() // Do any additional setup after loading the view. } @IBAction func tap(_ sender: Any) { let newRelay = NERelay() let relayURL = URL(string: "https://relay.example.com:443/") newRelay.http3RelayURL = relayURL newRelay.http2RelayURL = relayURL newRelay.additionalHTTPHeaderFields = ["Authorization" : "PrivateToken=123"] let manager = NERelayManager.shared() manager.relays = [newRelay] manager.matchDomains = ["internal.example.com"] manager.isEnabled = false manager.saveToPreferences { err in print(err) } } }

hi everybody, When I use the following code to connect to WiFi network, an error message of "error=null" or "error='Error Domain=NEHotspotConfigurationErrorDomain Code=11 "" UserInfo={NSLocalizedDescription=}' " will occur. It has been uploaded to Feedback. Feedback ID： FB16819345 (WiFi-无法加入网络) NEHotspotConfiguration *hotspotConfig = [[NEHotspotConfiguration alloc] initWithSSID:ssid passphrase:psk isWEP:NO]; [[NEHotspotConfigurationManager sharedManager] applyConfiguration:hotspotConfig completionHandler:^(NSError * _Nullable error) { }];

Hi there, I'm trying to build a MacOS VPN application from scratch. My VPN application is slightly from normal ones, It will include an authentication token and underlying process information (pid, application path etc.) in each connection made to the VPN gateway. Consider it a poor man's zerotrust implementation. NetworkExtension and PacketTunnel is a must, thus to retrieve process information via audit tokens. However, I'm unable to find any working examples that can be built on MacOS 15.X. I tried to open an TSI case but didn't receive anything useful. Anyone?

I am subscribed to an individual developer license. https://developer.apple.com/documentation/xcode/configuring-network-extensions "Network Extension" does not appear in the Capability section in Xcode. Below is my Xcode screenshot.

Dear Apple： We found that after mirroring an iPhone and a Mac, calling the NEHotspotConfigurationManager applyConfiguration interface on the iPhone fails to connect to Wi-Fi. Are there any restrictions on using this interface in mirror mode?