Hi, I'm using the reachability framework in order to register network status event for a specific address (address_st in the code below)... I'd like to support change of address which will trigger unregister from the old address and register to the new one. How can it be done ? SCNetworkReachabilityRef reachabilityRef = SCNetworkReachabilityCreateWithAddress(NULL, reinterpret_cast<sockaddr *>(&address_st)); SCNetworkReachabilityContext context = {0, NULL, NULL, NULL, NULL}; SCNetworkReachabilitySetCallback(reachabilityRef, ReachabilityCallback, &context)) SCNetworkReachabilitySetDispatchQueue(reachabilityRef, dispatch_queue_create("com.reachability.test", nil)); thanks,

General: DevForums tag: Network Extension Network Extension framework documentation Wi-Fi management: Wi-Fi Fundamentals DevForums post TN3111 iOS Wi-Fi API overview technote Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com"

I'm working on a React Native (IOS) app which has a feature to scan the available network list and pass the network ID with valid credentials to connect a wifi bridge with network. Why do I need to scan the wifi network list: the app will be communicating with a Custom Wifi Bridge whose role is to just transfer the API calls, since our app is hardware oriented, we have a bluetooth enabled hygrometer involved, so in order to connect the wifi bridge with a wifi source we need to have a way to first scan and then connect to it. Can you help me out with this, since I can't find any relevant help. Thanks.

Hello We are developing our own iOS Network Extensions-based VPN and it has an HTTP proxy in the VPN. In addition, we also use PAC (Proxy auto-configuration) script to configure what kind of HTTP/HTTPS traffic should route to our proxy in the VPN. However, we get this kind of message "Received XPC error Connection invalid for message type 3 kCFNetworkAgentXPCMessageTypePACQuery" randomly on iOS 15.5. We have not been aware of any weird behavior of iOS based on the error message. We are afraid of this error message is caused by our VPN solution. Is there any suggestion that should consider or follow to fix this error?

The .includeAllNetworks flag on the NEVPNProtocol object seems suitable for use as a vpn "kill switch." At the very least, the documentation specifies that "if this value is true and the tunnel is unavailable, the system drops all network traffic." Our application has a UI element that allows the user to toggle this setting, for the purposes of ensuring that all of their traffic is sent through the VPN connection. We're encountering an issue, however: it appears that, with this setting enabled, any NWTCPConnection returned by NEPacketTunnelProvider.createTCPConnectionThroughTunnel will never connect. It stays in the .connecting state and never advances to the .connected state. The documentation for this method states that this method can be used "to create a TCP connection to an endpoint inside the private network." Does this mean that the remote endpoint being connected to by createTCPConnectionThroughTunnel must reside inside the private network being connected to by the tunnel in order for it to work properly with the .includeAllNetworks setting? Or is the documentation simply suggesting that the TCP connection is tunneled through the private network? Other web pages seem to be loading just fine while this tunnel is active, it is just the connections returned by this function that seem to be timing out with .includeAllNetworks set to true. If I set it to false, the NWTCPConnection objects returned by this function transition to the .connected state just fine and data can be passed through them with no problems. Is this expected behavior, or is this a possible manifestation of something misconfigured in the VPN profile? Edit: I tested a bit more and it looks like even local connections over the private network seem to time out; I set up an endpoint within the VPN at 10.1.0.1 and createTCPConnectionThroughTunnel was still unable to connect with .includeAllNetworks set to true.

Hi there, We have a batch of customer ipad running our software older version with dnsproxy. They have not been running for a while. Then it is found that these devices cannnot load dnsproxy network extension and no network access anymore. Below is the ipad console. iPad neagent(NetworkExtension)[220] <Error>: Failed to start extension com.***.ios-dns.ext: Error Domain=PlugInKit Code=4 "RBSLaunchRequest error trying to launch plugin com.***.ios-dns.ext(***): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x14de85170 {Error Domain=NSPOSIXErrorDomain Code=85 "Bad executable (or shared library)" UserInfo={NSLocalizedDescription=Launchd job spawn failed with error: 85}}}" UserInfo={NSLocalizedDescription=RBSLaunchRequest error trying to launch plugin com.***.ios-dns.ext(***): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0x14de85170 {Error Domain=NSPOSIXErrorDomain Code=85 "Bad executable (or shared library)" UserInfo={NSLocalizedDescription=Launchd job spawn failed with error: 85}}}} I guess it is because the dnsproxy provisioning profile there expires already? In this case is there any way to retain the network access remotely? There are hundreds of them. Cannot imagine need to remove the app one by one manually. Furthermore, is there any way to avoid such a situation: devices wakeup after not in use for some time, provisioning profile expires, not able to load dnsproxy network extension and no network anymore. Thanks in advance for any suggestion, Richard

Hi, I was working on a feature based on dns packet parsing in the VPN solution of my app on iOS. I was using the dns_parse_packet api from dnsutils.h class, which was able to parse dns requests and reply packets from raw bytes quite efficiently. I had tested this flow on iOS 15.2 but after updating to iOS 15.5 this api does not seem to work anymore. Has this API been deprecated or is this a bug in iOS 15.5?

Hi, I have a question regarding NEHotspotHelper, I understand that as soon as the user tries to connect to a new network, We get an Evaluate command and the hotspot helper app has 45 seconds to deliver a response for it. Referring to [this](Authentication State Machine (apple.com)) document. I wanted to understand, if the user tries changing the access points frequently like first start connecting to one access point, then second so on, are the evaluate commands for these added in the hotspot queue (the one that we register our app with) one after another or does the system wait for the delivering of the response for 1 access point?

Hi, We have a macOS app that starts the system network extension to provide the VPN service. I'm integrating the Crashpad to report crashes from the system network extension. To handle and report the crashes, in the network extension, we start the crash handler in a separate process and it listens to the Mach port for EXC_CRASH exceptions. The crash handler needs to access the file system to create crash reports database. But I'm getting the "Applications Support" directory from the network extension, but the path is not found. Here's the error: execvp /var/root/Library/Containers/<bundle ID>/Data/Library/Application Support/Crash/handler_mac: No such file or directory

Our TPP excludes our own processes from oversight, which makes some things very easy. Only I just found out that when our app uses a WKWebView... it's very securely shuffled off into its own process. With its own signing identifier. And a ppid of launchd. How could I tell that a com.apple.WebKit.Networking process is related to our process? (I note that the Endpoint Security Framework has added a "responsible" audit token, presumably for this sort of situation.)

We're developing an application which involves Packet Tunnel Provider extension. Inside the extension we connect to remote server to get tunnel config profile and authentication parameters, followed by tunnel creation. If we are not able to establish the tunnel, we would like to notify the user via the containing app. It is possible the tunnel extension is running when the containing app is not running, so we decided to send a notification (via UserNotifications) to achieve the same. Requirement is that: If containing app is in foreground, notification should not be displayed, app handles whatever is required If app is in foreground, when user clicks on the notification, app should come into foreground and handle it If app is not running, app should launch and handle the notifications If user launchers app/app comes into foreground, app handles all shown notifications and clears them We are trying to achieve this by implementing the UNUserNotificationCenterDelegate in AppDelegate of containing app. Now all above requirements are fulfilled when the notification is published by the containing app, but when published by the NEPacketTunnelProvider extension, the notification appears but clicking on it does not call the appropriate delegate function in containing app. We want to support MacOS 10.15 and above if possible. We are testing on MacOS 12.4 and 12.3.2 for now. Please help with same or suggest a better way of notifying the user that some action is required and containing app needs to be opened.

Hi, I have an extension using NEPacketTunnelProvider, I need bind both lan address and localhost so that other apps can connect it and transfer data. I found that if I bind INADDR_LOOPBACK, other apps on the phone can connect it using the localhost(127.0.0.1) If I bind INADDR_ANY, other apps on the phone can connect it using the lan address but not the localhost(127.0.0.1) My question is why other app on the phone can not connect using localhost(127.0.0.1) when binding INADDR_ANY? Thank you. NEPacketTunnelNetworkSettings: Exclude route: 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 255.255.255.255/32, 239.255.255.250/32, fc00::/7, fe80::/10, ff02::c/128, ff05::c/128, ff08::c/128, ff0e::c/128 Include route: [NEIPv4Route defaultRoute] NEProxySettings with HTTPEnabled and HTTPSEnabled to localhost (a http server) NEProxySetting exception: 192.168.0.0/16, 127.0.0.0/8, 169.254.0.0/16, 10.0.0.0/8, 172.16.0.0/12, 255.255.255.255/32, localhost, *.local, captive.apple.com NEProxySetting excludeSimpleHostnames: YES

Hi There, We have a VPN application built on top of the Packet Tunnel Provider. We are seeing an issue that once our containing application crashed, the packet tunnel provider keeps running. We could detect the crash from the tunnel, but there is no way for us to stop the VPN because on-demand will bring back VPN all the time. Since there is no way to disable on-demand rule within the packet tunnel provider, is it possible that we can programmatically launch the crash application from the packet tunnel provider? Something like iOS's silent push notification could work too since all we need is to disable on-demand rule from the application and stop VPN.

I have a Packet Tunnel Provider that works ok in development, but fails calling NETunnelProviderManager.saveToPreferencesWithCompletionHandler with "permission denied" upon being opened by App Review. If it means anything, I just switched my account from personal to company/organization so I could distribute a VPN app, and the app is signed with an Apple Distribution cert created for the company. The provisioning profiles for the container app and the extension are both signed with this cert and both have Network Extensions and Personal VPN entitlements. What is missing that is preventing the distribution to the App Store from working properly?

ipad lock screen app cut to background hang after unlocking and restoring the app may lead to several minutes of inability to connect to LAN devices XCode 13.2.1 iPad ios 15.4.1