Does NETunnelProvider (Packet Tunnel) require a special entitlement for App Store VPN apps?

Question

Created 4d

Replies 1

Boosts 0

Participants 2

I’m working on an iOS VPN app and looking into using NETunnelProvider (Packet Tunnel) for the VPN implementation.

From the documentation it seems that Packet Tunnel is required for VPN protocols like OpenVPN, but the Packet Tunnel capability doesn’t appear to be available by default.

Does using NETunnelProvider / Packet Tunnel require a special entitlement to be enabled by Apple for App Store apps?

If so, what is the general process for requesting or enabling that entitlement?

Answered by DTS Engineer in 874175022

Does using NETunnelProvider / Packet Tunnel require a special entitlement … ?

No.

The com.apple.developer.networking.networkextension entitlement is restricted but not managed. That is:

It must be authorised by a provisioning profile.
Any developer in a paid team can enable the Network Extensions capability on their App ID and thus create a profile that authorises its use.

There’s some backstory to this, and a few edge cases. If you’re curious, read Network Extension Framework Entitlements.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Boost

Answer 1

DTS Engineer OP

Apple

3d

Recommended

Does using NETunnelProvider / Packet Tunnel require a special entitlement … ?

No.

The com.apple.developer.networking.networkextension entitlement is restricted but not managed. That is:

It must be authorised by a provisioning profile.
Any developer in a paid team can enable the Network Extensions capability on their App ID and thus create a profile that authorises its use.

There’s some backstory to this, and a few edge cases. If you’re curious, read Network Extension Framework Entitlements.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

0