When setting up a packet tunnel with a profile that has includeAllNetworks set to true, we seemingly cannot send any traffic inside the tunnel using any kind of an API. We've tried using BSD sockets, as we ping a host only reachable within the tunnel to establish whether we have connectivity - this does not work. When using NWConnection from the Network framework and specifying the required interface via virtualInterface from the packet tunnel, the connection state never reaches ready. Our interim solution is to, as ridiculous as it sounds, include a whole userspace networking stack so we can produce valid TCP packets just to send into our own tunnel. We require a TCP connection within our own tunnel to do some configuration during tunnel setup. Is there no better solution?
System Configuration
RSS for tagSystem Configuration allows applications to access a device’s network configuration settings and determine the reachability of the device.
Posts under System Configuration tag
32 Posts
Sort by:
Post
Replies
Boosts
Views
Activity
I'm building an app that helps manage my own wifi access points. Now, all my wifis emit SSIDs starting with the same prefix. Is it possible for me to list down all the SSIDs near me that start with that prefix, so that determine which of my wifis are near me? (Swift)
Can NEHotspotHelper or NEHotspotConfigurationManager help in this regard?
Hi, I’m working on a case in our organisation where we encounter regular wireless network disconnections - 30 and 60 minutes. ~ 1800 sec session is widely seen across hundreds if not thousand Macbooks.
We excluded internal wireless configuration issue and vendor specific problem as the disconnections happen on both Cisco and Ubiquiti Access Points.
Wireless Controller debugging most often show EAP timeout error.
Sniffer shows that the disassociation is initiated by Macbook.
MacOS logs show wifianalyticsd performing some actions before the disconnection (generated with sudo log show --debug [time]):
2025-02-04 14:16:31.219169+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[WAEngine gatherConsecutiveDatapathReadings:forProcessToken:andReply:]_block_invoke::4238:SDNS: WiFi Not Primary - setting suppressedReason kSymptomsDnsWiFiInterfaceNotPrimary
2025-02-04 14:16:31.219192+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[DPSQuickRecoveryRecommendationEngine updateTimeSincePreviousTriggerForStudy:msgKey:dictKey:]::913:msgkey:WFAAWDWASDS_symptomsDnsTimeSincePreviousTriggerMinutes dictKey:dps_lastSymptomsDpsTrigger previous_TS:(null) current_TS:Tue
Feb 4 14:16:31 2025 difference:0
2025-02-04 14:16:31.219704+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[DPSQuickRecoveryRecommendationEngine updateScreenState]::198:DPS Fast Reset Recommendation Engine: (screenON & foreGrnd traffic) is DETECTED
2025-02-04 14:16:31.219713+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[DPSQuickRecoveryRecommendationEngine recommendSymptomsDpsRecovery:symptomsDnsStats:awdlState:currentSymptomsCondition:isLANPingSuccessful:appUsage:averageCCA:]::966:PeerDiagnostics: Data not received from peerDiagnostics
2025-02-04 14:16:31.219714+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[DPSQuickRecoveryRecommendationEngine checkForPriorityNetwork]::256:Priority Network Check Disabled: NO IsPriorityNetwork: YES
2025-02-04 14:16:31.219732+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[DPSQuickRecoveryRecommendationEngine isResetAllowedForKey:forPrefSelector:]::330:key:symptomsDps_lastScreenOnRecoveryWD previousWD_TS:(null) currentWD_TS:Tue Feb 4 14:16:31 2025 recommendation:YES
2025-02-04 14:16:31.219735+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[DPSQuickRecoveryRecommendationEngine updateSymptomsDPSRecoveryWDStatsForKey:]::210:Added key: symptomsDps_numRecommendedScreenOnRecoveryWD value:1 dict:(null)
2025-02-04 14:16:31.219737+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[DPSQuickRecoveryRecommendationEngine recommendSymptomsDpsRecovery:symptomsDnsStats:awdlState:currentSymptomsCondition:isLANPingSuccessful:appUsage:averageCCA:]::1023:PeerDiagnostics: Recommendation for DNS Symptoms Recovery: Reassoc
2025-02-04 14:16:31.219740+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[WAEngine gatherConsecutiveDatapathReadings:forProcessToken:andReply:]_block_invoke::4276:PeerDiagnostics: Triggering Reassoc for symptoms-dps
2025-02-04 14:16:31.219741+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: [com.apple.wifi.analytics:Default] -[WAEngine gatherConsecutiveDatapathReadings:forProcessToken:andReply:]_block_invoke::4277:SDNS: Recommendation - kSymptomsdDPSReassoc, triggering reassoc wiith reason ReassociateOnDNSSymptoms
2025-02-04 14:16:31.220001+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: (IO80211) Apple80211SetWithIOCTL:11858 Processing APPLE80211_IOC_REASSOCIATE_WITH_CORECAPTURE
2025-02-04 14:16:31.387985+0100 0xc01342 Default 0x0 86459 0 wifianalyticsd: (IO80211) Apple80211SetWithIOCTL: Processed APPLE80211_IOC_REASSOCIATE_WITH_CORECAPTURE Ioctl error:0
WAEngine and DPSQuickRecoveryRecommendationEngine functionalities (?) play significant role in here recommending Reassociation
We can see that reassociation is being triggered because of DNS symptoms - why and where can I find them?
Recommendation for DNS Symptoms Recovery: Reassoc
Hi,
I would like to confirm if the matchDomains property in NERelayManager operates exclusively at the application layer. Specifically, it seems that adding IPv4 addresses or IPv4 CIDR blocks to the matchDomains list does not work, as the relay manager appears unable to match them.
Relay Configuration
For example, I tried adding the following IPv4 patterns to the matchDomains list:
11.22.33.44
11.22..
11.22.*
In this configuration, I expected traffic to be routed to the relay server as defined by the matchDomains entries. However, the relay manager did not handle these IPv4 patterns as anticipated.
On the other hand, when using only the excludedDomains property, the desired IPv4 traffic is successfully routed to the relay server as expected.
Purpose of Forwarding IPv4 to the Relay Server
The primary reason for forwarding IPv4 traffic to the relay server is to address cases where certain applications—such as those developed with Flutter or React Native—use their own custom network stack. These custom network stacks often do not respect the relay configuration. As a result, even when these applications use domains that are matched by the relay manager’s matchDomains, their TCP connections to DNS-resolved IPv4 addresses bypass the relay server and connect directly to the IPv4 server.
This behavior makes it critical to enable IPv4 matching to ensure all traffic, regardless of the application’s network stack implementation, is routed through the relay server.
Questions
Can IPv4 addresses or IPv4 CIDR blocks be used with matchDomains?
If not, is there an alternative method to enable IPv4 matching while keeping matchDomains enabled?
Thank you for your assistance.
Hi,
I would like to confirm whether the matchDomains property in NERelayManager operates strictly at the Application Layer. Specifically, it seems that adding IPv4 addresses or IPv4 CIDR blocks to the matchDomains list does not work, as the relay manager appears unable to match them.
For example, I tried adding the following IPv4 patterns to the matchDomains list:
11.22.33.44
11.22..
11.22.*
However, these IPv4 addresses or patterns are not routed through my Relay server.
Additionally, I have observed that when using only the excludedDomains property, the desired IPv4 traffic is correctly routed to the relay server as expected.
My question is: Can IPv4 addresses or IPv4 CIDR ranges work with matchDomains? If not, is there an alternative approach to enable IPv4 matching while matchDomains is active?
Hello I want to report an issue on macOS, I also reported this issue on feedbackassistant, but I didn't get a response from the feedbackassistant. I am sorry it might not be appropriate to post it here, if so, you can move or delete this post or ask me to to so. Thanks.
In short words, Chrome/Edge/Firefox users who manually set the browser as default browser in the macOS System setttings, will lose their default browser setting after browser a upgrade.
What steps will reproduce the problem?
(1) Install Chrome Canary, in my case I was using 134.0.6961.0. After installation, open it from launchpad, but don't set it as the default browser in the browser
(2) Go to macOS's system settings, search Deafult Web Browser, set the new installed Chrome Canary as default browser
(3) Go to Chrome Canary's Settings->About Chrome
(4) Wait for Chrome update information to be updated (it will auto update to the latest version)
(5) Check result of system default browser. Click a link from Notes, it will navigate to Safari.
What is the expected result?
System default browser should not change
What happens instead?
The System default browser changed to the topmost browser of the brower list in system settings. Click a link from Notes, it will be opened in Safari.
Notes
This bug also happens on Firefox and Edge, it should be a macOS bug.
This bug is similar to https://issues.chromium.org/issues/346505950
Looks like after installation, macOS recognize the newly installed version of browser as a new browser, even though the signature of the application remained the same.
In Local Network of macOS settings, some Edge users see multiple entries with the same name.
In System Settings -> General -> Date & Time, there is an option called "Set time and date automatically".
Is there a way to check whether it is enabled programmatically?
Hi,
we have a CFArray, which we store in a CFDictionary and this in a SCPreference. When loading it from the SCPreference the order of the CFArray contents is undefined. All data is there though.
Is this the intended behaviour? Is it possible to ensure the correct data order?
Thanks, any hint is highly appreciated!
HI!
I am interested in redirecting the user to some specific iOS settings but just discovered that the paths/URLs to the settings change sometimes across iOS versions.
Is there any official Apple resource with a list of all the paths for the iOS settings? Or at least for the latest iOS version? I found some non-official resources without citing the source, but it would be great to have official documentation about this topic.
Thank you very much in advance for taking your time to read this post!
Best regards,
Iván
post detail almost same as the title of the post, can’t enable the option. That is apple is already to provide of the always display option for 16 normal series?
Hi
I just encountered an reachability detection problem by calling SCNetworkReachabilityGetFlags function in iOS 16.
what did I do:
on device iPhone 12, iOS 16.1.1, turn on Airplane Mode, call SCNetworkReachabilityGetFlags, got flags = kSCNetworkReachabilityFlagsTransientConnection | kSCNetworkReachabilityFlagsReachable
on device iPhone 7, iOS 14.5.1, turn on Airplane Mode, call SCNetworkReachabilityGetFlags, got flags = 0
what I expect:
I'm expecting SCNetworkReachabilityGetFlags on my iOS 16.1 device behave same as my iOS 14.5 device, returning flags = 0. It's inappropriate returning kSCNetworkReachabilityFlagsReachable in this case.
Thank you!
We have Mac OS VM which has two network interfaces and both are active. In our application we need “State:/Network/Global/IPv6” to do some task but on this machine it seems to be missing, however if we disable one of the interface then the same setting seems to be available and our code works fine.
Please find the attached screenshots of working & non-working details:
I've encountered an issue with the keychain on macOS 15.0.1.
When an admin account changes the password for a non-admin local account, the system should prompt to unlock the login keychain at the next login, giving the user an opportunity to update the keychain password. However, when I attempted to change a local account password using an admin account through system configuration on macOS 15.0.1, the system did not show such a prompt. Instead, it directly created a new login keychain. In the keychain directory, I could see that the old keychain had been renamed to login_rename_X.keychain-db. Additionally, this operation caused the Touch ID and passwords saved in the keychain to be cleared.
Does anyone know how to handle this issue so that the local account is prompted to update the keychain password during login?
I have two time machines one is a western digital and the other is a Q Nap that ever since I upgraded to Sequoia, I cannot use. It’s an NAS device and Macke says that I have to contact the manufacturer of the product. They’re too old for me to contact them. My MacBook is new and it was working up until I had upgraded to Sequoia so I’m just trying to find out if that is a software glitch or an OS glitch. It is happening on both Max that I have so this is begging me the question that it’s an iOS update causation.
It just sits and spins at the Time Machine preparing to back up and that is all that it does the first time it backed up probably until 25% and now it’s just doing this preparing to back up.
I also have tried to wipe out the shares on both NAS machines and deleted the the files within the share to set it up again, and it still does not work.
Previously, I used to have the below code to get workgroup / domain name of the active directory service provider.
SCDynamicStoreRef storeRef = SCDynamicStoreCreate(NULL, (CFStringRef)@"GetWorkgroup", NULL, NULL);
CFPropertyListRef global = SCDynamicStoreCopyValue (storeRef,CFSTR("State:/Network/Global/SMB"));
id workgroup = [(__bridge NSDictionary *)global valueForKey:@"Workgroup"];
On few Macs (probably starting from Sonoma), the workgroup property is not set. What is the alternative to get this information programatically?
I am trying to fetch DHCP server identifiers of the current network. For IPv4 I am able to get this information using SCDynamicStoreCopyDHCPInfo and then using DHCPInfoGetOptionData fetching option 54.
I am trying to do the same thing for IPv6, in my scutil I do see DHCPv6 present. Is there any API present which fetches this information for v6 DHCP servers, or do I have to get this direct from scutil?
I am trying to connect to localhost:8081 from simulator, but it is unable to connect with following logs:
info 12:07:49.167248+0530 com.apple.WebKit.Networking nw_resolver_host_resolve_callback [C8.1] flags=0x40000003 ifindex=0 error=NoSuchRecord(-65554) hostname=localhost. addr=IN6ADDR_ANY ttl=60
info 12:07:49.167310+0530 com.apple.WebKit.Networking nw_resolver_host_resolve_callback [C8.1] flags=0x40000002 ifindex=0 error=NoSuchRecord(-65554) hostname=localhost. addr=INADDR_ANY ttl=108002
Macos 14.6.1
iOS simulator version 17.5
Som observations
localhost:8081 does not load on simulator but 0.0.0.0:8081 loads fine, also 127.0.0.0:8081 loads fine on simulator.
My laptop is a managed device with network filter
Switching network sometimes fixes the issue. Restarting laptop sometimes fixes the issue.
localhost:8081 opens find on laptop, but not on simulator.
Contents of my laptop's /etc/hosts:
##
# Host Database
#
# localhost is used to configure the loopback interface
# when the system is booting. Do not change this entry.
##
127.0.0.1 localhost
255.255.255.255 broadcasthost
::1 localhost
I need to programatically connect to a Enterprise Network with security type EAP-PEAP.
NEHotspotEAPSettings *eapSettings = [[NEHotspotEAPSettings alloc] init];
eapSettings.username = username;
eapSettings.password = password;
eapSettings.supportedEAPTypes = [NSArray arrayWithObjects:[NSNumber numberWithInteger:NEHotspotConfigurationEAPTypeEAPPEAP], nil];
//Inner authentication
eapSettings.ttlsInnerAuthenticationType = NEHotspotConfigurationEAPTTLSInnerAuthenticationMSCHAPv2;
eapSettings.outerIdentity = @"";
//Server name of the network
eapSettings.trustedServerNames = @[@"servername"];
if (@available(iOS 11.0, *)) {
// Create Hotspot Configuration
NEHotspotConfiguration *configuration = [[NEHotspotConfiguration alloc] initWithSSID:ssid eapSettings:eapSettings];
NSLog(@"WIFIManager, NEHotspotConfiguration initialized");
[[NEHotspotConfigurationManager sharedManager] applyConfiguration:configuration completionHandler:^(NSError * _Nullable error) {
NSLog(@"WIFIManager, NEHotspotConfiguration Configured");
if (error != nil) {
NSLog(@"WIFIManager, NEHotspotConfiguration Error: %@", error);
if (error.code == NEHotspotConfigurationErrorAlreadyAssociated) {
resolve(@(YES));
} else {
reject(@"connection_error", @"Failed to connect to Wi-Fi", error);
}
} else {
resolve(@(YES));
NSLog(@"WIFIManager, NEHotspotConfiguration Success");
}
}];
}else {
reject(@"ios_error", @"Not supported in iOS<11.0", nil);
} }
This is the code I have tried to connect to the network. It is always giving a true-negative result.
As the documentation states, does NEHotspotConfigurationManager supports EAP-PEAP with MSCHAPv2 inner authentication? If it does, is it the correct way of implementing it?
Is there any other way to connect to EAP-PEAP networks using Swift or Objective C?
I'm attempting to determine whether there is a currently logged on user via the SCDynamicStoreCopyConsoleUser function.
My code look something along the lines of:
#include <SystemConfiguration/SystemConfiguration.h>
bool isUserLoggedOn()
{
CFStringRef name = SCDynamicStoreCopyConsoleUser(NULL, NULL, NULL);
if (name != NULL)
{
CFRelease(name);
return true;
}
return false;
}
I am getting the following error output on compilation:
Undefined symbols for architecture arm64:
"_CFRelease", referenced from:
isUserLoggedOn() in UserInfo.cpp.o
"_SCDynamicStoreCopyConsoleUser", referenced from:
isUserLoggedOn() in UserInfo.cpp.o
ld: symbol(s) not found for architecture arm64
settings page freezes if I click screen time settings option