Network Extension: Failed to save configuration Error Domain=NEConfigurationErrorDomain

Error Domain=NEVPNErrorDomain Code=5 "failed to make changes in SCPreferences: (null)" UserInfo={NSLocalizedDescription=failed to make changes in SCPreferences: (null)}

The error that you are seeing relates to an issue with your Network Configuration being saved in System Preferences. Something there did not take and is causing an issue. Go back and checkout what is configured on NETunnelProviderProtocol and NETunnelProviderManager before it is saved.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Thanks Matt. I changed the bundle-id and looks like that was causing it.
Can you please post the link to a doc, that has sequence of SDK calls to talk to an existing Packet-Tunnel Extension. Thanks

Thanks Matt. I changed the bundle-id and looks like that was causing it.

No problem.

Can you please post the link to a doc, that has sequence of SDK calls to talk to an existing Packet-Tunnel Extension.

There is no formal link that goes over the sequence of API calls to setup and start an Packet Tunnel Extension. However, on macOS specifically, off the top of my head the sequence would go like this:

1) Setup and submit the OSSystemExtensionRequest.activationRequest with the tunnel's bundle identifier for forExtensionWithIdentifier.

2) On success of (1) call NETunnelProviderManager.loadAllFromPreferences, and extract a NETunnelProviderManager to save as the manager for your packet tunnel.

3) With the NETunnelProviderManager from (2) setup your configuration settings, onDemandRules, and NETunnelProviderProtocol for your manager.

4) Once all is set for (3), call saveToPreferences on your new manager.

5) Call loadAllFromPreferences once again to extract your manager and then use the NEVPNConnection on your manager to call startVPNTunnel.

6) If you Provider is setup correctly (5) will call into startTunnel(options:completionHandler:) where your provider will create the NEPacketTunnelNetworkSettings, routing, address settings, and NEDNSSettings for the tunnel and then call setTunnelNetworkSettings.

7) On success or error of (6) call completionHandler from startTunnel(options:completionHandler:) to make sure the provider tells the container app that the packet tunnel is running or has failed.

8) From there the packet tunnel should be off and running.

NOTE: The sequence is close to the following above on iOS except for (1). On iOS there is no need to install the Network System Extension.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

MacOS/IOS development is insane. There are so many hidden process that are not documented anywhere.

Only come across this post and know I missed step 1 for my mac VPN after 5 days of searching/testing

@joe_he

Were you able to get you Packet Tunnel off the ground?


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com