NetworkExtension-DNS Proxy Can not get VPN permission

DNS proxy extensions can only be deployed on supervised devices. Are you testing on a supervised device?

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you for your reply. Now I cannot see the alert of VPN Authorization, so my app cannot supervised devices normaly. To my surprise, when I install my app by Xcode, I can get VPN authorization and DNS proxy feature is normal. This error will only appear when I install through the Testflight now.

Strictly speaking, this feature is gated on the presence of the

get-task-allow

• If that entitlement is present (for example, when running from Xcode), your DNS proxy provider will work on all devices.

• If that entitlement is absent (for example, when deploying via TestFlight or the App Store proper), your DNS proxy provider will only work on supervised devices.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Well, I'm sure my app have that entitlement local debugging. Now I cannot get my app archive from TesetFlight, How can I determine if he has that entitlement?

TestFlight apps behave very much like App Store apps, meaning they definitely do not have the

get-task-allow

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thank you for reply again. How I can fix it ? I am sure that i have added get-task-allow entitlement. Because my app function is normal when I debug it locally.

I think you’re missing the point here: DNS proxy providers:

• Can only be deployed to supervised devices

• Must be configured via a configuration profile

If you want to use a production DNS proxy provider, either from the App Store or TestFlight, the target device must be supervised and you must configure your provider via a configuration profile.

The ability to deploy a DNS proxy provider to other devices, and configure it programmatically, is only supported on development builds (as determined by the

get-task-allow

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Thanks for your reply again. But how can I make target device be supervised and configure my provider via a configuration profile? What should I do next?

Apple Configurator lets you:

• Configure a device as supervised

• Create a configuration profile with a DNS proxy payload

• Install that profile on your device

Most large organisations with supervised devices do the last two things with their MDM solution rather than Configurator.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Wow, there is some wrong.

This itunes.apple.com page can’t be found

No webpage was found for the web address:https://itunes.apple.com/us/app/apple-configurator-2/id1037126344?mt=12

I am sorry to tell you I can not open that page normally. Please comfirm the link you send. Thanks

The link works for me.

Regardless, this is just a link to the Apple Configurator app in the App Store. If you run App Store on your Mac and search for Apple Configurator, it’ll come up immediately.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"