Hi,
I’m looking for clarification on TN3134: Network Extension provider deployment, specifically iOS deployment requirements for:
- packet tunnel provider
- DNS proxy provider
From the documentation:
Packet Tunnel Provider
- App extension (min iOS 9.0): per-app mode requires a managed device
DNS Proxy Provider
- App extension (min iOS 11.0): supervised devices only
- App extension (min iOS 11.0): per-app mode requires managed devices
Issue
I implemented a DNS proxy using NEDNSProxyManager.
- Works as expected in debug builds on a local device
- Fails to configure when distributed via TestFlight
Console Output (TestFlight build)
error 10:05:39.872258-0500 nehelper The production version of *** is not allowed to create DNS proxy configurations. Use MDM to create DNS Proxy configurations for the production version of ***.
Question
Is it possible to distribute a DNS proxy provider for use on non-MDM / non-supervised devices?
If not:
- Is the limitation strictly enforced at distribution/runtime?
- Is a packet tunnel provider the only viable alternative for App Store distribution?
There is a lot of different VPN apps on the App Store that appear to work out of the box without MDM or supervision, which suggests they are using a different deployment model.
Thank you for any clarification or guidance!