Hello, We would like to track the open sockets on the machine. we don't want to use a constantly running thread that polls the open sockets (such as by using sysctlbyname) since it sometimes will miss short-lived sockets. After some research we decided to implement a content filter (NEFilterDataProvider) that pass-through every socket flow. However, as we see and read in the forum, all previously opened sockets are disconnected once the filter is applied, which is an undesired thing for users using a VPN that will disconnect as well. We would like to know if there is a better way to track all sockets, preferably in an event-driven way, or, to prevent the existing sockets from disconnecting if we use the filter or other network extension.

I found my mac automatically connects to the Google server 8.8.8.8 and 8.8.4.4 that I haven't set in my mac. I figured out it seems to be set via /Library/Preferences/com.apple.networkextension.control.plist as follows: { CriticalDomains = ( "cheeserolling.apple.com", "woolyjumper.sd.apple.com", "basejumper.apple.com", "basejumper-vip.sd.apple.com", "basejumper.sd.apple.com", "locksmith.apple.com", "gdmf-staging-int.apple.com", "pallas-uat.rno.apple.com", "pr2-pallas-staging-int-prz.apple.com", "livability-api.swe.apple.com" ); } I cannot find any info about those domains online. I am wondering if it is possible like for apple staffs to set those CriticalDomains to control the connections to servers.

We have a network content-filter consisting of a main target/GUI, a FilterDataProvider extension and a FilterControlprovider extension. The app is installed via MDMs and works without issues the vast majority of times, but during testing of TestFlight builds we've found that intermittently the device fails to install the network extensions and blocks internet access. The GUI is working fine though. From the logs we can see that when this happens the device tries to start the network extensions repeatedly. The issue is solved by restarting the device. Has anyone experienced similar issues or have some ideas of what might cause this behaviour? These are some of the logs we see in Console: neagent [u E6D696F2-62FB-4262-A97C-B2006EC528C5:m (null)] [<private>(<private>)] Hub connection error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named <BundleID>.FilterDataProvider" ugDescription=connection to service named <BundleID>.FilterDataProvider}code-block Failed to start the data extension <BundleID>.FilterDataProvider: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named <BundleID>.FilterDataProvider" ugDescription=connection to service named <BundleID>.FilterDataProvider} nehelper Denying connection from nesessionmanager (264) because it is missing the com.apple.private.network.socket-delegate entitlement nesessionmanager <BundleID>[inactive]: starting launchd Service could not initialize: posix_spawn(/private/var/containers/Bundle/Application/F84E2325-05A6-4DC2-8DD6-20C97EF43E8D/<AppName>.app/PlugIns/FilterDataProvider.appex/FilterDataProvider) failed, error 0x2 - No such file or directory nesessionmanager NEFilterPlugin(<BundleID>[inactive]): Sending start command nesessionmanager <BundleID>[inactive]: starting neagent Looking for a data extension with identifier <BundleID>.FilterDataProvider neagent [d <private>] <PKHost:0x718915550> Query: { NSExtensionIdentifier = "<BundleID>.FilterDataProvider"; NSExtensionPointName = "com.apple.networkextension.filter-data"; } neagent Found 1 data extension(s) with identifier <BundleID>.FilterDataProvider neagent Looking for a control extension with identifier <BundleID>.FilterControlProvider neagent [d <private>] <PKHost:0x718915550> Query: { NSExtensionIdentifier = "<BundleID>.FilterControlProvider"; NSExtensionPointName = "com.apple.networkextension.filter-control"; } neagent Found 1 control extension(s) with identifier <BundleID>.FilterControlProvider neagent Beginning data extension request with extension <BundleID>.FilterDataProvider neagent [u C743CE7B-9E19-4A41-BF46-91AEFB24169D:m (null)] [<private>(<private>)] Failed to start plugin; pkd returned an error: Error Domain=PlugInKit Code=4 .<AppName>.FilterDataProvider(C743CE7B-9E19-4A41-BF46-91AEFB24169D): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch ErrorDomain Code=2 "No such file or directory" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}" UserInfo={NSLocalizedDescription=RBSLaunchRequest error trying to launch 7B-9E19-4A41-BF46-91AEFB24169D): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xdb88df3d0 {Error UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}} neagent Extension request with data extension <BundleID>.FilterDataProvider started with identifier (null) neagent Failed to start the data extension <BundleID>.FilterDataProvider: Error Domain=PlugInKit Code=4 "RBSLaunchRequest error trying to launch vider(C743CE7B-9E19-4A41-BF46-91AEFB24169D): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., SIXErrorDomain Code=2 "No such file or directory" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}" UserInfo={NSLocalizedDescription=RBSLaunchRequest error trying to DataProvider(C743CE7B-9E19-4A41-BF46-91AEFB24169D): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., SIXErrorDomain Code=2 "No such file or directory" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}} nesessionmanager NESMFilterSession[FilterDataProvider:0C4C9E40-5005-47A5-8C60-F7C8630F29DF] in state NESMFilterSessionStateStarting: plugin NEFilterPlugin(e with error: 1 nesessionmanager <BundleID>[266]: disposing neagent Initializing the delegate neagent App <BundleID> is not installed or is not valid neagent App <BundleID> is not installed or is not valid neagent Failed to find a com.apple.networkextension.filter-data extension inside of app <BundleID> neagent NEAgentSession: failed to create the delegate nesessionmanager <BundleID>[259]: Tearing down XPC connection due to setup error: Error Domain=NEAgentErrorDomain Code=2 "(null)" nesessionmanager <BundleID>[259]: XPC connection went away nesessionmanager NESMFilterSession[FilterDataProvider:0C4C9E40-5005-47A5-8C60-F7C8630F29DF]: Failed to start with error: Error Domain=NEAgentErrorDomain Code=2 "(null)"

Hi, Need some help figuring out the options and actions on following situations: When there are two or more enterprise VPNs installed on a device, one is currently active (some other brand tunnel packet provider). Then the user opens my app that triggers the opening of my network extension packet tunnel provider. Can that situation be identified so a notification be prompted to the user? Can my packet tunnel provider get / have priority over the current running packet tunnel provider? Please guid / direct to relevant document. Thanks in advance, ~r

I use NEHotspotNetwork.fetchCurrentWithCompletionHandle, but it gives me Nil for both SSID and BSSID #import "FPPHotspotNetworkInfoProvider.h" #import <NetworkExtension/NetworkExtension.h> @implementation FPPHotspotNetworkInfoProvider - (void)fetchNetworkInfoWithCompletionHandler: (void (^)(FPPNetworkInfo *network))completionHandler API_AVAILABLE(ios(14)) { [NEHotspotNetwork fetchCurrentWithCompletionHandler:^( NEHotspotNetwork *network) { dispatch_async(dispatch_get_main_queue(), ^{ if (network) { completionHandler([[FPPNetworkInfo alloc] initWithSSID:network.SSID BSSID:network.BSSID]); return; } completionHandler(nil); }); }]; } @end Do I need approval from Apple for this? If so, could you please provide guidance on how to obtain it? Thank you.

Hi, I am working on the app for some basic concept, I would like to intercept both DNS and IP connections. I succeeded in intercepting DNS using NEDNSProxyProvider, however I seem to have some troubles with IPConnections using NEFilterDataProvider. First thing, I have three targets in my app. For some reason, when I run DNS Proxy Extension target it doesn't ask me to choose the app for target run, and after the application if launched, it correctly intercepts DNS traffic and inits NEDNSProxyManager ps: all logs are correctly displayed for NEFilterDataProvider However, when I try to run Filter Data Extension target with Content Filter capability, it asks me to choose the app for run. Even tho I checked the Build Settings and those are identical to DNS Proxy Extension target. And finally, when I run main target it still inits NEDNSProxyManager properly and the NEFilterManager returns this warning -[NEFilterManager saveToPreferencesWithCompletionHandler:]_block_invoke_3: failed to save the new configuration: (null) I tried to log the configuration and compared to some code samples, but I can't identify the problem. I'd very grateful if somebody could suggest where the problems might be (targets builds difference & NEFilterManager config) I will attach a sample of code where I add configuration to my NEFilterManager // MARK: - FilterDataManager final class FilterDataManager: NSObject, ObservableObject { // MARK: - Properties private let manager = NEFilterManager.shared() private let filterName = "Data Filter" @Published private(set) var isEnabled: Bool? = nil // MARK: - Singleton static let shared = FilterDataManager() // Cancellables set private var subs: Set<AnyCancellable> = [] private override init() { super.init() enable() manager.isEnabledPublisher() .receive(on: DispatchQueue.main) .sink(receiveValue: { [weak self] isEnabled in self?.setIsEnabled(isEnabled) }) .store(in: &subs) } // MARK: - Filter Configurations func enable() { manager.updateConfiguration { [unowned self] manager in manager.localizedDescription = filterName manager.providerConfiguration = createFilterProviderConfiguration() manager.isEnabled = true } completion: { result in guard case let .failure(error) = result else { return } Log("Filter enable failed: \(error)", prefix: "[Filter]") } } private func createFilterProviderConfiguration() -> NEFilterProviderConfiguration { let configuration = NEFilterProviderConfiguration() configuration.organization = "***" configuration.filterBrowsers = true configuration.filterSockets = true return configuration } func disable() { Log("Will disable filter", prefix: "[Filter]") manager.updateConfiguration { manager in manager.isEnabled = false } completion: { result in guard case let .failure(error) = result else { return } Log("Filter enable failed: \(error)") } } private func setIsEnabled(_ isEnabled: Bool) { guard self.isEnabled != isEnabled else { return } self.isEnabled = isEnabled Log("Filter \(isEnabled ? "enabled" : "disabled")", prefix: "[Filter]") } } ```Swift extension NEFilterManager { // MARK: - NEFilterManager config update func updateConfiguration(_ body: @escaping (NEFilterManager) -> Void, completion: @escaping (Result<Void, Error>) -> Void) { loadFromPreferences { [unowned self] error in if let error, let filterError = FilterError(error) { completion(.failure(filterError)) return } body(self) saveToPreferences { (error) in if let error, let filterError = FilterError(error) { completion(.failure(filterError)) return } completion(.success(())) } } } // MARK: - Publisher enabling func isEnabledPublisher() -> AnyPublisher<Bool, Never> { NotificationCenter.default .publisher(for: NSNotification.Name.NEFilterConfigurationDidChange) .compactMap { [weak self] notification in guard let self else { return nil } return self.isEnabled } .eraseToAnyPublisher() } } // MARK: - FilterError @available(iOS 8.0, *) enum FilterError: Error { /// The Filter configuration is invalid case configurationInvalid /// The Filter configuration is not enabled. case configurationDisabled /// The Filter configuration needs to be loaded. case configurationStale /// The Filter configuration cannot be removed. case configurationCannotBeRemoved /// Permission denied to modify the configuration case configurationPermissionDenied /// Internal error occurred while managing the configuration case configurationInternalError case unknown init?(_ error: Error) { switch error { case let error as NSError: switch NEFilterManagerError(rawValue: error.code) { case .configurationInvalid: self = .configurationInvalid return case .configurationDisabled: self = .configurationDisabled return case .configurationStale: self = .configurationStale return case .configurationCannotBeRemoved: self = .configurationCannotBeRemoved return case .some(.configurationPermissionDenied): self = .configurationPermissionDenied return case .some(.configurationInternalError): self = .configurationInternalError return case .none: return nil @unknown default: break } default: break } assertionFailure("Invalid error \(error)") return nil } }

Hello! I created a simple DNS filter application for iOS but the extension is not launching. I am getting this log message in the console. Failed to start extension edu.stanford.stilakid.testDnsFilter.DNSFiltering: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service" UserInfo={NSDebugDescription=connection to service named edu.stanford.stilakid.testDnsFilter.DNSFiltering.apple-extension-service} For another project with the same code for dns filtering but different bundleID, I also got the following log message. Failed to start extension edu.stanford.sml.rdahlke.controlShift.DNSProxy: Error Domain=PlugInKit Code=4 "RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}" UserInfo={NSLocalizedDescription=RBSLaunchRequest error trying to launch plugin edu.stanford.sml.rdahlke.controlShift.DNSProxy(D26CD63C-4656-4A30-99A0-7C867265DD75): Error Domain=RBSRequestErrorDomain Code=5 "Launch failed." UserInfo={NSLocalizedFailureReason=Launch failed., NSUnderlyingError=0xc62b8c0d0 {Error Domain=NSPOSIXErrorDomain Code=111 "Unknown error: 111" UserInfo={NSLocalizedDescription=Launchd job spawn failed}}}} Also, the log messages I have defined inside the constructor of the dns proxy extension is nowhere to be found in the logs, so I am pretty sure the extension is failing to launch. The debugger attached to the main target app shows no errors as well, so it is able to load and update dnsProtocol. Here is the code: // DNSProxyProvider.swift // DNSFiltering // // Created by Juben Rana on 2/20/24. // import NetworkExtension import os.log class DNSProxyProvider: NEDNSProxyProvider { // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.sml.rdahlke.controlShift", category: "dns-filter") override init() { Self.logger.log(level: .debug, "TestDns: dns proxy provider will init") self.logger = Self.logger super.init() } let logger: Logger override func startProxy(options:[String: Any]? = nil, completionHandler: @escaping (Error?) -> Void) { // Add code here to start the DNS proxy. logger.log(level: .debug, "TestDns: proxy will start") completionHandler(nil) } override func stopProxy(with reason: NEProviderStopReason, completionHandler: @escaping () -> Void) { // Add code here to stop the DNS proxy. logger.log(level: .debug, "TestDns: proxy will stop") completionHandler() } override func sleep(completionHandler: @escaping () -> Void) { // Add code here to get ready to sleep. completionHandler() } override func wake() { // Add code here to wake up. } override func handleNewFlow(_ flow: NEAppProxyFlow) -> Bool { // Add code here to handle the incoming flow. logger.log(level: .debug, "TestDns: proxy is handling flow") return false } } // ContentView.swift // testDnsFilter // // Created by Juben Rana on 2/20/24. // import SwiftUI struct ContentView: View { var body: some View { VStack { // LoginScreen() // .onOpenURL { url in // GIDSignIn.sharedInstance.handle(url) // } Spacer() #if os(macOS) Text("I'm running on macOS") #else Text("I'm running on iOS") #endif Spacer() Button("Activate") { #if os(macOS) ContentFilterMac.shared.activate() #elseif os(iOS) ContentFilter.shared.enable() #endif } Spacer() Button("Deactivate") { #if os(macOS) ContentFilterMac.shared.deactivate() #elseif os(iOS) ContentFilter.shared.disable() #endif } Spacer() Spacer() } .padding() } } #Preview { ContentView() } // // ContentFilter.swift // controlShift // // Created by Juben Rana on 9/28/23. // // This is only for macOS import Foundation import NetworkExtension import os.log // MARK: - Content Filter class ContentFilter { // MARK: - Set Up static let shared = ContentFilter() private init() { Self.logger.log(level: .debug, "content filter will init") self.logger = Self.logger } // MARK: - Logger static let logger = Logger(subsystem: "edu.stanford.stilakid.testDnsFilter", category: "content-filter") let logger: Logger // MARK: - DNS Filter private let manager = NEDNSProxyManager.shared() func enable() { loadAndUpdatePreferences { self.manager.localizedDescription = "DNSProxySample" let dnsProtocol = NEDNSProxyProviderProtocol() dnsProtocol.providerBundleIdentifier = "edu.stanford.stilakid.testDnsFilter.DNSFiltering" self.manager.providerProtocol = dnsProtocol self.manager.isEnabled = true } } func disable() { loadAndUpdatePreferences { self.manager.isEnabled = false } } private func loadAndUpdatePreferences(_ completion: @escaping () -> Void) { manager.loadFromPreferences { error in guard error == nil else { debugPrint("DNSProxySample.App: load error") return } completion() self.manager.saveToPreferences { (error) in guard error == nil else { debugPrint("DNSProxySample.App: save error") return } debugPrint("DNSProxySample.App: saved") } } } }

Hello! If I set only remote address, then packet tunnel provider does not intercept packets at all. Internet works. If I add ipv4Settings, then packet tunnel provider somewhat catch packets. If I try open something in web beforehand, and quickly start packet tunnel provider, it sees leftover packets. Internet does not work. If I set DNS settings, then tunnel starts receiving "apple.com", "icloud.com" DNS queries. I guess that's not right. Internet does not work. How do I set everything right? ============= My settings: let settings = NEPacketTunnelNetworkSettings(tunnelRemoteAddress: address) settings.ipv4Settings = NEIPv4Settings(addresses: ["172.16.200.10"], subnetMasks: ["255.255.255.255"]) settings.ipv4Settings?.includedRoutes = [NEIPv4Route.default()] settings.ipv4Settings?.excludedRoutes = [ NEIPv4Route(destinationAddress: "192.168.0.0", subnetMask: "255.255.0.0"), NEIPv4Route(destinationAddress: "10.0.0.0", subnetMask: "255.0.0.0"), NEIPv4Route(destinationAddress: "172.16.0.0", subnetMask: "255.240.0.0") ] settings.dnsSettings = NEDNSSettings(servers: ["8.8.8.8", "8.8.4.4"]) settings.dnsSettings?.matchDomains = [""] settings.mtu = 1400

Our VPN was implemented using the NEPacketTunnelProvider, in the case of back end permanent errors (e.g. permission denied), we would stop the VPN tunnel by calling the cancelTunnelVPNWithError method. This did stop the VPN, however the VPN would auto reconnect and enter an infinite loop of connecting and disconnecting due to the back end permanent error. The VPN was turned on from the VPN settings. To completely disable the VPN, we need to either delete the VPN configuration, or manually tap on the toggle to disable. Sample code: - (void)PPNService:(PPNService *)PPNService didStopWithError:(nullable NSError *)error { SUBSPPNStatusData *ppnStatusData = [[SUBSPPNStatusData alloc] init]; SUBSPPNToggleStatus *toggleStatus = [[SUBSPPNToggleStatus alloc] init]; toggleStatus.ppnToggleStatus = SUBSPPNToggleStatus_PPNToggleStatus_Off; if (error) { [_ppnSessionManager logSessionEnd]; [self cancelTunnelWithError:error]; ppnStatusData.ppnStatus = SUBSPPNStatusData_PPNStatus_StoppedWithError; PPNStatusDetails *details = error.userInfo[PPNStatusDetailsKey]; } Question: Why does the VPN auto reconnect after calling the cancel method? Any solutions to completely stop the VPN on permanent errors.

Issue Description: When VPN packet tunnel provider is configured as Full tunnel with Tunnel routes as below, tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; and saved to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” After saving the configuration to preferences and after receiving the NEVPNConfigurationChangeNotification we are starting the tunnel using “startVPNTunnelWithOptions”. Not able to connect to VPN only from iOS 17 and above devices and internet is getting blocked throughout the device after trying to the start tunnel. Once this issue is occurred, need to restart the device to get the internet connection back. On iOS 16 and Below: Able to successful connect and start VPN tunnel. On iOS 17 and Later: Not able to connect to VPN. VPN tunnel status is getting changed from connecting to disconnected. Internet on the device is getting blocked after VPN gets disconnected. Need to restart the device to get the internet connection back. We can see the below device console logs: After applying the above NETunnelProviderManager preferences and starting the tunnel, we can see that the VPN status is changed to connecting, 14:59:22.599515+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to connecting Later we can see the status is getting changed to Disconnected: 14:59:23.588634+0530 nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: status changed to disconnected, last stop reason None 14:59:23.589042+0530. nesessionmanager NESMVPNSession[Primary Tunnel:SomeServerAddressXYZ:(null)]: Updated network agent (inactive, compulsory, not-user-activiated, not-kernel-activated) After this receiving the NEVPNStatusChanged notification in our application and NEVPNStatus is changed to Disconnected. When checked the reason for disconnect using “fetchLastDisconnectErrorWithCompletionHandler” on NEVPNConnection, we can see below Error string : The VPN session failed because an internal error occurred Error code : 12 After sometime I see that the VPN status is again changed back to connecting, 14:59:24.615125+0530 nesessionmanager NESMVPNSession[Primary Tunnel:bng-pcs-gateway.pulsesecure.net/pulse:24711A15-54C6-44C7-987D-65B7BFF3F294:(null)]: status changed to connecting But by this time there is no internet connection across device. Steps to reproduce: Configure VPN packet tunnel provider as Full tunnel with Tunnel routes(as mentioned above) Save the configuration to NETunnelProviderManager preferences using “saveToPreferencesWithCompletionHandler” Try to connect to VPN From iOS 17 and above its observed that, not able to connect to VPN and internet connection in the device is getting blocked Queries: From the above observation my queries are, Why are we receiving the Disconnected state during connection? Why is this issue occurring only with iOS 17 and above device? What changes specifically done around tunnel from iOS 17 and above?

Hi Team, In Sonoma, we have observed NIMLOC DNS queries originating from the utun interface with identical destination and source addresses, causing a loopback within utun. How should these DNS queries be handled? This issue does not occur in Ventura. Please refer to the attached screenshot.

Hi! We are investigating the power consumption of our VPN app on iOS. We noticed that while the VPN tunnel is started, we frequently experience sleep and wake events. Depending on the device it varies somewhere between 60 - 600 times during an overnight test where the device is just laying around and doing absolutely nothing. I looked into the system logs, and the wake reason is always this one: 2024-03-01 03:09:00.836588+0200 0x35e96 Default 0x0 50 7 wifid: (WiFiPolicy) [com.apple.WiFiPolicy:] System wake reason: SMC.OutboxNotEmpty smc.70070000 baseband I googled what OutboxNotEmpty means, but I only found several macOS-related topics. Interestingly, when I leave the same phone without a VPN running, I don't see the above log even once during an overnight test. I also tested a different VPN app and saw the above log in the system logs. This makes me think this is either some iOS feature I don't understand or some bug that causes frequent wakeups. I'd appreciate any feedback if this is a known issue or if we need to do something differently within our tunnel implementation.

Hi Team, I have been working on an application that includes a Network Extension. I wanted to disable it if a captive portal is detected over the network. I have tried different approaches to detect it, including the standard approach outlined in the following document: https://datatracker.ietf.org/doc/html/draft-ietf-capport-api, using the URL https://captive.apple.com/hotspot-detect.html. However, none of these methods seem to be working. Additionally, the kSCNetworkReachabilityFlagsConnectionRequired flag is not being flagged when under a captive network. Could you please assist with this issue? Thank you.

I am reaching out regarding the usage of the fetchCurrent method within the NEHotspotNetwork framework. According to the documentation provided at [https://developer.apple.com/documentation/networkextension/nehotspotnetwork/3666511-fetchcurrent], it is mentioned that in order to utilize this method, the application needs to meet all four of the following conditions: The app is using the Core Location API and has the user’s authorization to access precise location. The app used the NEHotspotConfiguration API to configure the current Wi-Fi network. The app has active VPN configurations installed. The app has an active NEDNSSettingsManager configuration installed. However, upon reviewing the comments in the code for the fetchCurrent method, it states: "This method returns SSID, BSSID, and security type of the current Wi-Fi network when the requesting application meets one of the following 4 requirements -." Could you please clarify whether it is necessary to fulfill all four conditions or if meeting just one of the four requirements is sufficient to use the fetchCurrent method?

iOS 17 issue: I am connecting to VPN connection with configuration as full tunnel which is tunneling all the traffic generated on my device which is expected. This is for Full Tunnel and Tunnel routes: //Below is the NEPacketTunnelProvider configuration tunnelProvider.protocolConfiguration.includeAllNetworks = YES; tunnelProvider.protocolConfiguration.excludeLocalNetworks = NO; tunnelProvider.protocolConfiguration.enforceRoutes = NO; But Once I disconnect and kill the NEPacketTunnelProvider instance, My internet is blocked until I restart the device. NOTE: This behavior is not seen with iOS 16 and below and things work smooth. Kindly update as soon as possible.

I'm using NEHotspotNetwork for getting the WiFi network information , ex - SSID , BSSID and Signal Strength. But the BSSID values are not accurate comparing to the Router MAC Address . The last segment value is different is always from NEHotspotNetwork. Is apple intentionally proving last value differently or do I need to use any other API for getting the MAC address of a router. Example : What I am getting using NEHotspotNetwork : c3:85:63:26:56:ef The actual Mac address of the Network : c3:85:63:26:56:3c