NEPacketTunnelProvider Start Issue on macOS 14.5

Question

Created Jun ’24

Replies 4

Boosts 0

Participants 2

We're encountering an issue with our Network Extension (utilizing NEPacketTunnelProvider and NETransparentProxy) on macOS 14.5 (23F79). On some systems, the VPN fails to automatically start after a reboot despite calling startVPNTunnel(). There are no error messages.

Our code attempts to start the tunnel:

.......
do {
  try manager.connection.startVPNTunnel()
  Logger.default("Started tunnel successfully")
} catch {
  Logger.error("Failed to launch tunnel")
}
......

System log analysis reveals the tunnel stopping due to userLogout (NEProviderStopReason(rawValue: 12)) during reboot. However, the Transparent Proxy stops due to userInitiated (NEProviderStopReason(rawValue: 1)) for the same reboot.

We need to understand:

Why the VPNTunnel isn't starting automatically. Why the userLogout reason is triggered during reboot.

Additional Context: We have manually started the VPN from System Settings before reboot.

Boost

Answer 1

Appleaholic OP

3w

Could someone please assist me with this?

0

Answer 2

DTS Engineer OP

Apple

2w

So am I to understand that this didn’t happen on earlier releases of macOS 14.x?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

Appleaholic OP

2w

Thank you for your response on this thread.

Yes, we have observed this issue only on macOS 14.5 (23F79) systems.

I have been investigating the issue and found the following:

The NEProviderStopReason code 12 UserLogout occurs on systems that are domain-joined. On reboot, the VPN tunnel stops with status code 12.
On non-domain-joined systems, on reboot, the VPN tunnel stops with status code 1 UserInitiated.

This behavior/NEProviderStopReason code is not the problem. The actual issue is why the VPN tunnel is not starting after reboot when we call the "startVPNTunnel() API". Additionally, it is concerning that this API does not throw any error if it is failing.

0

Answer 4

DTS Engineer OP

Apple

2w

Thanks for the additional info.

We’re currently seeding both a macOS 14.6 beta and a macOS 15 beta. Have you tested this on either of those?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0