Hi @eskimo @meaton One doubt here, lets say 10.0.0.0 address is already in use by other utun. Now new VPN Interface is getting created with address 10.0.0.0/8. Will macOS assigns ip from the range 10.0.0.0/8 other than 10.0.0.0?

I have created an utun interface(utun5) with address 10.0.0.0, then we installed VPN with address 10.0.0.0/8. I observed that new utun interface(utun4) created by VPN having the same address 10.0.0.0 only. What is the use of giving CIDR range instead of specific ip? utun5: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.0 --> 10.0.0.1 netmask 0xff000000 nd6 options=201<PERFORMNUD,DAD> utun4: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1300 options=6463<RXCSUM,TXCSUM,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM> inet6 fe80::bed0:74ff:fe37:92be%utun4 prefixlen 64 scopeid 0x1e inet 10.0.0.0 --> 10.0.0.0 netmask 0xff000000 inet6 2001:db8:: prefixlen 120 nd6 options=201<PERFORMNUD,DAD>

Hi @eskimo How did you get into the situation described scenario 2? I have create pkg installer. Installer does following steps in root mode: Execute script to uninstall existing system extension. This script uses current app from application folder. Removes current app from application folder using sudo rm -rf Replace new app in application folder Run script to Install new version of system extension. Problem: In step 1, due to some reason uninstallation fails, such as system prompts password for uninstallation, if by mistake user presses cancel button We get into scenario 2 if uninstallation fails. Normally the system prevents that I have noticed, if we manually delete app using finder then macOS prompt for uninstalling its extension.

Hi @eskimo I am able to get process path associated with packet read in Packet tunnel. I am facing below problem with Safari: For Safari or any other apps which uses WKWebview having same process path: /Library/Apple/System/Library/StagedFrameworks/Safari/WebKit.framework/Versions/A/XPCServices/com.apple.WebKit.Networking.xpc/Contents/MacOS/com.apple.WebKit.Networking Any ways to distinguish wether it is safari or other wkwebview apps? Related Problem: https://developer.apple.com/forums/thread/693528 In this thread, app proxy can help but in packet tunnel no such options exposed.

Is there a v4 path available on the Network? If you try with Safari does this same behavior still happen? Yes, v4 path is available. Only Safari working fine, other browsers, Microsoft Team, curl etc are failing.

Hi @meaton @eskimo Did you get any chance to look at this issue?

exit(0) in override stopXXXX stopping it

@eskimo an ES sysex always has demand. You mean if i add com.apple.developer.endpoint-security.client to YES in capabilities, then it will auto launch after installation? Any help on how to request this entitlement? Or any configuration which can cause demand for launch without using ES entitlements What are you trying to do with that code? There are few things we want to do such as monitoring interface changes using NWPathMonitor, start Unix domain server(there is another process which will connect to this server) etc

The trick is to allow the flow and then block all of its traffic until you’ve decided what to do. @DTS Engineer As per this trick, lets say we returns true to allow the flow, later on different queue/thread we decided to handover the flow to kernel, that's not possible right? in this case, only options left are to close the flow, or send it to actual destination, or send it to proxy. No way it can be handed over to kernel which happens after returning false from this method.

@DTS Engineer Any specific reason why apple has not added remoteEndpoint to NEAppProxyUDPFlow but remoteEndpoint is available for NEAppProxyTCPFlow?

Thanks much @DTS Engineer. During KeepAlive true, if process crashes after launch, what best can be done to minimise crash loop or at-least minimising system instability or excessive resource caused by crash loop?

@DTS Engineer for the system as a whole example: testyoutube.com ping, curl, or any browser etc visits testyoutube.com, i want to resolve it by Transparent Proxy.

@DTS Engineer I am also facing similar issues. Replacing SCNetworkReachability with NWPathMonitor. I couldn't found exact equivalent of SCNetworkReachabilityCreateWithName in NWPathMonitor. Instead it can used to monitor changes in specific interface or all interface. Is there a way to just monitor specific domain with NWPathMonitor?

@DTS Engineer We're encountering these crashes as well, including on macOS 15. Could this be related to exceptionally high internet speeds? Thread 12 Crashed:: Dispatch queue: com.apple.network.connections 0 libsystem_kernel.dylib 0x19cf9fbd8 os_channel_get_next_slot + 664 1 NetworkExtension 0x1afc07818 __40-[NEFilterPacketInterpose createChannel]_block_invoke + 416 2 libdispatch.dylib 0x19ce2b85c _dispatch_client_callout + 16 3 libdispatch.dylib 0x19ce165e0 _dispatch_continuation_pop + 596 4 libdispatch.dylib 0x19ce29620 _dispatch_source_latch_and_call + 396 5 libdispatch.dylib 0x19ce282f8 _dispatch_source_invoke + 844 6 libdispatch.dylib 0x19ce1c170 _dispatch_workloop_invoke + 1612 7 libdispatch.dylib 0x19ce25264 _dispatch_root_queue_drain_deferred_wlh + 292 8 libdispatch.dylib 0x19ce24ae8 _dispatch_workloop_worker_thread + 540 9 libsystem_pthread.dylib 0x19cfc5e64 _pthread_wqthread + 292 10 libsystem_pthread.dylib 0x19cfc4b74 start_wqthread + 8

@DTS Engineer In my case, user's reported such crashes on m2 pro with very high internet speed. They use ethernet. As per user, mostly it happens when they are on video call with many other user's. In very few time they've seen crashes during sleep. Let me check with these user's if they can collect sysdignose during issues.