Is there a v4 path available on the Network? If you try with Safari does this same behavior still happen? Yes, v4 path is available. Only Safari working fine, other browsers, Microsoft Team, curl etc are failing.

Hi @eskimo I am able to get process path associated with packet read in Packet tunnel. I am facing below problem with Safari: For Safari or any other apps which uses WKWebview having same process path: /Library/Apple/System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking Any ways to distinguish wether it is safari or other wkwebview apps? Related Problem: https://developer.apple.com/forums/thread/693528 In this thread, app proxy can help but in packet tunnel no such options exposed.

Hi @eskimo How did you get into the situation described scenario 2? I have create pkg installer. Installer does following steps in root mode: Execute script to uninstall existing system extension. This script uses current app from application folder. Removes current app from application folder using sudo rm -rf Replace new app in application folder Run script to Install new version of system extension. Problem: In step 1, due to some reason uninstallation fails, such as system prompts password for uninstallation, if by mistake user presses cancel button We get into scenario 2 if uninstallation fails. Normally the system prevents that I have noticed, if we manually delete app using finder then macOS prompt for uninstalling its extension.

I have created an utun interface(utun5) with address 10.0.0.0, then we installed VPN with address 10.0.0.0/8. I observed that new utun interface(utun4) created by VPN having the same address 10.0.0.0 only. What is the use of giving CIDR range instead of specific ip? utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.0 --> 10.0.0.1 netmask 0xff000000 nd6 options=201<PERFORMNUD,DAD> utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet6 fe80::bed0:74ff:fe37:92be%utun4 prefixlen 64 scopeid 0x1e inet 10.0.0.0 --> 10.0.0.0 netmask 0xff000000 inet6 2001:db8:: prefixlen 120 nd6 options=201<PERFORMNUD,DAD>

Hi @eskimo @meaton One doubt here, lets say 10.0.0.0 address is already in use by other utun. Now new VPN Interface is getting created with address 10.0.0.0/8. Will macOS assigns ip from the range 10.0.0.0/8 other than 10.0.0.0?

Hi @eskimo Looks like ip 239.255.255.250 is multicast address (Simple Service Discovery Protocol - SSDP) I have following questions: is multicast ip gets forwarded to every packet tunnel utun interface even-though it is not added in include rule? What if we ignore these packets from packet tunnel readPacketObjects as we don't want to handle these packets? when multicast entitlement needed?

Hi @eskimo, any thoughts on this?

@anoojkrishnan How did you solved this probelm?

Hi @eskimo C++ code is cross platform library for tunnel related tasks. It uses libcurl to do HTTP/HTTPS requests. what may be the reason for http not working? how to get exception for http?

Hi Eskimo, Please find the crash dumps attached. Crash Dumps

Thanks a ton @eskimo lsof doesn't works in sandboxed enviroment. i wanted to use lsof -i:port. i.e lsof -i:443 and grab Name(TCP 172.20.10.3:62323->52.98.87.66:https (ESTABLISHED)) as you can see last part in below command output. faisalikwal@TTWPXM6W4Y ~ % lsof -i:443 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME CalendarA 757 faisalikwal 82u IPv4 0x9b970081ec8283e5 0t0 TCP 172.20.10.3:62323->52.98.87.66:https (ESTABLISHED) exchanges 758 faisalikwal 8u IPv4 0x9b970081ec8303e5 0t0 TCP 172.20.10.3:62241->40.99.34.226:https (ESTABLISHED) Notes 867 faisalikwal 28u IPv4 0x9b970081ec001915 0t0 TCP localhost:62472->52.98.86.162:https (CLOSED) Mail 868 faisalikwal 83u IPv4 0x9b970081ec7d0e7d 0t0 TCP 172.20.10.3:62488->40.99.34.242:https (ESTABLISHED) Google 942 faisalikwal 22u IPv4 0x9b970081ec02794d 0t0 TCP 172.20.10.3:62512->okapi-services-apse1.apple.com:https (ESTABLISHED) My ultimate goal is to identify process belong to NEPacket received by packet tunnel provider since apple doesn't exposes metadata in packet tunnel(except perapp cases). I will have a look at lsof code to check how they do it.

@eskimo it is port used for network communication over the internet such as TCP, UDP etc

Hi, Following include setting working. But i am not sure below setting in place of ipv4Settings 0.0.0.0 or default will have any serious drawbacks. settings.ipv4Settings?.includedRoutes = [ NEIPv4Route(destinationAddress: "0.0.0.0", subnetMask: "128.0.0.0"), NEIPv4Route(destinationAddress: "128.0.0.0", subnetMask: "128.0.0.0") ] //DNS 8.8.8.8, 10.212.24.222 settings.ipv4Settings?.excludedRoutes = [ NEIPv4Route(destinationAddress: "8.8.8.8", subnetMask: "255.255.255.255"), NEIPv4Route(destinationAddress: "10.212.24.222", subnetMask: "255.255.255.255")]

Hi, By mistake i have pasted wrong code of filter rule. I don't see any option to edit post hence replying. I have applied rules on remote as below. let filterRules = ["0.0.0.0", "::"].map { address -> NEFilterRule in       let remoteNetwork = NWHostEndpoint(hostname: address, port: "0")       let networkRule = NENetworkRule(remoteNetwork: remoteNetwork,                           remotePrefix: 0,                           localNetwork: nil,                           localPrefix: 0,                           protocol: .TCP,                           direction: .any)       return NEFilterRule(networkRule: networkRule, action: .filterData)     }

I have added dropping 10.207.135.79 in method override func handleOutboundData as well