I've implemented a custom VPN system extension for macOS, utilizing Packet Tunnel Provider.
One of the users reported a problem: he was connected to the VPN, and then his Mac entered sleep mode. Upon waking, the VPN is supposed to connect automatically (because of the on-demand rules). The VPN's status changed to 'connecting', but it remained stuck in this status.
From my extension logs, I can see that the 'startTunnelWithOption()' function was called 2 minutes after the user clicked the 'connect' button.
From the system logs, I noticed some 'suspicious' logs, but I can't be sure if they are related to the problem. Some of them are:
kernel: (Sandbox) Sandbox: nesessionmanager(562) deny(1) system-fsctl (_IO "h" 47)
entitlement com.apple.developer.endpoint-security.client not present or not true (I don't need this entitlement at the extension)
nesessionmanager: [com.apple.networkextension:] NESMVPNSession[Primary Tunnel:XXXXXX(null)]: Skip a start command from YYYYY:session in state connecting
NetworkExtension.com.***: RunningBoard doesn't recognize submitted process - treating as a anonymous process
sysextd: activateDecision found existing entry of same version: state activated_enabled, ID FAE...
Are any of the logs related to the above problem? How can I debug such issues? What info should I get from the user?
Not necessarily. runningboardd is primarily concerned with apps and app extensions. You’re creating a system extension, which isn’t known to runningboardd until it does something that triggers it to check in.
Yeah, that makes it hard. You can ask them enable additional logging per the VPN (Network Extension) for macOS instructions on our Bug Reporting > Profiles and Logs page. You can then focus on the com.apple.networkextension subsystem, which is the most likely source of relevant info here.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"