In func handleNewTCPFlow(_ flow: NEAppProxyTCPFlow) we create a connection as: let connection = NWConnection(to: flow.remoteEndpoint.nwEndpoint, using: .tcp) When converting this to UDP, the NEAppProxyUDPFlow doesn't have a flow.remoteEndpoint so it's unclear to me where I should get this from. Presumably each datagram has a destination which defines which flow it belongs to.

Thanks for getting back to me. I'm afraid my poor editing above confused the issue. The project claims it is based on the QNE2TransparentProxyMac and I've been working on it for a while to finish TLS inspection and filtering. The previous developer had moved on before I joined the project so I don't have whatever code he might have received. I want to add support for UDP and noticed it's not enabled in the Network Extension and there's no UDP flow copier. Is there some transparent proxy example that includes support for UDP? I'm following the TCP example to implement UDP support but would prefer not to reinvent it if it already exists. Thanks. Peter

After learning much about code signing and reviewing the problems and solutions in the Apple Dev forums I determined the "Apple Development" signing identity Xcode generated automatically failed to properly install in my Login Keychain so I manually generated a new one which is working.

Thanks for the quick response. The underlying problem is getting Xcode to build my app successfully. This was working until I unwittingly damaged my Login Keychain and had to rebuild it. The basic test above isolates the problem to code signing in general as opposed to some setting in Xcode. What changed is I had to reset my Login Keychain so some piece of information may have been lost but neither codesign nor "automatically manage signing" in Xcode provide any clue in this case.