OnDemand VPN connection stuck in NO INTERNET

App & System Services Networking
disinghal OP
Created 6d
Replies 8
Boosts 0
Views 144
Participants 2

We create custom VPN tunnel by overriding PacketTunnelProvider on MacOS. Normal VPN connection works seamlessly. But if we enable onDemand rules on VPN manager, intemittently during tunnel creation via OnDemand, internet goes away on machine leading to a connection stuck state.

Why does internet goes away during tunnel creation?

Replies  8
Boosts  0
Views  144
Participants  2
DTS Engineer OP
Apple
6d

How is your provided packaged? As an app extension? Or a system extension?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
disinghal OP
3d

App Extension

0
DTS Engineer OP
Apple
3d

OK. Thanks for confirming.

When you see this, is there only one user involved? That is:

  • You’ve log in via the GUI.
  • And are working with networking, including your VPN.
  • Without logging out.
  • Or fast user switching to a different user.

Is that right?

This matters because appex packaging only really works in the context of a single user, so if you add other users into the mix things get complicated.

Also, you wrote:

internet goes away on machine leading to a connection stuck state.

Can you clarify what this means? I see two possibilities:

  • Networking goes away for other apps on the system but the system doesn’t start your packet tunnel provider.
  • Alternatively, the system starts your packet tunnel provider and it attempts to connect to your VPN server and that connection acts like there’s no Internet.

Is it either of these? Or something else?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
disinghal OP
2d
  1. Single User
  2. Machine has internet -> onDemand Enabled-> calls startTunnel() -> but before even we call setTunnelNetworkSettings(), internet goes away on machine

So I am guessing some network settings are changing on machine in between leading to traffic going over incorrect interface.

0
disinghal OP
2d

Happening only when onDemand is enabled (Not at all when we manually call startTunnel and setup VPN tunnel settings).

0
DTS Engineer OP
Apple
4h
Happening only when onDemand is enabled

OK. Then what does your on-demand setup look like?

before even we call setTunnelNetworkSettings(), internet goes away on machine

Does that mean your packet tunnel provider is able to open a network connection to the VPN server? That seems like it should be the case — most VPN clients have to contact the VPN server to get the settings they need to order to call setTunnelNetworkSettings() — but I just want to be clear.

And if that’s the case, then does the packet tunnel provider’s connect to the VPN server tear when the “internet goes away”? Or is it just that the Internet goes away for other app’s running on the Mac?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
disinghal OP
2h

let rule = NEOnDemandRuleConnect() rule.interfaceTypeMatch = .any manager.onDemandRules = [rule] manager.isOnDemandEnabled = true manager.isEnabled = true manager.saveToPreferences {}

Yes, we need to contact VPN server and some other endpoints to get the configuration. But https requests are timing out because device is loosing internet connectivity (All apps + device)

0
disinghal OP
1h

It stays in NO_INTERNET state until on-demand is disabled

0
OnDemand VPN connection stuck in NO INTERNET
First post date Last post date
 
 
Q