Hello,
We are facing what we believe is a compatibility issue with two networking APIs.
If the Network extension VPN configuration has includeAllNetworks flag enabled and the NEHotspotHelper is registered.
The user has internet connection but it is blocked, and there user will get internet back only after restarting the device.
VPN Configuration is as below while connecting to VPN,
{
localizedDescription = WLVPN WireGuard Configuration
enabled = YES
protocolConfiguration = {
serverAddress = <18-char-str>
passwordReference = {length = 20, bytes = 0x67656e70ed0d05c06b1b4896bf4fef2031e1a92d}
disconnectOnSleep = NO
includeAllNetworks = YES
excludeLocalNetworks = YES
excludeCellularServices = YES
excludeAPNs = YES
excludeDeviceCommunication = YES
enforceRoutes = NO
providerBundleIdentifier = com.wlvpn.ios.consumervpn.network-extension
}
onDemandEnabled = NO
onDemandRules = ()
}
After running the code shown below. Regardless if the VPN is connected or not, the user needs to restart his device to regain internet access.
private let neHelperQueue = DispatchQueue(label: "com.wlvpn.ios.consumervpn.hotspot",
attributes: DispatchQueue.Attributes.concurrent)
let options: [String: NSObject] = [kNEHotspotHelperOptionDisplayName : "" as NSObject]
let status = NEHotspotHelper.register(options: nil, queue: neHelperQueue) { cmd in
NSLog("Received command: \(cmd.commandType.rawValue)")
}
We need to use the includeAllNetworks flag to prevent the novel "Tunnel vision" vulnerability.
Can we please have some help getting confirmation if both functionalities are compatible or if there's a way to enable them at the same time?
