PacketTunnelProvider gets corrupted when app updated with connected Tunnel

Question

Created 2w

Replies 6

Boosts 1

Participants 3

We currently supporting proxy app with Tunnel.appEx and PacketTunnelProvider. Some users report about constant error "The VPN session failed because an internal error occurred." on VPN start (which fails rapidly). This error occur mostly after user updated app with active VPN. Rebooting device solves the problem and it doesnt come again, but it is still very frustrating. I can provide any required info about app setup to solve this issue if you need. Thanks

Answered by DTS Engineer in 855071022

OK, cool. That makes this somewhat easier. macOS has a lot more degrees of freedom, so it’d more likely that you might be doing something to cause this issue. In contrast, the iOS update process is much more constrained, so it’s unlikely that this is an issue at your end. That’s even less likely given that it only occurs for some users and a restart clears the issue.

When this fails, does your code run at all? In Debugging a Network Extension Provider I talk about about adding a ‘first light’ log point to your provider. Do you have one of these? If not, add one. Then see if that shows up in the system log.

I’m presuming that you can’t reliably reproduce this problem. That is, you get reports of it from users in the field but rarely see it in your own internal testing. If so, that makes debugger a lot harder. Ideally you’d want to:

Install the VPN (Network Extension) debug profile.
Capture a sysdiagnose log taken shortly after the problem.

That has two benefits. First, it’ll capture your log entries, and the presence or absence of your ‘first light’ log entry will tell you whether your code is running at all. Second, in the likely event that your code didn’t run, the sysdiagnose log will form the nucleus of your bug report about this issue.

However, this is hard to do in cases like this. I have some general thoughts about this in Using a Sysdiagnose Log to Debug a Hard-to-Reproduce Problem, but the more sophisticated stuff, described in the Prompting for a Sysdiagnose Log section, won’t work if your code isn’t running.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

maksmart OP

2w

Also when tunnel stops with reason my app writes log with stop reason in txt file. But after app update with connected vpn there is no information about stop reason in log.

0

Answer 2

DTS Engineer OP

Apple

2w

What platform is this on?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 3

maksmart OP

2w

iOS related

0

Answer 4

DTS Engineer OP

Apple

2w

Recommended

OK, cool. That makes this somewhat easier. macOS has a lot more degrees of freedom, so it’d more likely that you might be doing something to cause this issue. In contrast, the iOS update process is much more constrained, so it’s unlikely that this is an issue at your end. That’s even less likely given that it only occurs for some users and a restart clears the issue.

When this fails, does your code run at all? In Debugging a Network Extension Provider I talk about about adding a ‘first light’ log point to your provider. Do you have one of these? If not, add one. Then see if that shows up in the system log.

I’m presuming that you can’t reliably reproduce this problem. That is, you get reports of it from users in the field but rarely see it in your own internal testing. If so, that makes debugger a lot harder. Ideally you’d want to:

Install the VPN (Network Extension) debug profile.
Capture a sysdiagnose log taken shortly after the problem.

That has two benefits. First, it’ll capture your log entries, and the presence or absence of your ‘first light’ log entry will tell you whether your code is running at all. Second, in the likely event that your code didn’t run, the sysdiagnose log will form the nucleus of your bug report about this issue.

However, this is hard to do in cases like this. I have some general thoughts about this in Using a Sysdiagnose Log to Debug a Hard-to-Reproduce Problem, but the more sophisticated stuff, described in the Prompting for a Sysdiagnose Log section, won’t work if your code isn’t running.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0

Answer 5

developer2024 OP

1w

We have a similar issue where sometimes after reinstalling or updating our app the packet tunnel provider fails to start until the phone is rebooted.

We see the same "The VPN session failed because an internal error occurred." line when inspecting the sysdiagnose logs but also see these errors:

Service could not initialize: access(/private/var/containers/Bundle/Application/5C3DA870-60A6-4A6A-ABF2-2769EA06E069/VPNApp.app/PlugIns/VPNTunnel.appex/VPNTunnel, X_OK) failed with errno 2 - No such file or directory, error 0x6f - Invalid or missing Program/ProgramArguments

My guess is the OS is trying to reference the extension in a directory that no longer exists after reinstalling/updating?

Here are the links to our previous thread and feedback report for your reference:

https://developer.apple.com/forums/thread/763485

FB13714761

0

Answer 6

DTS Engineer OP

Apple

1w

Thanks for the reminder.

@maksmart , It’d still be helpful getting a bug report from you. The fact that this is happening to multiple diferent apps is relevant.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0