I'm implementing a VPN client using PacketTunnelProvider.I have a C code that talk to my sever, and this C code also has callbacks to my Swift code.In those callbacks I just need to send / receive packets.I do not need to create a tunnel with the server, because the C code does it for me.So my question is, how to get all the packets ? I tried doing it with packetFlow, but without any success.(And as for the moment, i'm trying to do it at the startTunnelWithOptions function, but not sure if it's the right place)Thanks!

I'm tyring to implement a Packet Tunnel Provider for OSX.I have the entitlements, but when I try to run the app, it's immediatly crashing.At the console, I can see the following errors:Found 2 provisioning profiles com.apple.developer.networking.networkextension Disallowing com.myapp.MyApp[pid 73450] because its use of the com.apple.developer.networking.networkextension entitlement is not allowed killed com.myapp.MyApp[pid 73450] because its use of the com.apple.developer.networking.networkextension entitlement is not allowed (error code -67050)But as I said, I do have the entitlements, I'm using the correct provision profile, and I followed Eskimo tutorial at https://forums.developer.apple.com/message/75928#75928and everything looks as it should be.Any help would be appreciated!Edit: I created the provisioning profiles again, add them the network entitlements, cleaned the project, deleted the old profiles, and the problem still exists.

-I've implemented a VPN app (with Packet Tunnel Provider).I have an ovserver for NEVPNStatusDidChangeNotification.When the user press the "connect" button, 90 % of the time I get the notifications where the connection.status goes from Disconnected to Connecting and then to Connected.But I've already encounterd several cases, where the connection succeeded, but the notifications I got wereDisconnected -> Connecting - > InvalidAnd as I said, the connection been made and the VPN had been activated, so why I got the Invalid state ?Edit:Those are some of the system logs:name = <40-char-str> identifier = some-identifier-I-dont-know-1 applicationName = myApp application = myAppBundle grade = 1 VPN = { enabled = YES onDemandEnabled = YES onDemandRules = ( { action = connect interfaceTypeMatch = any }, ) protocol = { type = plugin identifier = some-identifier-I-dont-know-2 serverAddress = <16-char-str> username = <24-char-str> password = { identifier = some-identifier-I-dont-know-1 domain = user } passwordReference = <67656e70 00000000 00000417> identityDataImported = NO disconnectOnSleep = YES disconnectOnIdle = NO disconnectOUpdated network agent (inactive)vpnStatusDidChange: InvalidNESMVPNSession in state NESMVPNSessionStateIdle: update configuration NESMVPNSession: Received a start command from myApp

Is it possible to distrubite my VPN app (with packet tunnel provider) for MacOS with a standalone installer (such as .pkg/.dmg file) ?I think the answer is that it can't be done, but the reason I'm asking is that there are some clients who want to preinstall the app on some people's Macs instead of sending them to the App Store.So is it possible? or maybe the way to go here is by Apple Configurator ?

I've implemented a VPN app with Packet Tunnel Provider for MacOS and iOS.I have two questions regarding the Extension's sleep/wake functions:1. If the VPN configuration is set with disconnectOnSleep = false, and at the extension I'm sending keep-alives every X seconds, What would happen when the device enters sleep mode? Will it keep sending keep-alive (because the VPN is configured with disconnectOnSleep=false) ?2. If the VPN configuration is set with disconnectOnSleep = true, and also isOnDemandEnabled = true. When the device enters sleep mode, do I need to disconnect the VPN myself? Or the OS would take care of it? And if I should disconnect it myself, the on-demand won't try to turn it on again (because the on-demand) ?

I've implemented a VPN app (with Packet tunnel Provider) for MacOS.Each user has a password, which I'm saving at the keychain with a persistentReference.For some users (not many), the app fails to save the password and I got error -25308 which is User interaction is not allowed.Why does it happening and how can I solve it?

I have an iOS app and a MacOS app in which I want to display to the user it's device's local IP.If there is more than one IP, I would dispaly one of them, not matter which one.This is the code I'm using:func getIFAddresses() -> String { //var addresses = [String]() var address = "N/A" deviceLocalIp = "N/A" // Get list of all interfaces on the local machine: var ifaddr : UnsafeMutablePointer? guard getifaddrs(&ifaddr) == 0 else { return address } guard let firstAddr = ifaddr else { return address } // For each interface ... for ptr in sequence(first: firstAddr, next: { $0.pointee.ifa_next }) { let flags = Int32(ptr.pointee.ifa_flags) var addr = ptr.pointee.ifa_addr.pointee // Check for running IPv4, IPv6 interfaces. Skip the loopback interface. if (flags & (IFF_UP|IFF_RUNNING|IFF_LOOPBACK)) == (IFF_UP|IFF_RUNNING) { if addr.sa_family == UInt8(AF_INET) || addr.sa_family == UInt8(AF_INET6) { let interfaceName = String.init(cString: &ptr.pointee.ifa_name.pointee) //DDLogInfo("interfaceName:\(interfaceName)") // Convert interface address to a human readable string: var hostname = [CChar](repeating: 0, count: Int(NI_MAXHOST)) if (getnameinfo(&addr, socklen_t(addr.sa_len), &hostname, socklen_t(hostname.count), nil, socklen_t(0), NI_NUMERICHOST) == 0) { if interfaceName == "en0" { deviceLocalIp = String(cString: hostname) address = deviceLocalIp break } //if we don't have address from en0 - try get it from another interface //(but prefer from en0) if address == "N/A" && (interfaceName == "en0" || interfaceName == "en1" || interfaceName == "en2" || interfaceName == "pdp_ip" || interfaceName == "ap1") { deviceLocalIp = String(cString: hostname) address = deviceLocalIp } } } } } freeifaddrs(ifaddr) return address } }For IPv4 it seems to work well.For IPv6 (via Mac's Internet Sharing), I'm getting an IPv6 address, but it's not the address I'm expecting to connect -at the Network I see that my device is connected and has the IP address X and the result I'm getting with this code is address Y.P.S -For debugging, I printed all the IPs, not just the first, and still didn't get the correct one..

I noticed a bug at the Packet Tunnel Provider app for macOS (maybe also for iOS, I didn't test it there it):If I'm configuring a split tunnel, with wildcard match domain (empty string) - the system should consult its DNS server for all domains first, as listed here - https://forums.developer.apple.com/thread/35027Now I've added some searchDomains. When There's no split tunnel, or there's a split tunnel with 'Exclude Routes', everything goes well.But if the split tunnel is configured with 'Include Routes', it seems that the searchDomains aren't added to the DNS queries.For example:Lets say searchDomains contains the postfix 'com'- working scenario: I've defined some routes at the split tunnel exclude, and run ping googlethis worked well and I got results for google.com- not working scenario: I've defined some routes at the split tunnel include, where google is one of those routes.running ping google won't work and I get the error: ping: cannot resolve google: Unknown host

I've upgraded my macOS to Catalina. Then I tried to run via Xcode my macOS VPN app (implemented with Packet Tunnel Provider) -The VPN fails to connect and I see at the Console a lot of errors, such as:Current bundle (/Users/myClientPath/Client.app) does not have a SystemExtensions directoryNESMVPNSession[Primary Tunnel:myDetails:(null)]: Received a start command from myClient[2061]Found 0 (0 active) registrations for com.my.bundle.id.extension (com.apple.networkextension.packet-tunnel) - this msgs repeats several timesNEVPNTunnelPlugin(com.my.bundle.id[794]): Validation of the extension failedNESMVPNSession in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin started with PID 0 error (null)Hub connection error: Error Domain=NSCocoaErrorDomain Code=4097 "connection to service on pid 0 named com.my.bundle.id.extensiondisposingFailed to start extension com.my.bundle.id.extensionNSDebugDescription=connection to service on pid 0 named com.my.bundle.id.extensionHow can I solve it?

I've developed a VPN app for iOS and macOS with Packet Tunnel Provider.Once the VPN is enabled all the traffic should go via the VPN. The VPN is configured to be on demand (isOnDemandEnabled is set), with a rule to always connect.There are some cases where this configuration might cause a problem -When the user goes to a place with a captive portal, the VPN won't be able to connect (because the user will first need to login to the captive portal), but the user also won't be able to login to the captive portal (because all traffic triggers the network extension).In such a case, I need that the captive portal will be shown to the user, and I also need to exclude at least some of the traffic from the VPN, so the user would be able to login to the captive portal (but I don't want to open all traffic, just the traffic needed for the login).Is there any API for those cases? If the answer is no, I'll try to detect this case at the Extension. But I won't be able to open the captive portal from there, so the only thing I would be able to do is to display a message to the user, correct?

I've implemented a VPN app with Packet Tunnel Provider for macOS.To send the packets, I'm using BSD sockets.I noticed that when sending big files (1GB), in most of the time the uploading fails, and the relevant errors I see at the console are the following errors:[Extension com.myExtension]: IPC detached NESMVPNSession[Primary Tunnel:My Company - myUserName:6EF9650B-D1DA-418B-B617-AE0874DDCBD3:(null)] in state NESMVPNSessionStateRunning: plugin NEVPNTunnelPlugin(com.MyContainingApp]) did detach from IPC [NOTICE] : networking grace period is over for #lifetime boringssl_context_message_handler(2257) [C6.1:2][0x1048aeac0] Writing SSL3_RT_ALERT 2 bytes boringssl_context_handle_warning_alert(1892) [C6.1:2][0x1048aeac0] write alert, level: warning, description: close notify boringssl_session_disconnect(539) [C6.1:2][0x1048aeac0] SSL_shutdown 0 nw_flow_disconnected [C6.1 20.185.73.23:443 cancelled socket-flow ((null))] Output protocol disconnected nw_connection_report_state_with_handler_on_nw_queue [C6] reporting state cancelled Connection 6: destroyed nw_protocol_boringssl_remove_input_handler(1012) [C6.1:2][0x1048aeac0] nw_protocol_boringssl_remove_input_handler forced true nw_protocol_boringssl_remove_input_handler(1030) [C6.1:2][0x1048aeac0] Transferring nw_protocol_boringssl_t handle back into ARC for autoreleaseSo I'm guessing it's related to "did detach from IPC" or to "SSL3_RT_ALERT 2 bytes", but what's the next step here? How can I try to figure out what's causing this?P.S: It seems that the VPN stays connected and functional, it's just the uploading that fails.

I've implemented a VPN app for macOS with Packet Tunnel Provider.I've configured it to be onDemand, which should always connect:targetManager?.isOnDemandEnabled = true let onDemandRuleConnect = NEOnDemandRuleConnect() targetManager?.onDemandRules = [onDemandRuleConnectI've also set it to disconnect on sleep:targetManager?.protocolConfiguration?.disconnectOnSleep = trueThe question:From the logs I have I see that the Mac enters sleep mode, so stopTunnelWithReason is called with reason 15 (The device went to sleep and disconnect).Right after that, the VPN status changed to 'Disconnected' (as expected),but then, right after that, the VPN status changed to 'Connecting' - this is probably because of how I set the onDemand, but I'm not sure of it - if the device enters sleep, why does the system starts the VPN again?I think this behavior is causing me some problems.What's the best way to "fix" this?

I've implemented a VPN app for iOS and macOS using Packet Tunnel Provider.I released a macOS testing version for our QA (development distribution).On two different Macs the app works great, but on a third Mac, the app crashes when the extension tries to send local messages using UNUserNotificationCenter.The user chose (at the containing app) to not allow the app to send local notifications.At the extension, I'm trying to send a notification, but AFAIK this code should do nothing if the user didn't allow it. But it shouldn't crash the app.This is the exception:* Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURLAnd those are the logs from the Console:default 11:38:21.516927+0300 nesessionmanager nw_network_agent_add_to_interface_internal Successfully added agent to "utun2" default 11:38:21.517414+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: set configuration completed with result 1 default 11:38:21.517894+0300 MyAppExtension [Extension com.myappname.mac.MyApp.MyAppExtension]: reasserting set to 0 default 11:38:21.518080+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateStarting: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) status changed to connected default 11:38:21.518140+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Leaving state NESMVPNSessionStateStarting default 11:38:21.518189+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Entering state NESMVPNSessionStateRunning default 11:38:21.518235+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: status changed to connected default 11:38:21.519428+0300 configd nw_path_evaluator_start [1AEEC643-2DF1-4261-AC70-E4AB53F87A10 IPv4#e9b1bae6:0 generic, indefinite] path: satisfied (Path is satisfied), interface: utun2, ipv4, dns default 11:38:21.518306+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Updated network agent (active, compulsory, not-user-activiated, not-kernel-activated) default 11:38:21.520052+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)]: Received an IPC establish request from MyApp[506] default 11:38:21.520288+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: received establish IPC message default 11:38:21.521861+0300 neagent Scheduing timer for extension failure/exit for C653C3F5-4B0B-430A-B76A-E3C187F0A116 error 11:38:21.522715+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin interrupted while in use. default 11:38:21.520565+0300 MyAppExtension no registered bundle with URL default 11:38:21.522779+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] terminating default 11:38:21.521476+0300 nesessionmanager NESMVPNSession[Primary Tunnel:My App - someuser_w20.Myqa_bi_weekly:4FBF849B-F210-43B1-B567-43CCCFDA559D:(null)] in state NESMVPNSessionStateRunning: plugin NEVPNTunnelPlugin(com.myappname.mac.MyApp[413]) started with PID 887 error (null) default 11:38:21.520797+0300 MyAppExtension *** Assertion failure in +[UNUserNotificationCenter currentNotificationCenter], /BuildRoot/Library/Caches/com.apple.xbs/Sources/UserNotifications/UserNotifications-281.6/UNUserNotificationCenter.m:44 default 11:38:21.523380+0300 AirPlayXPCHelper PrimaryIPv4 changed: 10.41.183.51 default 11:38:21.521461+0300 MyAppExtension *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'bundleProxyForCurrentProcess is nil: mainBundle.bundleURL file:///private/var/folders/p5/qjrcgyl50fg2g609bmwhy3zm0000gn/T/AppTranslocation/2E09CAAF-06B1-44D4-90DB-E90EA54C806D/d/MyApp.app/Contents/PlugIns/MyAppExtension.appex/' *** First throw call stack: ( 0 CoreFoundation 0x00007fff2cff538b __exceptionPreprocess + 250 1 libobjc.A.dylib 0x00007fff6318a552 objc_exception_throw + 48 2 CoreFoundation 0x00007fff2d01e8b8 +[NSException raise:format:arguments:] + 88 3 Foundation 0x00007fff2f73b221 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191 4 UserNotifications 0x00007fff3a942919 __53+[UNUserNotificationCenter currentNotificationCenter]_block_invoke + 922 5 libdispatch.dylib 0x00007fff6449350e _dispatch_client_callout + 8 6 l<…> default 11:38:21.523612+0300 AirPlayXPCHelper PrimaryIPv6 changed: << AF_UNSPEC >> default 11:38:21.523597+0300 sharingd PrimaryIP changed: IPv4 10.41.183.51, IPv6 << AF_UNSPEC >> error 11:38:21.523062+0300 neagent Extension com.myappname.mac.MyApp.MyAppExtension died unexpectedly default 11:38:21.524744+0300 AirPlayXPCHelper PrimaryIP changed: IPv4 10.41.183.51, IPv6 << AF_UNSPEC >> error 11:38:21.524288+0300 neagent [u 53899132-92DD-4BC5-9C33-D7112356122B:m (null)] [()] Connection to plugin invalidated while in use. default 11:38:21.525151+0300 UserEventAgent Received notification com.apple.system.config.network_change.nwi default 11:38:21.524935+0300 mDNSResponder default 11:38:21.525321+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.525027+0300 mDNSResponder default 11:38:21.525130+0300 mDNSResponder default 11:38:21.525191+0300 mDNSResponder default 11:38:21.525809+0300 UserEventAgent Received notification com.apple.system.config.network_change.dns default 11:38:21.525945+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.525971+0300 mDNSResponder default 11:38:21.526012+0300 mDNSResponder default 11:38:21.526062+0300 mDNSResponder default 11:38:21.526089+0300 mDNSResponder default 11:38:21.526120+0300 mDNSResponder default 11:38:21.526350+0300 mDNSResponder default 11:38:21.526381+0300 UserEventAgent Received notification com.apple.system.config.network_change default 11:38:21.526380+0300 mDNSResponder default 11:38:21.526479+0300 UserEventAgent Not generating a network changed event because no configurations are present that need to react to network changes default 11:38:21.526568+0300 mDNSResponder [Q7731] Sent UDP DNS Message 58 bytes from :56624 to :53 via utun2 (0xf) default 11:38:21.526623+0300 mDNSResponder [Q7731] DNS Query (58) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.526707+0300 mDNSResponder [Q9943] Sent UDP DNS Message 42 bytes from :55555 to :53 via utun2 (0xf) default 11:38:21.526742+0300 mDNSResponder [Q9943] DNS Query (42) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.527012+0300 mDNSResponder [Q14808] Sent UDP DNS Message 59 bytes from :63932 to :53 via utun2 (0xf) default 11:38:21.527050+0300 mDNSResponder [Q14808] DNS Query (59) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.527159+0300 mDNSResponder [R2723] DNSServiceCreateConnection STOP PID[887](MyAppExten) default 11:38:21.527358+0300 mDNSResponder [R2732] DNSServiceCreateConnection STOP PID[99](configd) default 11:38:21.527410+0300 mDNSResponder [R2733] DNSServiceQueryRecord(4000D000, 0, , PTR) STOP PID[99](configd) default 11:38:21.527611+0300 mDNSResponder [R2734] DNSServiceCreateConnection START PID[99](configd) default 11:38:21.527728+0300 mDNSResponder [R2735] DNSServiceQueryRecord(4000D000, 0, , PTR) START PID[99](configd) default 11:38:21.527770+0300 mDNSResponder [R2735->Q60525] GetServerForQuestion: 0x7f8e6d8120b8 DNS server (0x7f8e6be0a940) :53 (Penalty Time Left 0) (Scope None:0x0:-1) for (PTR) default 11:38:21.528040+0300 mDNSResponder [Q60525] Sent UDP DNS Message 43 bytes from :55847 to :53 via utun2 (0xf) default 11:38:21.528074+0300 mDNSResponder [Q60525] DNS Query (43) (flags 0100) RCODE: NoErr (0) RD: 0/0/0 default 11:38:21.528413+0300 UserEventAgent Current file handles for com.apple.networkextension.file-descriptor-maintainer: ( "Network Agent Registration socket (144) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0", "Policy Session MasterSession socket (151)", "Policy Session LowPrioritySession socket (159)", "Network Agent Registration socket (160) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0", "Network Agent Registration socket (161) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0" ) default 11:38:21.528569+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (144) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0 default 11:38:21.528661+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (160) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0 default 11:38:21.528794+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (161) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0 default 11:38:21.529865+0300 UserEventAgent Current file handles for com.apple.networkextension.file-descriptor-maintainer: ( "Network Agent Registration socket (162) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0", "Policy Session MasterSession socket (163)", "Policy Session LowPrioritySession socket (164)", "Network Agent Registration socket (165) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0", "Network Agent Registration socket (167) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0x1" ) default 11:38:21.530236+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (162) 76B85C01-4206-46A4-ABDD-9E4C4AC0A326 E9D4862E-136E-4149-83CA-2FCCFC2CF016 1 (null) agent flags 0 default 11:38:21.530342+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (165) CECBD9A6-2BC0-429E-ACB8-593CAB46A8C6 95893C68-DAB9-427C-A0A6-B95CCDA2CA9F 1 (null) agent flags 0 default 11:38:21.530534+0300 UserEventAgent File Handle Maintainer listening for readable events on Network Agent Registration socket (167) 4FBF849B-F210-43B1-B567-43CCCFDA559D 71688951-856F-4617-A59E-9D4B71D812AE 1 (null) agent flags 0x1 default 11:38:21.530710+0300 accountsd " () received" default 11:38:21.531075+0300 dmd Detected network change default 11:38:21.531177+0300 dmd Detected network change default 11:38:21.532351+0300 sharingd "The connection to ACDAccountStore was invalidated." default 11:38:21.533299+0300 nsurlsessiond received network changed event default 11:38:21.533770+0300 nsurlsessiond received network changed event default 11:38:21.536451+0300 symptomsd SCDynamicStore config_callback: k: State:/Network/Global/DNS default 11:38:21.536562+0300 symptomsd SCDynamicStore key: State:/Network/Global/DNS, interfaces: { } default 11:38:21.539227+0300 dmd Detected network change default 11:38:21.540195+0300 ReportCrash Parsing corpse data for pid 887 default 11:38:21.541575+0300 ReportCrash Parsing corpse data for process MyAppExtens [pid 887] error 11:38:21.543133+0300 ReportCrash Invalid receipt [0 bytes] -- [] error 11:38:21.685096+0300 kernel Sandbox: bluetoothd(142) deny(1) mach-lookup com.apple.server.bluetooth default 11:38:22.016202+0300 CommCenter #I On WiFi: true On Cellular: false

I've implemented a custom VPN app for macOS (using Packet Tunnel Provider). I set includeAllNetworks at the protocolConfiguration. When this field is set, I can't connect and I can't send traffic even at the extension. Even simple calls at the extension, like getaddrinfo or curl fails. If I'm unsetting this variable (includeAllNetworks = false) then I can connect without a problem. In addition I can see those lines at the Xcode Console: Connection 2: encountered error(1:53) Connection 3: encountered error(1:53) Connection 1: encountered error(1:53) And those lines at the Console: No mDNS_Keepalive for interface en8/IOSkywalkLegacyEthernetInterface kr 0xE00002C0 NetWakeInterface: en8 <private> no WOMP uDNS_CheckCurrentQuestion: host unreachable error for DNS server <private> for question failed to send packet on InterfaceID 0x5 en8/4 to <private>:53 skt 74 error -1 errno 65 (No route to host) 

I've implemented a VPN app (using Packet Tunnel Provider) for iOS and for macOS. I have the com.apple.managed.vpn.shared keychain access group. Is it possible to read all the digital identities installed on the device? I read the documentation but I didn't understand if I can get only the digital identities installed via MDM and only if it's done with the same profile which installed the VPN payload, or if I can read all the digital identities including those which were installed via mail. see eskimo's reply - https://developer.apple.com/forums/thread/66149?answerId=240279022#240279022 and documentation - https://developer.apple.com/library/archive/qa/qa1745/_index.html If it's possible to read the digital identities, how can I do it should I call something like 'SecItemCopyMatching' (see example code - https://developer.apple.com/forums/thread/66149), or something like 'reading in a PKCS#12-formatted blob and then importing the contents of the blob into the app's keychain using the function SecPKCS12Import' like it's written at the documentation - https://developer.apple.com/library/archive/qa/qa1745/_index.html