Network system extension failing to load

Question

Created Jun ’20

Replies 5

Boosts 0

Views 1.3k

Participants 2

Hi,

I am trying to write a network system extension with AppProxy. I could see, system extension activation requst is success and it is asking to allow from system preference. But the moment i am allowing from system preference getting some issues as follows. Any comments what might be wrong.

Failed to load configurations: Error Domain=NEConfigurationErrorDomain Code=11 "IPC failed" UserInfo={NSLocalizedDescription=IPC failed}

loadTransparentProxyConfiguration failed with error Error Domain=NEVPNErrorDomain Code=5 "IPC failed" UserInfo {NSLocalizedDescription=IPC failed}

Thanks

Boost

Answer 1

Systems Engineer OP

Apple

Jun ’20

It looks like you may have loaded and saved your NETransparentProxyManager settings from the host app, but are running into issues when communicating with the NetworkExtension.

When I debug configuration setups like this I like to create a test app to do so. Take a look at the sample configuration I posted here for working with a blank NETransparentProxyManager template.

<https://forums.developer.apple.com/thread/132905>

Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0

Answer 2

abhrajyoti@gmail.com OP

Jun ’20

Hi Matt,

I able to fix the IPC issues. Now i could see it is saving the configuation correctly. But next my expectation was to get the callback on App proxy provider(i.e. AppProxyProvider) but not getting the callback. Looks like it is not able to get into the network system extension. Network preference, extension status showing as "Connecting...) Any thought please?

(
    "{\n    localizedDescription = MyExtension \n    enabled = YES\n    protocolConfiguration = {\n        serverAddress = <23-char-str>\n        disconnectOnSleep = NO\n        includeAllNetworks = NO\n        excludeLocalNetworks = NO\n        providerBundleIdentifier = com.sample.extension\n    }\n    onDemandEnabled = NO\n}"
)

Extension info.plist:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
  <key>CFBundleDevelopmentRegion</key>
  <string>$(DEVELOPMENT_LANGUAGE)</string>
  <key>CFBundleDisplayName</key>
  <string>FPNetworkSystemExtension</string>
  <key>CFBundleExecutable</key>
  <string>$(EXECUTABLE_NAME)</string>
  <key>CFBundleIdentifier</key>
  <string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
  <key>CFBundleInfoDictionaryVersion</key>
  <string>6.0</string>
  <key>CFBundleName</key>
  <string>$(PRODUCT_NAME)</string>
  <key>CFBundlePackageType</key>
  <string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
  <key>CFBundleShortVersionString</key>
  <string>1.0</string>
  <key>CFBundleVersion</key>
  <string>1</string>
  <key>LSMinimumSystemVersion</key>
  <string>$(MACOSX_DEPLOYMENT_TARGET)</string>
  <key>NSSystemExtensionUsageDescription</key>
  <string>Network system extension</string>
  <key>NSHumanReadableCopyright</key>
  <string>Copyright © 2020 xyz. All rights reserved.</string>
    <key>NSExtension</key>
    <dict>
        <key>NSExtensionPointIdentifier</key>
        <string>com.apple.networkextension.app-proxy</string>
        <key>NSExtensionPrincipalClass</key>
        <string>AppProxyProvider</string>
    </dict>
</dict>
</plist>

Thanks,

Abhra

0

Answer 3

abhrajyoti@gmail.com OP

Jun ’20

Matt, i got the fix of my above issue. Is there any documentation or sample code which can show how to redirect the connection from the app proxy? Many thanks !

0

Answer 4

Systems Engineer OP

Apple

Jun ’20

Glad to hear you are making progress. As far as the documentation or sample code, there is none for the App Proxy Network Extension. I can try to provide some pointers though:

1) Once you receive a flow: NEAppProxyFlow in handleNewFlow you'll need to make a decision on whether you want to handle this flow or not. You return true or false based on this decision. If false the flow goes into a discarded state.

2) When you decide to handle the flow you can attempt to cast the flow to NEAppProxyTCPFlow or NEAppProxyUDPFlow.

3) From there you can use NWconnection or NWTCPConnection to open the new flow on to the destination or proxy as needed.

This should get you started.

Matt Eaton

DTS Engineering, CoreOS

meaton3 at apple.com

0

Answer 5

abhrajyoti@gmail.com OP

Jun ’20

Thanks Matt for the details.

How to redirect the trafic, example IP as 127.0.0.1:7700 Looks like bellow is the API can help. But could you please give some details on how to redirect to custom remote as my example? Is there any way to pass the connection metadata too?

    NEAppProxyTCPFlow *tcpFlow = (NEAppProxyTCPFlow *)flow;
    NWTCPConnection *con = [self createTCPConnectionToEndpoint:(NWHostEndpoint *)tcpFlow.remoteEndpoint enableTLS:NO TLSParameters:nil delegate:nil];

2. While strating the app proxy (i.e. startProxyWithOptions ), is it possible to configure transparent proxy to above example details to proxy the connection drectly instead of handling in handleNewFlow?

Thanks,

Abhra

0