Avoid showing of VPN pop up window while activating transparent proxy

App & System Services Drivers
abhrajyoti@gmail.com OP
Created Aug ’20
Replies 9
Boosts 0
Views 1.7k
Participants 2
Hi,
I have written a transparent proxy (AppProxy) with network system extension framework. Successfully i able to inspect any connection/network flow but i want to avoid showing the VPN configuration in network system preference.

Is there any way to avoid showing the VPN pop up and VPN network setting in network system preference so that normal user can't disable it?

Thanks,
Abhrajyoti

Replies  9
Boosts  0
Views  1.7k
Participants  2
Systems Engineer OP
Apple
Sep ’20
There is an MDM payload to to auto-configure the installation of a Network System Extension, and there is certain cases where a content filter's Network Configuration prompt can be auto-allowed. For general use cases the user will always need to allow the installation of the Network System Extension and allow the Network Configuration to be saved on the machine. This is done so the user knows that they are consenting to the System Extension being installed and so that the use is aware that they are saving a Network Configuration that could filter their traffic.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
abhrajyoti@gmail.com OP
Sep ’20
Hi Matt,
Thanks for your reply. With MDM profile, able to suppress the first pop on System Preference -> Security & Privacy. But is it possible to avoid getting off the second pop up also (i.e. saving the VPN / network configuration)? My understanding, it is showing while i save the configuration from transparent proxy.

Any guidance will be appreciated.

thanks,
Abhrajyoti
1
Systems Engineer OP
Apple
Sep ’20

But is it possible to avoid getting off the second pop up also (i.e. saving the VPN / network configuration)?

No. You would need to open an Enhancement Request for an API to suppress the new Network Configuration prompt. If you end up opening an Enhancement Request, please follow up with the Feedback ID.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
abhrajyoti@gmail.com OP
Sep ’20
Hi Matt,
thanks for your reply. I will open up an Enhancement request and share you the feedback ID.

Could you please give some light on the bellow:

  1. The scenario like network system extension with transparent proxy -> active -> all works as expected -> system got reboot

  2. In transparent proxy is there any way or configuration setting to keep the transparent proxy connected always in case of after immediate reboot too? I am seeing after reboot the transparent proxy gets disconnected, manually needs to connect back.

  3. Is there any way to avoid showing of transparent proxy configuration in network system preference? If not, Is there any way we can block the user not to deactivate/remove transparent proxy(i.e. app proxy) from system preference.


Thanks,
Abhra

0
Systems Engineer OP
Apple
Sep ’20

I am seeing after reboot the transparent proxy gets disconnected

Do you have sleep or wake calls added to your provider from NEProvider? I would check these out and see if these get you anything or if you are able to leverage them on reboot.

Is there any way to avoid showing of transparent proxy configuration in network system preference? If not, Is there any way we can block the user not to deactivate/remove transparent proxy(i.e. app proxy) from system preference.

Not that I am aware of. As a user, you really should know if there is network configuration, no matter what the status, at least in your System Preferences.

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
abhrajyoti@gmail.com OP
Sep ’20
Hi Matt,
Thanks for your reply. In transparent proxy manager, i could see an API called "setAuthorization". Could you please give some light on any use case and when it can be used? I am exploring any option to hide the second VPN pop up, if any way to work around. As i believe enhancement request for API is going to take some time.

Thanks,
Abhra
0
Systems Engineer OP
Apple
Sep ’20

Could you please give some light on any use case and when it can be used?

SFAuthorization is an API used to authorize and preauthorize services. This API is also used to access privileged operations. This sounds like what you are looking for, and just to double check, I did set an AuthorizationRef and it did not have any affect.

I am exploring any option to hide the second VPN pop up, if any way to work around.

This is an Enhancement Request.

I should note that many developers ask for a way to preauthorize this pop-up and, without MDM services for a Web Content Filter, this is an Enhancement Request. I will also note that you should want to keep this prompt available as a way to let your users know that your application is filtering their network traffic.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
abhrajyoti@gmail.com OP
Sep ’20
Thanks Matt for your reply. I have created an enhancement request.

ID: FB8651531

Do you see any possibility of getting this enhancement sooner or any particular timeline please?

Thanks,
Abhrajyoti
0
Systems Engineer OP
Apple
Sep ’20
Thank you very much. I do see your Enhancement Request internally and have copied myself on it for further updates.

Do you see any possibility of getting this enhancement sooner or any particular timeline please?

I do not have a timeline on this Enhancement Request.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
0
Avoid showing of VPN pop up window while activating transparent proxy
First post date Last post date
 
 
Q