VPN auto reconnects after calling the cancelTunnelWithError method

Our VPN was implemented using the NEPacketTunnelProvider, in the case of back end permanent errors (e.g. permission denied), we would stop the VPN tunnel by calling the cancelTunnelVPNWithError method. This did stop the VPN, however the VPN would auto reconnect and enter an infinite loop of connecting and disconnecting due to the back end permanent error.

The VPN was turned on from the VPN settings. To completely disable the VPN, we need to either delete the VPN configuration, or manually tap on the toggle to disable.

Sample code:

- (void)PPNService:(PPNService *)PPNService didStopWithError:(nullable NSError *)error {
  SUBSPPNStatusData *ppnStatusData = [[SUBSPPNStatusData alloc] init];
  SUBSPPNToggleStatus *toggleStatus = [[SUBSPPNToggleStatus alloc] init];
  toggleStatus.ppnToggleStatus = SUBSPPNToggleStatus_PPNToggleStatus_Off;

  if (error) {
    [_ppnSessionManager logSessionEnd];
    [self cancelTunnelWithError:error];
    ppnStatusData.ppnStatus = SUBSPPNStatusData_PPNStatus_StoppedWithError;
    PPNStatusDetails *details = error.userInfo[PPNStatusDetailsKey];
}

Question: Why does the VPN auto reconnect after calling the cancel method? Any solutions to completely stop the VPN on permanent errors.

Up vote post of jingyil Down vote post of jingyil
306 views
Posted by
jingyil
Reply
Add a Comment

Replies

How have you configured VPN On Demand?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment

Yes, we have configured on demand, but even if we disabled the on demand, the VPN would still auto reconnect.

Code with on demand enabled:

 newManager.enabled = YES;
  [newManager setOnDemandEnabled:YES];
  newManager.onDemandRules = @[ alwaysOnRule ];

Code with on demand disabled:

newManager.enabled = YES;
  [newManager setOnDemandEnabled:NO];
Posted by
jingyil
Up vote reply of jingyil Down vote reply of jingyil
Add a Comment

even if we disabled the on demand, the VPN would still auto reconnect.

Are you sure? I’m struggling to see any way that VPN can start without explicit user action unless VPN On Demand is set.

Please do the following:

  1. Update your code to set onDemandEnabled to false.

  2. Erase your test device.

  3. Install your app on that device and re-test.

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Posted by
eskimo
Up vote reply of eskimo Down vote reply of eskimo
Add a Comment