@eskimo thanks a lot for your reply,
i entegrated networkextension, but I can not solve some problems
when I enable automatically signing manage signing, starting NEPacketTunnelProvider and tunnel
but when i manage profiles with manuel and developer-ID, can not starting NEPacketTunnelProvider and tunnel
my info.plist
<key>NSExtension</key>
<dict>
<key>NSExtensionPointIdentifier</key>
<string>com.apple.networkextension.packet-tunnel</string>
<key>NSExtensionPrincipalClass</key>
<string>$(PRODUCTMODULENAME).PacketTunnelProvider</string>
</dict>
app entitlements
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string>TEAMID.BUNDLEID</string>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider-systemextension</string>
</array>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.developer.team-identifier</key>
<string>TEAMID</string>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.ID</string>
</array>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>TEAMID.*</string>
</array>
</dict>
</plist>
and sext entitlements
<plist version="1.0">
<dict>
<key>com.apple.developer.system-extension.install</key>
<true/>
<key>com.apple.application-identifier</key>
<string>TEAMID.BUNDLEID.appex(name)</string>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider-systemextension</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>TEAMID</string>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>group.ID</string>
</array>
<key>com.apple.security.files.user-selected.read-only</key>
<true/>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
<key>keychain-access-groups</key>
<array>
<string>TEAMID.*</string>
</array>
</dict>
</plist>
Thanks for your help