In my basement I have a couple of raspberry PIs that are collecting sensor data. They cannot send the data to any server because there is no signal in the basement. So my idea was to develop an app that would host a web server so that I can take my phone, go into the basement and enable the hotspot so that the raspberrys can connect to my phones Wifi and send their sensor data via API calls to the web server that is running on the phone. I have read about Vapor but somehow that feels like overkill for this problem. Do you guys have any recommendations how to solve this problem or better ideas than running a web server on the iPhone (and no, extending the wifi signal into the basement is not an option here)?

MacOS (15.7) local host (expressjs: light weight REST API server) NOT able to configure to access from my iPhone physically connected via thunderbolt BUT I am able to access it from localhost via Browser of the Macbook (locally), But NOT from iPhone server running at '0.0.0.0' Firewall is turned off(by default) I hope someone can get me the steps in enabling the port

Dear Team, We are trying to implement universal linking app to app redirection for our banking application. We have configured the associated domains in our application as can be seen below in the info plist of our IPA <?xml version="1.0" encoding="UTF-8"?><!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "https://www.apple.com/DTDs/PropertyList-1.0.dtd"><plist version="1.0"><dict><key>application-identifier</key><string>2TK5X82C47.com.bankalbilad.NewRMB</string><key>aps-environment</key><string>production</string><key>beta-reports-active</key><true/><key>com.apple.developer.associated-domains</key><array><string>applinks:rob-auth.bankalbilad.com</string></array><key>com.apple.developer.icloud-container-identifiers</key><array></array><key>com.apple.developer.pass-type-identifiers</key><array><string>2TK5X82C47.*</string></array><key>com.apple.developer.payment-pass-provisioning</key><true/><key>com.apple.developer.team-identifier</key><string>2TK5X82C47</string><key>com.apple.developer.ubiquity-kvstore-identifier</key><string>2TK5X82C47.com.bankalbilad.NewRMB</string><key>com.apple.security.application-groups</key><array><string>group.com.NewRMB</string></array><key>get-task-allow</key><false/><key>keychain-access-groups</key><array><string>2TK5X82C47.com.bankalbilad.NewRMB.keychain</string></array></dict></plist> We are unable to see the call made from IOS reaching the endpoint which is https://rob-auth.bankalbilad.com/.well-known/apple-app-site-association We performed curl of our domain and get the below error. curl -i https://app-site-association.cdn-apple.com/a/v1/rob-auth.bankalbilad.com HTTP/1.1 404 Not Found Server: AppleHttpServer/2caa77a6bc2e755fca0e0f63e4d67e53390f9184 Date: Thu, 14 May 2026 11:42:16 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 10 Apple-Failure-Details: {"cause":"Connection failed"} Apple-Failure-Reason: SWCERR00305 Network error Apple-From: https://rob-auth.bankalbilad.com/.well-known/apple-app-site-association Apple-Try-Direct: false Cache-Control: max-age=3600,public Vary: Accept-Encoding X-B3-TraceId: bfafe8fa87a6828f Strict-Transport-Security: max-age=31536000 Age: 21 Via: https/1.1 defra2-vp-vst-017.ts.apple.com (acdn/302.16436), https/1.1 defra2-vp-vfe-006.ts.apple.com (acdn/302.16436), http/1.1 defra2-xdc-mx-023.ts.apple.com (acdn/302.16436), http/1.1 defra1-edge-fx-060.ts.apple.com (acdn/302.16436) X-Cache: hit-stale, hit-stale, hit-fresh, hit-fresh CDNUUID: 6fb88181-f58a-4059-a770-26a43e1f32d0-16071773867 Expires: Thu, 14 May 2026 11:42:26 GMT Connection: keep-alive Not Found curl -v https://app-site-association.cdn-apple.com/a/v1/rob-auth.bankalbilad.com * Host app-site-association.cdn-apple.com:443 was resolved. * IPv6: (none) * IPv4: 17.253.15.159, 17.253.63.204, 17.253.63.201, 17.253.29.140, 17.253.29.162, 17.253.39.133, 17.253.39.145, 17.253.15.162 * Trying 17.253.15.159:443... * schannel: disabled automatic use of client certificate * ALPN: curl offers http/1.1 * ALPN: server accepted http/1.1 * Connected to app-site-association.cdn-apple.com (17.253.15.159) port 443 * using HTTP/1.x > GET /a/v1/rob-auth.bankalbilad.com HTTP/1.1 > Host: app-site-association.cdn-apple.com > User-Agent: curl/8.13.0 > Accept: */* > < HTTP/1.1 404 Not Found < Server: AppleHttpServer/2caa77a6bc2e755fca0e0f63e4d67e53390f9184 < Date: Thu, 14 May 2026 11:42:16 GMT < Content-Type: text/plain; charset=utf-8 < Content-Length: 10 < Apple-Failure-Details: {"cause":"Connection failed"} < Apple-Failure-Reason: SWCERR00305 Network error < Apple-From: https://rob-auth.bankalbilad.com/.well-known/apple-app-site-association < Apple-Try-Direct: false < Cache-Control: max-age=3600,public < Vary: Accept-Encoding < X-B3-TraceId: bfafe8fa87a6828f < Strict-Transport-Security: max-age=31536000 < Age: 33 < Via: https/1.1 defra2-vp-vst-017.ts.apple.com (acdn/302.16436), https/1.1 defra2-vp-vfe-006.ts.apple.com (acdn/302.16436), http/1.1 defra2-xdc-mx-023.ts.apple.com (acdn/302.16436), http/1.1 defra1-edge-fx-058.ts.apple.com (acdn/302.16436) < X-Cache: hit-stale, hit-stale, hit-fresh, hit-fresh < CDNUUID: 77d7de5e-f827-44b1-bbf5-ae2d8e36e104-16053052830 < Expires: Thu, 14 May 2026 11:42:26 GMT < Connection: keep-alive We also don't see any blocks in our firewall or in WAF or any network level Load balancers. Can you please help in troubleshooting the same.

Hi In the "CaptiveNetwork.h", the "CNCopyCurrentNetworkInfo" is marked as "API_TO_BE_DEPRECATED" CFDictionaryRef __nullable CNCopyCurrentNetworkInfo (CFStringRef interfaceName) API_DEPRECATED_WITH_REPLACEMENT("[NEHotspotNetwork fetchCurrentWithCompletionHandler:]", ios(4.1, API_TO_BE_DEPRECATED), macCatalyst(14.0, API_TO_BE_DEPRECATED)) API_UNAVAILABLE(macos, tvos, watchos, visionos); But in developer documents, it is marked as "DEPRECATED"： https://developer.apple.com/documentation/systemconfiguration/cncopycurrentnetworkinfo Before we use Xcode 16.2 to archive app, this interface still work on iOS 26 device. But after we changed to Xcode 26.2, this interface return nothing on iOS 26 and we need to use "NEHotspotNetwork" related interface. My question is： Why there are difference between the documents and framework sdk how we can know that a interface marked "API_TO_BE_DEPRECATED" or "DEPRECATED", when will they not work totally. Is there a accurate timeline or standard for them? Some interface marked deprecated after 12.0 is still working Now. After knowing the accurate timeline we can plan the interfaces migration.

Hi everyone, We are working on an app that requires access to devices on the local network (Bonjour / LAN discovery + direct socket communication). We are currently struggling with the Local Network privacy permission flow introduced by Apple. From our understanding, there is no dedicated public API to explicitly request Local Network permission or to reliably determine the current authorization state before attempting network activity. We have tried several commonly suggested approaches to trigger the permission dialog, including: Bonjour browsing via NWBrowser Publishing/listening with NetService UDP/TCP socket attempts on local subnet NWConnection / NWListener Triggering discovery after app launch and after foreground transitions We already added the required entries in: NSLocalNetworkUsageDescription NSBonjourServices However, the behavior is inconsistent across devices and OS versions: Sometimes the popup appears immediately Sometimes it never appears Sometimes network operations silently fail without callback clarity In some cases callbacks are delayed or ambiguous Reinstalling/resetting permissions changes behavior unpredictably Our main challenges are: What is currently considered the most reliable Apple-approved method to trigger the Local Network permission prompt? Is there any officially recommended way to determine whether permission is: not determined denied granted Is there any reliable callback or state transition API developers should use? Are there known differences between: NWBrowser NetService BSD sockets NWConnection when it comes to triggering the permission dialog? Are there recommended retry/timing patterns to avoid race conditions during app launch? Is Apple planning to introduce a dedicated authorization API similar to: AVAuthorizationStatus CLAuthorizationStatus PHPhotoLibrary.authorizationStatus() Right now it feels difficult to provide a reliable UX because there is no deterministic way to: proactively request access observe authorization state recover gracefully when the prompt does not appear Any guidance, DTS references, WWDC sessions, or recommended implementation patterns would be greatly appreciated. Thanks!

Hi everyone, I'm developing an iOS app using Swift (Foundation, Network, and Combine) that communicates via TCP with a weighing scale. The scale uses an internal ESP32 module acting as a Wi-Fi Access Point (no internet access) specifically for data transmission. The app connects to this network and opens a socket to receive weight data and send command strings. I’m currently facing two main issues: Socket Management: The socket isn't closing properly. Occasionally, the app opens multiple simultaneous connections instead of maintaining a single one. Since the ESP32 has a client limit, these ghost connections eventually hang the communication module. Invalid Outbound Data: The connection drops frequently because the scale receives invalid strings from the app. My logs show strange character sequences (like "gggggggggfdhj" or "vfgdddddddddddtty") being sent involuntarily. I haven't programmed these strings, and they cause the scale to terminate the session due to protocol violations. How can I ensure proper socket closure and prevent these random data packets? Additionally, a technical question: Is it possible to keep this TCP connection active in the background indefinitely on iOS while the user interacts with other apps?

Is there any iOS API, framework, or entitlement (public or beta) that lets an app detect when a user disables or removes a Configuration Profile (specifically a DNS-over-HTTPS profile) — without VPN extension, MDM, or supervised mode? Use case: I need to know server-side, in real time, when the user toggles off a .mobileconfig DoH profile they previously installed. Things I've already reviewed and ruled out: NetworkExtension (NEDNSSettingsManager — only fires while app is running) BGTaskScheduler (iOS-scheduled, not real-time) NEFilterDataProvider (requires supervised) VPN / MDM / supervised Anything I'm missing?

Hello, I am working on a network security and DLP (Data Loss Prevention) solution. A core requirement of our architecture is the ability to modify network traffic payloads in-flight (e.g., stripping sensitive data or altering packets). So, the only way to implement this is via the NETransparentProxyProvider which allows us to handle, evaluate, and modify network flows (NEAppProxyFlow). However, because this is such a powerful mechanism, my primary goal is to ensure the absolute stability of the operating system. I want to minimize the risk of interfering with core Apple services. When evaluating a flow, I have access to NEFlowMetaData, specifically properties like sourceAppUniqueIdentifier and sourceAppAuditToken. Could you please assist me with the following questions: Is there a recommended list of Apple system Application IDs (Bundle IDs) or executable names that should be strictly bypassed (ignored) by the Network Extension to maintain system integrity? Since system daemons can change between OS releases, are there any programmatic best practices or specific rules to dynamically identify core OS traffic that must not be intercepted? Are there any specific network ports or protocols that Apple strongly recommends excluding from NENetworkRule matches at the proxy provider configuration level to ensure daemons like apsd or mDNSResponder function correctly? Thank you in advance.

Hello, I am investigating a recurring crash that appears to be originating within the system's network stack. OS Version: iPhone OS 26.1 (23B85) Role: Foreground Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000000 Exception Codes: 0x0000000000000001, 0x0000000000000000 Triggered by Thread: 19 Description: The crash is triggered by Thread 19 and occurs deep within libquic.dylib during a QUIC recovery timer event. Based on the backtrace, the failure happens in quic_recovery_pto. The issue seems to occur when a protocol instance schedules a wakeup, leading to a null pointer dereference in the system library. Crashed Thread Backtrace snippet:Thread 19 Crashed: Thread 19 Crashed: 0 libquic.dylib 0x00000001a00a38cc quic_recovery_pto + 72 (quic_recovery.c:1259) 1 libquic.dylib 0x00000001a00a3390 quic_recovery_timer_fired + 132 (quic_recovery.c:1460) 2 libquic.dylib 0x00000001a00a1f8c quic_timer_run + 248 (quic_timer.c:210) 3 Network 0x000000018ec76cbc __nw_protocol_instance_schedule_wakeup_block_invoke + 76 (protocol_implementation.cpp:5847) 4 Network 0x000000018eba34e0 __nw_context_reset_timer_block_with_time_block_invoke + 268 (context.cpp:2224) 5 libdispatch.dylib 0x00000001c84727ec _dispatch_client_callout + 16 (client_callout.mm:85) 6 libdispatch.dylib 0x00000001c845d664 _dispatch_continuation_pop + 596 (queue.c:349) 7 libdispatch.dylib 0x00000001c8470528 _dispatch_source_latch_and_call + 396 (source.c:601) 8 libdispatch.dylib 0x00000001c846f1fc _dispatch_source_invoke + 844 (source.c:966) 9 libdispatch.dylib 0x00000001c8463288 _dispatch_workloop_invoke + 1612 (queue.c:4761) 10 libdispatch.dylib 0x00000001c846c3ec _dispatch_root_queue_drain_deferred_wlh + 292 (queue.c:7265) 11 libdispatch.dylib 0x00000001c846bce4 _dispatch_workloop_worker_thread + 692 (queue.c:6859) 12 libsystem_pthread.dylib 0x00000001ec0623b8 _pthread_wqthread + 292 (pthread.c:2696) 13 libsystem_pthread.dylib 0x00000001ec0618c0 start_wqthread + 8 (:-1) Can anyone provide insights into what might be causing libquic to access an invalid address in this context? Any help or suggestions for further diagnostics would be greatly appreciated.

Post app update our extension version is replaced with the new version. However occasionally maybe around 20% of the time The XPC connection we have for communication between the app and extension will not work. We have reconnection retry logic as well as tried stop and starting the extension but it appears once its broken its broken and all that fixes it is a machine restart. This is obviously not ideal. I have noticed a few other forums talking about the same or similar problem. https://developer.apple.com/forums/thread/728063 https://developer.apple.com/forums/thread/779395 https://developer.apple.com/forums/thread/742992 When we run on a broken upgrade cycle `sudo launchctl print system/NetworkExtension.com.company.example.app.filter.5.5.0.2248 ` We notice that endpoints is missing from the log. However if we run the same command in terminal for a working upgrade cycle endpoints = {} exist. Therefore for some reason our xpc isn't actually getting registered.

According to documentation, the URLSession background tasks continue even when the app is suspended. What is the lifespan of the URLSessionDownloadDelegate object when app is suspended or terminated? Will it get re-created and re-initialize properties when the app re-launches, or will it somehow restore the existing property values? Also, urlSessionDidFinishEvents not getting called, and what do we need to do there with the backgroundCompletionHandler? Any insights are much appreciated. We are getting ready to launch and this is a roadblock. (visionOS26.4) Thank you. @Observable class DownloadManager: NSObject, URLSessionDownloadDelegate { ... let config = URLSessionConfiguration.background(withIdentifier: "TestDL") config.sessionSendsLaunchEvents = true var urlSession = URLSession(configuration: config, delegate: self, delegateQueue: nil) func downloadFiles(... { // initiate multiple file downloads concurrently for url in urlList { let task = urlSession.downloadTask(with: url) task.resume() } } func urlSession(_ session: URLSession, downloadTask: URLSessionDownloadTask, didFinishDownloadingTo location: URL) { ... func urlSession(_ session: URLSession, downloadTask: URLSessionDownloadTask, didWriteData bytesWritten: Int64, totalBytesWritten: Int64, totalBytesExpectedToWrite: Int64) { ... func urlSession(_: URLSession, task: URLSessionTask, didCompleteWithError error: Error?) { ... // Not getting called ?? // Is this only called when app is suspended/terminated? func urlSessionDidFinishEvents(forBackgroundURLSession session: URLSession) { print("didFinishEvents") Task { @MainActor in //urlSession?.finishTasksAndInvalidate() //urlSession = nil // not sure what to do here: if let appDelegate = UIApplication.shared.delegate as? AppDelegate, let completionHandler = appDelegate.backgroundCompletionHandler { completionHandler() appDelegate.backgroundCompletionHandler = nil } } }

I've searched these terms all over the place and have found only a confusing mishmash of things that were probably true years ago but no longer seem to reflect today's reality so I'm posting it here to hopefully add a definitive 2026 answer to these search results for myself and others. The existence of the DNS Proxy Network Extension protocol in 10.15 has given me an idea. I would like to test this idea to see if it is worth developing further or a complete waste of time. This test does not need to run on any device anywhere in the world other than the one in front of me so I would prefer not to spend $100 just to see if I can make a small code fragment do a silly trick. XCode sadly refuses to build my Network Extension target when I only have a "Personal Team" to sign with: Personal development teams, including "XXXX XXXX", do not support the Network Extensions capability. Can this be done or is Apple just 100% pay-to-play nowadays? I have zero problems disabling SIPS or any other consumer grade protections if that will actually achieve my goal but I've read enough comments from people saying it didn't work that I haven't bothered trying. Thanks for reading. OS: 15.7.5 (24G624) XCode Version 26.3 (17C529)

I've seen a number of similar posts from other network system extension developers reporting kernel panics on M5 devices in macOS. These kernel panics occur when network system extensions are enabled and are not observed on earlier mac platforms or versions of macOS. Reference: https://developer.apple.com/forums/thread/821372 In this post, it appears like Apple is aware of a problem as noted by Kevin Elliott in versions of macOS. Do we know if there is any way to work around this problem (short of not enabling a network filter) until a fix is available?

After an app update replaces our extension with the new version, the XPC connection between the app and the extension fails to work roughly 20% of the time. Once it's broken, it stays broken — our reconnect/retry logic doesn't recover it, stopping and starting the extension doesn't recover it, and the only thing that fixes it is a full machine restart. This obviously isn't ideal. I've seen a few other threads describing the same or a very similar issue: https://developer.apple.com/forums/thread/728063 https://developer.apple.com/forums/thread/779395 https://developer.apple.com/forums/thread/742992 On a broken upgrade cycle, when we run: sudo launchctl print system/NetworkExtension.com.company.example.app.filter.5.5.0.2248 the endpoints entry is missing from the output entirely. On a working upgrade cycle, the same command shows endpoints = {} is present. So it looks like our XPC service isn't actually getting registered with launchd in the broken case. We've tried various changes to our connection logic, but nothing prevents the issue — random upgrades still end up broken with no obvious cause. Is there a known way to recover the XPC registration without requiring a machine restart?

Hello, I am experiencing a specific authorization error on macOS Tahoe when trying to discover all available service types on the local network. While the implementation works perfectly on iOS and macOS Sonoma, it fails on Tahoe with a specific error code. The Issue When calling DNSServiceBrowse with the meta-query string _services._dns-sd._udp, the function immediately returns kDNSServiceErr_NoAuth (-65555). // This call fails on macOS Tahoe DNSServiceErrorType err = DNSServiceBrowse( &ref, 0, kDNSServiceInterfaceIndexAny, "_services._dns-sd._udp", // Meta-query for all services domc, probe_browse_reply, (__bridge void *)self ); Important Findings & Observations Specific Services Work: If I change the service type to a specific one (e.g., _http._tcp or _ssh._tcp) using NWBrowser, it works correctly and returns results. The error only occurs when browsing for _services._dns-sd._udp using DNSServiceBrowse. Local Network Permission: I have confirmed that the Local Network toggle is ON for my app in System Settings > Privacy & Security > Local Network. Entitlements: My app has the com.apple.developer.networking.multicast entitlement. Info.plist: Both NSLocalNetworkUsageDescription and NSBonjourServices (including _services._dns-sd._udp) are properly configured. Sandbox: The issue persists regardless of whether the App Sandbox is enabled (with incoming/outgoing connections) or disabled. Environment Not Working OS: macOS Tahoe 26 Working OS: macOS Sonoma, iOS 26 Question It seems macOS Tahoe has introduced a stricter policy regarding Network Reconnaissance or meta-service browsing. Is there a new requirement or a specific entitlement needed in macOS Tahoe to browse for _services._dns-sd._udp? Any guidance on how to restore this functionality for network utility apps on macOS Tahoe would be greatly appreciated. Best regards.

I've managed to put together a WebSocket client in Swift using NWProtocolWebSocket (though the documentation does not make it easy.) The point I'm stuck on is how to get a meaningful error if the server rejects the HTTP request, for example with a 404 or 403 status. The error reported to my stateUpdateHandler is a low-level POSIXErrorCode(rawValue: 53): Software caused connection abort). Additionally, how can I add custom headers to the HTTP request, like authorization or cookies? (I'm kind of wondering whether good ol' NSURLSession would have been a better choice -- TN3151 says: "Unless you have a specific reason to use URLSession, use Network framework for new WebSocket code", but at this point I feel that's bad advice.)

model : iphone 17 ios version: 26.2 app used: https://developer.apple.com/documentation/wifiaware/building-peer-to-peer-apps Here is our observation when we tried to make wifi aware connection between iphone and our wifi device. note : we used iphone as subscriber ( view simulation) 1.pairing & bootstrapping was successfully done 2.Data path was successfully established between iphone and our device. after data path establishment ,within few seconds , DATA PATH TERMINATION was sent from iphone which leads to pairing verification with new NMI address. Same behaviour is noticed even when we try to establish connection between two iphone devices. Here we have few questions. Once we establish data path , Why iphone initiates data path termination instead using the same service for data path exchange. 2.Why do we go for PAIRING VERIFICATION everytime.

Our business interface requests require disabling HTTP(s) proxies. We configured URLSessionConfiguration.connectionProxyDictionary as before, but found that it does not work on iOS 26 1.Core code: let configuration = URLSessionConfiguration.default configuration.connectionProxyDictionary = [ "HTTPEnable": false, "HTTPSEnable": false, "SOCKSEnable": false, ] let session = URLSession(configuration: configuration) let request = URLRequest(url: URL(string: "https://www.baidu.com")!,timeoutInterval: Double.infinity) // 发送请求 let task = session.dataTask(with: request) { data, response, error in if let error = error { print("网络请求失败: \(error)") } if let data = data { print("网络请求成功，返回数据长度: \(data.count)") if let responseString = String(data: data, encoding: .utf8) { print("返回数据: \(responseString.prefix(100))...") } } } task.resume() 2.Specific steps: We captured traffic using Proxyman and Charles. With the same code, requests cannot be captured on iOS 18 and iOS 16.1, but can be captured on iOS 26.2 and 26.1. Conclusion:Therefore, we suspect there is a bug with URLSessionConfiguration.connectionProxyDictionary on iOS 26.x. Please let us know whether this is a bug. If not, how should we properly disable HTTP(s) proxies? Note: We need to exclude PAC proxies, which are commonly used in corporate internal networks. 3.Devices & Software Xcode 16.4 iPhone 26.2、Simulator 26.1 iPhone 16、Simulator 18.0、Simulator 18.6 Proxyman、Charles

Our business interface requests require disabling HTTP(s) proxies. We configured URLSessionConfiguration.connectionProxyDictionary as before, but found that it does not work on iOS 16.2 and 16.3.1. 1.Core code: let configuration = URLSessionConfiguration.default configuration.connectionProxyDictionary = [ "HTTPEnable": false, "HTTPSEnable": false, "SOCKSEnable": false, ] let session = URLSession(configuration: configuration) let request = URLRequest(url: URL(string: "https://www.baidu.com")!,timeoutInterval: Double.infinity) // 发送请求 let task = session.dataTask(with: request) { data, response, error in if let error = error { print("网络请求失败: \(error)") } if let data = data { print("网络请求成功，返回数据长度: \(data.count)") if let responseString = String(data: data, encoding: .utf8) { print("返回数据: \(responseString.prefix(100))...") } } } task.resume() 2.Specific steps: We captured traffic using Proxyman and Charles. With the same code, requests cannot be captured on iOS 18 and iOS 16.1, but can be captured on iOS 26.2 and 26.1. Conclusion:Therefore, we suspect there is a bug with URLSessionConfiguration.connectionProxyDictionary on iOS 26.x. Please let us know whether this is a bug. If not, how should we properly disable HTTP(s) proxies? Note: We need to exclude PAC proxies, which are commonly used in corporate internal networks. 3.Devices & Soft Xcode 16.4 iPhone 26.2、Simulator 26.1 Proxyman、Charles

We have a Man In The Middle proxy that supports all kind of protocols (http, tls, dns, mail protocols, grpc, etc...)... On apple devices we are running it using the Network Extension framework as a NETransparentProxy. First of all, thank you for the framework, took a while to learn the ins and outs but it works nicely and runs smooth... However now that we start to roll it out to customers we see issues here and there.. For most it works fine, but for some that use other proxy/vpn solutions they run into all kind of "connectivity" issues... E.g. some customers run products from companies like zscaler, fortinet, tailscale etc... First we weren't sure if you could even run multiple TransparentProxy's that have the same network capture rules (e.g. the entire TCP range), but turns out that is fine as we tested it with a demo proxy of ours as well as the product version, both deployed as system extensions NETransparentProxy, and it is all fine.. However also here the ordering is not clear? Traffic seems to flow through both but cannot tell what the order is and if the user or we have any control over it. Now... Our proxy is not a VPN and thus not open a tunnel to a remote location. It is local only there to protect the developer. As such in theory it should be compatible with any other VPN and proxy as any traffic we intercept (all traffic) is still ok to go through their proxy/client-vpn and than through a remote tunnel if desired. So the questions I have is: Is there a way, either from within the code or that our users can configure to, on the order of multiple (network extension or other) proxies? Is TransparentProxy the correct solution if I also want compatibility with these other products and want to MITM the traffic? The flows that current work fine are: ClientApp --> NETransparentProxy[ours] --> remote target server clientApp --> L7 HTTP/SOCKS5 Proxy (system or app-defined) --> NETransparentProxy[ours] --> remote target server clientApp --> L7 HTTP/SOCKS5 Proxy (system or app-defined) --> NETransparentProxy[ours/demo] --> NETransparentProxy[demo/ours] --> remote target server However when people also have products from zscaler, fortinet, tailscale or some others it seems to work sometimes but not always, which makes me think it is order defined? What all of them have in common is that they need to go through a remote tunnel, whereas we do not go through a remote tunnel... Which if I am correct (perhaps I am not) should mean that as long as traffic always goes first via us that it should work? e.g. clientApp --> NETransparentProxy[ours] --> NETransparentProxy/Tunnel/...[third party vpn] --> Vpn Server --> remote target server That should in that case just work. But it does not work in case we are behind the (vpn proxy) client. Please let me know if I provide enough detail and if I'm clear? I am mostly wondering about what I can expect in terms of compatibility if there is anything I (or our company user) can do about ordering/priority/something ?