Unable to detect Network Extension configuration change while pushing MDM profile

App & System Services Networking
AkshayKalucha OP
Created 5d
Replies 1
Boosts 0
Views 36
Participants 2

My team is developing an enterprise VPN application that needs to respond to Mobile Device Management (MDM) profile installations and removals in real-time. Our app uses the NetworkExtension framework and needs to update the UI immediately when VPN configurations are added or removed via MDM.

We are currently observing NEVPNConfigurationChangeNotification to detect VPN configuration changes:

  1. While NEVPNConfigurationChangeNotification fires reliably when users manually remove VPN profiles through Settings > General > VPN & Device Management, it appears to have inconsistent behavior when MDM profiles containing VPN configurations are installed programmatically via MDM systems.

STEPS TO REPRODUCE From MDM Admin Console: Deploy a new VPN profile to the test device On Device: Wait for MDM profile installation (usually silent, no user interaction required) Check Device Settings: Go to Settings > General > VPN & Device Management to confirm profile is installed Return to App: Check if the UI shows the new VPN profile

Replies  1
Boosts  0
Views  36
Participants  2
DTS Engineer OP
Apple
4d
We are currently observing NEVPNConfigurationChangeNotification

That is the canonical way to do this.

it appears to have inconsistent behavior when … VPN configurations are installed programmatically via MDM systems

What do you mean by “inconsistent”? Your steps to reproduce indicate that this fails every time, which seems pretty consistent to me (-: Are you saying that this is inconsistent with the documented behaviour? Or are you seeing the problem intermittently?

Either way, this sounds like a bug to me and I encourage you to file it as such. Make sure to include a sysdiagnose log taken shortly after reproducing the problem and, for bonus points, enable additional logging per the VPN (Network Extension) instructions on our Bug Reporting > Profiles and Logs page.

Please post your bug number, just for the record.

On the workaround front:

  • Does this problem only occur if your app is in the background? Or do you still see it when the app is running in the foreground when the configuration profile arrives?
  • If you add a test button to your app that calls NETunnelProviderManager.loadAllFromPreferences(), does it see the new configuration?

Share and Enjoy

Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0
Unable to detect Network Extension configuration change while pushing MDM profile
First post date Last post date
 
 
Q