Failed to Add VPN Configuration

While trying to add a new VPN configuration , the ios Network Extension fails for a particular device with my App with the following error

default 23:34: 34.140388-0400 Adding 918D08B1-2814-47C0-AAA9-0A0A8C92049C to the loaded configurations  error 23:34:41.386023-0400 nehelper : Cannot save configuration , the total size of the NetworkExtension configuration is to large (2643248 bytes)  default 23:34:41.510241-0400 kernel memorystatus: set assertion priority(10) error

The same behaviour is seen with other VPN Providers like Tunnel Bear.

Question: As this issue is seen only on a particular device. Has anyone seen this issue/able to mitigate , and also shed more details why this issue happens.

Up vote post of alaaugustine Down vote post of alaaugustine
2.3k views
Posted by
alaaugustine
Reply
Add a Comment

Replies

the iOS Network Extension fails for a particular device

What iOS version is this?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • The above iOS version is 14.7 beta, but the same behaviour is seen in 14.5.1, 14.6 .

    alaaugustine
Add a Comment

The above iOS version is 14.7 beta, but the same behaviour is seen in 14.5.1, 14.6.

OK.

I went looking for this specific error message and couldn’t find it. I thought it might be because I was looking at the wrong OS version but clearly that’s not the case.

When you see this error when error code is reported to your app via the completion handler?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • The error code is not captured in our App. It is from the logs of the device via the console, we are able to capture this error.

    alaaugustine

  • open func saveToPreferences(completionHandler: ((Error?) -> Void)? = nil)

    While doing the above operation , the NSError returned back is having the problem

    alaaugustine

  • @alaaugustine Are you able to programmatically capture Console logs? Can you please explain how you are doing it?

    roee84
Add a Comment

The error code is not captured in our App.

OK, that makes it hard.

My best guess is that something on this device, perhaps another third-party NE app, has saved a huge NE configuration and that’s pushed the configuration file size beyond this limit. However, it’s hard to say without more info.

The best thing to do here is to have the user reproduce the problem, then trigger a sysdiagnose log, then file a bug with that log. Once that’s done, post the bug number here and I’ll take another look.

Oh, this is assuming that your NE configurations is reasonable. I’ve seen folks do some really wacky things with NE, like save a configuration with 10,000 entries in the providerConfiguration dictionary, and that won’t end well.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

What is the limit of providerConfiguration?

There isn’t a hard limit. There is a limit on the size of the overall NE configuration file (2 GB MB) which is what you’re hitting.

FB9162278

Thanks.

Looking at the preliminary analysis on that bug it seems that, as expected, NE and your NE product are innocent bystanders here. Something else on the system has created a bunch of NE configuration entries and that’s pushed this file beyond its limit. I initially thought that this might be some other third-party NE product but right now it looks like it’s related to another system component.

Regardless, there’s nothing you can do here.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo

  • "the NetworkExtension configuration is to large (2643248 bytes) " this corresponds to approximately 2 MB . Could you please confirm again if the limit is 2 GB or 2 MB?

    alaaugustine

  • Hey, I was only three orders of magnitude off!

    eskimo
Add a Comment

Our VPN has a user who is unable to install the VPN profile. From the logs: Connect Tunnel Save Error: Error Domain=NEVPNErrorDomain Code=5 "total NetworkExtension configuration size limit exceeded" UserInfo={NSLocalizedDescription=total NetworkExtension configuration size limit exceeded}. The user is running iOS 16.4.1 on an iPhone 12 Pro.

I believe (from the message and the discussion above) that the total size of the user's NetworkExtension config (across all apps/settings) is too large, and is blocking the install of our VPN. What settings are in this "NetworkExtension config", and thus contributing to the size? Will "Reset Network Settings" clear it all out, allowing the user to install the VPN?

Posted by
mattch
Up vote reply of mattch Down vote reply of mattch
Add a Comment

What settings are in this "NetworkExtension config", and thus contributing to the size?

I believe it encompasses all configurations for all NE providers (and their built-in equivalents).

Will "Reset Network Settings" clear it all out, allowing the user to install the VPN?

I think so.

If you tell your user to do this, please ask them to capture a sysdiagnose log first. That way we have a record of the original state before the reset.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

I have this problem myself. Resetting network settings do not fix this problem. Is there any other recourse? Is there a way we can go in manually and delete the config?

Posted by
Fruitul
Up vote reply of Fruitul Down vote reply of Fruitul
Add a Comment