Hi, MacOS Version- 10.15.6 I have a remote access VPN application which made use of KEXT earlier and now I have migrated to NetworkExtension framework. I am running PacketTunnelProvider as SystemExtension. I maintain two threads, one for reading packets from utun and other for writing packets to utun. Here is a gist of my packet handler threads. Reading packets from utun read_packets_from_utun(){ &#9; [tun_device.packetFlow readPacketsWithCompletionHandler:^(NSArray<NSData *> * _Nonnull packets, NSArray<NSNumber *> * _Nonnull protocols) {     send_packets(packets, protocols);         }]; } send_packets(packets_array){ &#9;&#9;&#9;&#9;pcount = packets_array.count;         for(int i=0; i<pcount; i++){ &#9;&#9;&#9;&#9;&#9;&#9;// Encrypt and send packet to server           &#9;encrypt_and_send(packets_array[i]);         } // Read next packets } The 'send_packets' function then encrypts each packet in a loop, sends it to the server and then calls 'readPacketsWithCompletionHandler' again in order to keep receiving packets. 2. Writing packets to utun NSArray<NSData*>* packet_array = [NSArray arrayWithObject:packet];     NSArray<NSNumber*>* proto_arr = [NSArray arrayWithObject:proto_num];     [tun_device.packetFlow writePackets:packet_array withProtocols:proto_arr ]; After decrypting each packet, I write each packet back to utun via writePackets call. Question. Is this the correct way of using writePackets call? I ran some performance tests using iperf with the system extension and observed the following. (I also compared the performance numbers with that of older application with KEXT). Performance for UDP traffic (bidirectional) is observed to be the same for both the SystemExtension and KEXT. Performance for outbound TCP traffic (Macbook sending data to remote server) is found to be the same for both SystemExtension as well as KEXT. There is performance degradation seen for inbound TCP traffic (remote server sending data to macbook). The performance is degraded to approximately 10% of that of older app(KEXT). I also tried buffering packets before writing to utun, but there was no luck :( Am I missing something while handling packets? If that's not the case, Is there any known issue with TCP traffic with PacketTunnelProvider? Thanks.

Hi, We have a remote access VPN client implemented as SystemExtension using PacketTunnelProvider APIs. For DNS settings we are making use of NEDNSSettings APIs as follows:       settings.IPv4Settings = tun_ipv4_settings;   settings.MTU = tun_mtu;   settings.DNSSettings = tun_dns_config;   [tun_device setTunnelNetworkSettings:settings completionHandler:^(NSError *error){     if(error == NULL){       // Further processing     }else{       // Further processing     }   }]; Here are the issues we are experiencing with different MacOS versions: Catalina (10.15.6) Ping works, Chrome, Firefox can resolve DNS successfully. Issue seen with Safari. Things are working fine on Catalina (10.15.6) except for Safari, where Safari does not seem to resolve dns. Command line utilities like nslookup and dig don't work but I guess its fine as these tools refer to /etc/resolv.conf file for DNS resolution and MacOS handles it differently. Ping works fine with FQDN, Chrome, Firefox are able to resolve DNS successfully! For these we can see DNS queries/response packets on utun interface. I am not sure if there is a known issue with Safari for DNS on Catalina. BigSur (11.2.3) DNS resolution does not work at all! DNS config can be viewed using scutil --dns and it shows the correct configuration for utun interface. While testing our client on BigSur we see multiple issues related to DNS. We are not able to access servers behind VPN gateway via any browser. Ping doesnt not work. We cannot see any DNS traffic on utun interface. Is there any known issue with DNS on BigSur or are we missing something? Thanks.