Hello ,
I'm working on a macOS application involving a Packet Tunnel Extension and have encountered a few issues. I would appreciate any help or insights from the community.
- System Extension Not Activated:
- Despite the system extension activation request (OSSystemExtensionRequest) appearing successful, the system extension is not fully activating.
- Error log shows: Failed to create LSApplicationRecord for file:///Library/SystemExtensions/.../: 'The operation couldn’t be completed. (OSStatus error -10811.)'
- VPN Connection Timeout:
- When attempting to start the VPN connection, the connection status remains stuck at "Connecting" and does not enter the PacketTunnelProvider's startTunnel method.
- Error log shows: NESMVPNSessionStateStarting, with connection timing out (300 seconds).
- System Extension Entitlements Issue:
- In the system extension's entitlements file, I have included relevant configuration items, such as com.apple.security.application-groups and com.apple.security.system-extension.
- Despite the correct configuration, the error log still shows that the com.apple.security.application-groups entitlement is not satisfied.
Here is the configuration from the system extension's entitlements file:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.developer.networking.networkextension</key>
<array>
<string>packet-tunnel-provider</string>
<string>app-proxy-provider</string>
<string>content-filter-provider</string>
<string>dns-proxy</string>
</array>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.security.app-sandbox</key>
<true/>
<key>com.apple.security.application-groups</key>
<array>
<string>$(TeamIdentifierPrefix)com.mytest.client.macos.shared</string>
</array>
<key>com.apple.security.network.client</key>
<true/>
<key>com.apple.security.network.server</key>
<true/>
</dict>
</plist>
- App Groups in Developer Account:
- In Xcode, the App Group identifier starts with the team code, such as $(TeamIdentifierPrefix)com.mytest.client.macos.shared.
- However, on the Apple Developer website, I can only add App Groups that start with group. rather than those with the team code prefix.
Summary:
- The system extension is not fully activating, and the VPN connection remains stuck in the connecting state.
- The entitlements file configuration does not seem to be applied correctly.
- The discrepancy between Xcode and the Developer website regarding App Group identifiers is causing confusion.
I have reviewed the entitlements file and the application's provisioning profile to ensure they match. Any advice or shared experiences from those who have faced similar issues would be greatly appreciated!
Thank you!