macOS 15 Network Extension Incompatibilities?

Looking for any guidance / insight / technical details from Apple

I’d like to clarify your role in this conversation. Are you the developer of one of these tools?

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

It’s better if you reply as a reply; if you reply in the comments, I may not see it. See Quinn’s Top Ten DevForums Tips for this and more titbits.

Yes, I am the developer of LuLu

Cool.

I’m not really sure how to respond to your original post. My general advice falls into two categories.

Firstly, it’s important that you test your product on beta OS releases as we seed them. If you encounter a situation where things work on OS N and fail on OS N+1 beta, the best time to file a bug about that is before OS N+1 is released.

Secondly, if your testing doesn’t indicate any issues but you get reports of problems from the field, you’d handle that like any other hard-to-reproduce issue. Ideally you’d work with the user reporting the problem to understand what’s unique about their configuration that triggers the issue. Then you can try reproducing it yourself. If you can, that makes it easier to file an actionable bug report.

If you aren’t able to reproduce the problem, things get harder. I have general advice on that front in Using a Sysdiagnose Log to Debug a Hard-to-Reproduce Problem.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Thanks for the reply 🙏🏽

"I’m not really sure how to respond to your original post"

Understandable if this isn't something you can't confirm, but really was just looking for a confirmation from Apple that:

1. This is a known (macOS 15) issue
2. Something changed in the Network Extension API/subsystem (requiring updates too 3rd-party tools)
3. None of the above (meaning, a bug in LuLu)

My goal of this post, was also to help Apple understand this appears to be a widespread issue, as at this point I'm confident it's #1, as this is something impacting everybody who utilizes a network filter 🫠 I've seen tech reports/bulletins from CrowdStrike, ESET, Microsoft Defender and many others (VPNs, etc). I'm not able to post the links here, but a search on Reddit, or in the "Mac Admins" Slack Channel will quickly pull them up.

I've have a problem with VPN since macos 15 upgrade, I have M$ Defender too and once I've build our project using xcode, once it finished, it always disconnect VPN, it restarts whole network system and everything was gone, I was unable to deploy to a real device, and I was unable to keep alive VPN for simulators.

However after whole day investigation I've found a workaround, just not to use WiFi instead of it I found in the drawer the old a USB Ethernet and a USB A->C reduction ... and now everything work just fine!! So seems to be broken only wifi subsystem, so from my point of view, it is definitely an apple bug.

I'm not able to post the links here

Yes you are. See tip 14 in Quinn’s Top Ten DevForums Tips.

really was just looking for a confirmation from Apple that:

All three of those things could be simultaneously true!

Again, it’s hard to comment on stuff without specific examples. But, in general, NE products that use the API correctly should work on macOS 15. There has been no overarching change, like the NKE-ectomy on macOS 10.15.

However, both the “correctly” and the “should” in the above are ‘load bearing’. They allow lots of scope for bugs in the NE product and in macOS 15, respectively.

My goal of this post, was also to help Apple understand this appears to be a widespread issue

DevForums isn’t really the right place for that. The correct way to report stuff like this is by filing a bug in Feedback Assistant.

And such a bug is likely to get more traction if it’s specific. Filing a bug that says “everything NE related is broken” is unlikely to help. Filing a bug that says “my product in this specific configuration works in macOS 14 but fails in macOS 15” is better. And it’s better yet if you can include info about how that failure is presenting to your product, that is, what NE API is misbehaving and how.

If you do file a bug about this, please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"