Hi there, This is newly found that with all udp traffic filtered, SIP phone application doesn't have audio anymore. With wireshark analysis, it seems that STUN protocol gets upset in advance of RTP messages. It turns into some unknown format although we only pipe it through. Only way to workaround is to bypass all rtp ports. But we cannot do that as it is a huge range. Thanks in advance for any suggestion. Attached the case with/without rtp range bypassed. That was tested with linphone SIP phone application.

Hi there, This is the question when using dnsproxy together with appproxy. In case I need to filter all udp traffic through appproxy. How about dns traffic to port 53? It will go through both appproxy and dnsproxy! Do I need to return false inside appproxy for outbound 53 udp traffic without even open the flow? Any conflict of such usage? Thanks in advance for any suggestion. Regards Richard

Hi there, This is seen from console log running AppProxyProvider. Sometimes can see like this: nw_endpoint_handler_set_adaptive_write_handler [C978 IPv4#759261e2:443 ready socket-flow (satisfied (Path is satisfied), viable, interface: en0, ipv4, dns)] unregister notification for write_timeout failed Would like to see with you guys what is going on when such logs on show? Is it because the peer flow (connection or session) closed and the local connection (session) timeout? As it have seen with that appproxy gets blocked for a while and then recovers. Is it normal and is it avoidable? Thanks in advance for any suggestion.

Hi there, So far with the deployment of Network System Extension onto end devices of macbook pro, in general it all goes well. However, there do have some older devices, say 2015 macbook proc, even 2019 one has some problem of network drop after running for some time, say, in a couple of hours. Symptom is that network get stuck intermittently and then get totally loss. It seems that from time to time app proxy get stuck and cannot proceed further traffic fast enough, especially for dns request filtering currently going through the same app proxy. Thus causes network loss and not recoverable. So the question is: is there any requirement on the hardware in order to use Network System Extension correctly. Thanks in advance for any suggestion. Richard

Hi there, Is there any way to configuration the MTU value with AppProxyProvider (DNSProxyProvider). I guess should be around NWConnection and NWUDPSession and see any configuration available? Thanks in advance.

Hi there, We have app proxy + dns proxy both launched like below way: // Start App Proxy ProxyManager.shared().loadProxyManager(connect: true) { ProxyManager.shared().addObserver {} ProxyManager.shared().start() } // Start the DNS Proxy DNSManager.shared().start() With MDM profile, it work all good. But if without MDM profile, there will be two prompts asking confirmation to add net services for each proxy. But the first prompt will disappear and replaced by the second prompt. Thus can only confirm and add the second proxy net service. The result is only dns proxy net service added and running. No app proxy net service seen or running. Is it the right way that I launch both proxies like that? Still we need the use case without MDM profile. Thanks in advance for any suggestion. Richard

Hi there, Just to check with you any way to update filter rules on the run for app proxy. The setting up of filter rules is like below codes. let settings = NETransparentProxyNetworkSettings.init(tunnelRemoteAddress: "127.0.0.1") settings.includedNetworkRules = ... settings.excludedNetworkRules = ... setTunnelNetworkSettings(settings) { ... } That is inside startProxy() function followed by proxy start. I wonder is it possible to update these rules without restarting the proxy. Thanks in advance for any suggestion. Regards Richard

Solved