Our app uses NEVPNManager with IPsec to create VPN. Full tunnel is working fine both with NEVPNManager API and profile created using Apple Configurator. Now, we are trying to create split tunnel using the same. Apple Configurator created profile is working when DNS Supplemental Match domains is set to empty string. But we couldn't find the equivalent to the DNS Supplemental Match domains in the NEVPNManager API. In NEVPNManager config, all DNS is routing to the default route instead of VPN. Can you please help us on this?

We are using CoreTelephony's CTTelephonyNetworkInfo to access Carrier information such as carrierName, mobileNetworkCode, mobileCountryCode and CTTelephonyNetworkInfo().subscriberCellularProviderDidUpdateNotifier to know whether any event has occurred in the sim. We are using these above data for the Sim Binding process of UPI for our Financial App as per the requirement from NPCI(RBI). Now that these are deprecated, what is the appropriate or alternative way to get these details?

Hey, I'm currently developing an app that uses NEHotspotConfigurationManager to connect to and disconnect from a WiFi network based on user actions. I'm using the following code to connect and disconnect: Connect let configuration = NEHotspotConfiguration(ssid: ssid, passphrase: password, isWEP: false) configuration.joinOnce = true NEHotspotConfigurationManager.shared.apply(configuration) { (error) in if let error = error { print("Error connecting to WiFi network: \(error.localizedDescription)") } else { self.lastSSID = ssid } } Disconnect NEHotspotConfigurationManager.shared.removeConfiguration(forSSID: self.lastSSID) The issue I'm encountering is that the app successfully connects to the WiFi network and disconnects properly the first time. However, after connecting again, the second disconnect attempt fails to disconnect from the WiFi network. I found a similar bug report from 2020 that mentioned this issue. The suggested workaround involved setting joinOnce = false, which is not suitable for my app's requirements.

Hi! I have been working on one idea for a while but can't figure out the proper way to do that. My app includes Content Filter and DNSProxy providers for filtering logic. And for the NEFilterSocketFlow everything works well, because the connection is first handled from DNSProxy and if it's blocked, NEFilterDataProvider returns datagrams that I wrote from DNSProxy (I return nxdomain). However, for NEFilterBrowserFlow it doesn't work, because webkit generated flows are for some reason intercepted by Content Filter first and at the time when the flow is checked for rules, there're none yet as DNSProxy didn't handle connection yet. So the app returns the following behaviour: In case the requested domain is not filtered by DNSProxy, the user is able to visit requested page, but if it's filtered, the flow just freezes and the page will never load for user. But I wanted to add proper handling and display block page. In case I am using some third-party apps for testing like ICS Dig, filtered domains return nxdomain properly. Not sure if there's a way to achieve desired result, but would be very grateful for any suggestions

Forward posting from the Swift Forums. Within my iOS project (thesis project) I have set up a MITM server that is being sent data from a Packet Tunnel Provider. I am currently seeing that all IPv6 requests aren't able to have their IP address resolved when passed to Swift NIO that uses the default system DNS resolver. On the Packet Tunnel Provider, I have set it to use the DNS's 8.8.8.8 and 8.8.4.4 that are also the system defaults. I have also attempted to use my routers DNS routing to no avail. Both v4 and v6 traffic are proxied to the MITM server that uses Swift NIO, with v4 traffic successfully being processed on ingress and egress as intended. IPv6 traffic is failing to resolve with the following error: dev.thesis.apps.LocalProxyServer.ConnectHandler : [LocalPacketTunnelProvider] Connect failed: NIOConnectionError(host: "ipv6.mythic-beasts.com", port: 443, dnsAError: Optional(NIOCore.SocketAddressError.unknown(host: "ipv6.mythic-beasts.com", port: 443)), dnsAAAAError: Optional(NIOCore.SocketAddressError.unknown(host: "ipv6.mythic-beasts.com", port: 443)), connectionErrors: []) ipv6.mythic-beasts.com for the purposes of this is just a test website I am using that only has a AAAA record associated with it: When not connected to the Packet Tunnel Provider, the website is successfully resolved and can be viewed within the browser - so I have narrowed it down to either the server or tunnel configuration. The server uses the GetaddrinfoResolver, that utilises the iOS's system default DNS resolver. This should conform to necessary RFC. Could anyone provide me with a reason why this could be happening and if possible a link to a resource that could assist with remediating the issue? I'll be the first to admit this isn't my forte so would appreciate some support if possible. I am aware that this isn't an expected use cases for Network Extension packet tunnel providers (as per TN3120). I'm just concerned as IPv4 DNS records are resolving but IPv6 aren't so wondering if this is a wider issue. would expect the system DNS resolver to still work as intended though.

Due to some challenging corporate network firewall, security filters and certificate management, I would like to implement a TLS server where it initiates the TCP connection to the client side so that once TCP is connected, the client side sends its Client Hello message. Everything then continues as expected. The connection would use Bonjour to locate the TLS client endpoint that is hosted on iOS. The TLS server will be hosted on MacOS. Swapping the normal tcp listener as TLS server will help with certificate management as the Mac will have the server cert installed and the iOS device will have the client cert installed.

I have an application that uses Bonjour to communicate with other instances of the app on other devices. If I start an NWBrowser and the user has "Local Network" turned off for my app, the stateUpdateHandler for the browser gets .waiting with an error containing the string "PolicyDenied." This lets me show an alert to the user explaining what's happening, with a link to the app's Settings screen. But if I use NWListener (the counterpart of NWBrowser) and have "Local Network" turned off, there's no indication of any problem. After I start the listener, stateUpdateHandler is called with .ready as the state - even though it's not really ready to listen at all. The FAQ for Local Network Privacy suggests that any Bonjour operation will raise kDNSServiceErr_PolicyDenied if Local Network is off. However, in my application, that only seems to be true for browsing, not listening. Is there a way to detect a missing Local Network entitlement for NWListener? I know there are solutions involving sending a message to localhost, etc, but ideally there would be something simpler.

Hi all, My co-worker today noticed that on his Mac running a beta of Sequoia, the IPv6 multicast functionality of our application was no longer working. This same executable works fine under Sonoma and earlier versions of MacOS, and has worked fine for a number of years. Under Sequoia, however, calls to sendto() a packet to an IPv6-link-local-multicast address (e.g. ff12::bead:cede:deed:feed, preceeded by a call to setsockopt(fd, IPPROTO_IPV6, IPV6_MULTICAST_IF, ...) to specify the appropriate network interface index) return -1 and set errno to EHOSTUNREACH aka "No route to host". The interesting thing about it is, this problem only occurs if we launch our app by double-clicking on its icon; if we instead run the app from Terminal (e.g. by entering ./MyApp.app/Contents/MacOS/MyApp), the multicast functionality works as expected. Our app is signed and notarized in all the usual expected ways. My question is, is this "just" a networking regression in the Sequoia beta, or is there some new requirement in macOS/Sequoia for IPv6-link-local-multicast-using apps to have a multicast entitlement (a la iOS) or something?

My Situation: I use the process 'socketfilterfw' related to the firewall. However, in macOS 15, the result message was different from previous versions. Some messages have only a few changes. However, the option '--listapps' has many changes. In previous version, the option showed results, including the path of each application. However, this is not the case with macOS 15. It only shows the name and status of the application. The list only shows the name and current status of the application. The results of this list alone cannot change the policy. I think this is a bug. I think we should let them know the absolute path of the application in the list, or we should be able to change the policy just with the name of the application. My Question: I wonder if these changes are intentional, and I want to get an absolute path for each application additionally, so I wonder what method to take. Terminal input : $ /usr/libexec/ApplicationFirewall/socketfilterfw --listapps Previous macOS result —————————————————————————————— ALF: total number of apps = 5 1 : /Applications/Google Chrome.app ( Block incoming connections ) 2 : /usr/sbin/smbd ( Block incoming connections ) 3 : /Applications/FaceTime.app ( Block incoming connections ) 4 : /Applications/Safari.app ( Allow incoming connections ) 5 : /usr/sbin/cupsd ( Allow incoming connections ) —————————————————————————————— In macOS 15, result —————————————————————————————— 2024-06-24 16:21:15.599 socketfilterfw[2988:52866] ApplicationFirewall::AFGetAllApplications() processing response dictionary Total number of apps = 5 Google Chrome.app (state: 4) smbd (state: 4) FaceTime.app (state: 4) Safari.app (state: 1) cupsd (state: 1) —————————————————————————————— On macOS 15 —————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp FaceTime.app —————————————————————————————— 2024-06-24 16:51:59.091 socketfilterfw[3185:69041] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { Result = 1; } —————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /System/Applications/FaceTime.app —————————————————————————————— 2024-06-24 16:52:34.093 socketfilterfw[3186:69310] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { ErrorMessage = "vendor config update success"; Result = 1; } ——————————————————————————————

My Situation: I use the process 'socketfilterfw' related to the firewall. However, in macOS 15, the result message was different from previous versions. Some messages have only a few changes. However, the option '--listapps' has many changes. In previous version, the option showed results, including the path of each application. However, this is not the case with macOS 15. It only shows the name and status of the application. The list only shows the name and current status of the application. The results of this list alone cannot change the policy. I think this is a bug. I think we should let them know the absolute path of the application in the list, or we should be able to change the policy just with the name of the application. My Question: I wonder if these changes are intentional, and I want to get an absolute path for each application additionally, so I wonder what method to take. Terminal input : $ /usr/libexec/ApplicationFirewall/socketfilterfw --listapps Previous macOS result —————————————————————————————————— ALF: total number of apps = 5 1 : /Applications/Google Chrome.app ( Block incoming connections ) 2 : /usr/sbin/smbd ( Block incoming connections ) 3 : /Applications/FaceTime.app ( Block incoming connections ) 4 : /Applications/Safari.app ( Allow incoming connections ) 5 : /usr/sbin/cupsd ( Allow incoming connections ) —————————————————————————————————— On macOS 15, result —————————————————————————————————— 2024-06-24 16:21:15.599 socketfilterfw[2988:52866] ApplicationFirewall::AFGetAllApplications() processing response dictionary Total number of apps = 5 Google Chrome.app (state: 4) smbd (state: 4) FaceTime.app (state: 4) Safari.app (state: 1) cupsd (state: 1) —————————————————————————————————— —————————————————————————————————— —————————————————————————————————— On macOS 15 —————————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp FaceTime.app —————————————————————————————————— 2024-06-24 16:51:59.091 socketfilterfw[3185:69041] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { Result = 1; } —————————————————————————————————— Terminal input: % /usr/libexec/ApplicationFirewall/socketfilterfw --unblockapp /System/Applications/FaceTime.app —————————————————————————————————— 2024-06-24 16:52:34.093 socketfilterfw[3186:69310] ApplicationFirewall::AFSetAppStateByPath() result: 1 response: { ErrorMessage = "vendor config update success"; Result = 1; } ——————————————————————————————————

Hello, I'm experiencing an issue with enabling a Content Filter Network Extension from a command line tool. When I call the LoadFromPreferences method on NEFilterManager.shared() the completion handler is not called. I've tried this with a simple semaphore and tried running it on a RunLoop, but none of this works. Any help would be appreciated. I've tried adding a small demo project illustrating the issue, but the add file option does not seem to work. I'll paste the code here: Semaphore Demo class SemaphoreDemo { let filterManager = NEFilterManager.shared() var semaphore = DispatchSemaphore(value: 0) func demo() { print("Semaphore demo") self.filterManager.loadFromPreferences { (error) in print("Load from preferences callback") if let error = error { print("ERROR \(error.localizedDescription)") return } let config = NEFilterProviderConfiguration() config.filterDataProviderBundleIdentifier = "BUNDLE_IDENTIFIER" config.filterSockets = true self.filterManager.isEnabled = true self.filterManager.localizedDescription = "LOCALIZED_DESCRIPTION" self.filterManager.providerConfiguration = config self.filterManager.saveToPreferences { (error) in if let error = error { print("ERROR \(error.localizedDescription)") } else { print("SUCCESS") } self.semaphore.signal() } } self.semaphore.wait() } } class RunloopDemo { let filterManager = NEFilterManager.shared() func demo() { print("Runloop demo") let currentRunLoop = CFRunLoopGetCurrent() // let currentRunLoop = CFRunLoopGetMain() self.filterManager.loadFromPreferences { [weak currentRunLoop] (error) in print("Load from preferences callback") if let error = error { print("ERROR \(error.localizedDescription)") return } let config = NEFilterProviderConfiguration() config.filterDataProviderBundleIdentifier = "Bundle IDENTIFIER" config.filterSockets = true self.filterManager.isEnabled = true self.filterManager.localizedDescription = "LOCALIZED DESCRIPTION" self.filterManager.providerConfiguration = config self.filterManager.saveToPreferences { (error) in if let error = error { print("ERROR \(error.localizedDescription)") } else { print("SUCCESS") } CFRunLoopStop(currentRunLoop) } } CFRunLoopRun() } } The callback is never called. Thanks.

Hi, I have a package which is signed and notarized. Still I get the warning message to "Allow/Deny" the "Accept incoming network connections" when I launch the application. I could see that the application is present in the firewall exceptions list. Please find the attached screen shots. regards Prema Kumar

On macOS 15, if a program installed in /Applications is allowed to connect to a PostgreSQL server on another machine on the local network, a program launched in debug mode from Xcode is not allowed to connect to the local network, and no prompt appears. Although it is possible to turn off registered programs in Local Network Privacy in Beta 2, permissions for programs launched from Xcode cannot be obtained at all. Does anyone know how to solve this problem?

I am updating a universal app for release on iOS 17+ devices using Xcode15.2 and Solar2d v3708. The last release was 7 years ago. The app connects to the local network and used a custom UDP protocol to connect to and control specific hardware devices. The protocol involves transmitting and receiving both broadcast and unicast messages to/from IPV4 capable proprietary devices on the local network. When I run the app in the Solar2d simulator and when I run the current version installed from the App store on my iPad, communications work well. When I build the same code into a new development build and transfer it to my iPad, I found that attempts to send broadcast messages are failing. When I print out the error returned from the socket interface to the console, I see the message is "No Route to Host". I requested multicast capability from Apple and when it appeared on my development portal I updated the App Id to include the multicast entitlement. I updated the development profile to include our new 6th gen IPad and the updated AppID. I downloaded and installed the development profile. That new profile is what I am selecting / using to sign the app. I am using lua socket library to send broadcast messages I created a very basic project with just the basic networking code example and built this for my iPad the results are the same. local socket = require("socket") local main, errorMain = socket.udp6() main:setoption('broadcast', true) local ack, mError = main:sendto("", "::FFFF:255.255.255.255", 3100) print("My Debug Message: Main sending - " .. (ack or "nil") .. ", Error : " .. (mError or "None")) I also tried modifying my code to use udp4 as follows and the results were the same. local socket = require("socket") local main, errorMain = socket.udp4() main:setoption('broadcast', true) local ack, mError = main:sendto("", "255.255.255.255", 3100) print("My Debug Message: Main sending - " .. (ack or "nil") .. ", Error : " .. (mError or "None")) console output: My Debug Message: Main sending - nil, Error : No route to host Any help or insight would be greatly appreciated.

Is there a way to gather an IP address programmatically that is still acceptable by privacy standards? I see a lot of talk about using getifaddrs() but most of those threads are very old and there doesnt seem to be a lot of other options

Hello, I am looking into the newly announced Accessory Setup Kit and I'd like to replace my manual WiFi connection setup with it, but I cannot find a way how to specify WiFi password when configuring ASDiscoveryDescriptor, only ssid or ssidPrefix can be specified? Is it really not possible to connect to WiFi with password with this new framework? That kind of makes it unusable for my use case :( Since the accessory has password.

Hi, We are developing react native app, and we are having issue with ATS policy in production build distributed to TestFlight internal testing, requests to https are being killed. The preview build ad-hoc distribution is working fine. (I am testing the app on physical device) I will described what I've tried and supply you with logs from different tools. I tried to disable ATS - requests are working enable ATS (no change to default config) - requests are failing with following error Task <55618987-64A8-4C04-9B00-2EFF074D796C>.<1> finished with error [-1022] Error Domain=NSURLErrorDomain Code=-1022 "The resource could not be loaded because the App Transport Security policy requires the use of a secure connection." UserInfo={NSLocalizedDescription=The resource could not be loaded because the App Transport Security policy requires the use of a secure connection., NSErrorFailingURLStringKey=<private>, NSErrorFailingURLKey=<private>, _NSURLErrorRelatedURLSessionTaskErrorKey=<private>, _NSURLErrorFailingURLSessionTaskErrorKey=<private>, NSUnderlyingError=0x30127bb10 {Error Domain=kCFErrorDomainCFNetwork Code=-1022}} I tried to check server if it had met ATS requirements and ran ats-diagnostic ./TLSTool s_client -connect api.rankacy.com:443 * input stream did open * output stream did open * output stream has space * protocol: TLS 1.2 * cipher: ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 * trust result: unspecified * certificate info: * 0 + ecPublicKey 256 ecdsa-with-SHA384 'api.rankacy.com' * 1 + ecPublicKey 384 sha256-with-rsa-signature 'E6' * 2 + rsaEncryption 4096 sha256-with-rsa-signature 'ISRG Root X1' nscurl https://api.rankacy.com/ --verbose --ats-diagnostics Starting ATS Diagnostics Configuring ATS Info.plist keys and displaying the result of HTTPS loads to https://api.rankacy.com/. A test will "PASS" if URLSession:task:didCompleteWithError: returns a nil error. ================================================================================ Default ATS Secure Connection --- ATS Default Connection ATS Dictionary: { } Result : PASS --- ================================================================================ Allowing Arbitrary Loads --- Allow All Loads ATS Dictionary: { NSAllowsArbitraryLoads = true; } Result : PASS --- ================================================================================ Configuring TLS exceptions for api.rankacy.com --- TLSv1.3 ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.3"; }; }; } Result : PASS --- --- TLSv1.2 ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; }; }; } Result : PASS --- --- TLSv1.1 ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; }; }; } Result : PASS --- --- TLSv1.0 ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions for api.rankacy.com --- Disabling Perfect Forward Secrecy ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring PFS exceptions and allowing insecure HTTP for api.rankacy.com --- Disabling Perfect Forward Secrecy and Allowing Insecure HTTP ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled for api.rankacy.com --- TLSv1.3 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.3"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.2 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- ================================================================================ Configuring TLS exceptions with PFS disabled and insecure HTTP allowed for api.rankacy.com --- TLSv1.3 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.3"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.2 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.2"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.1 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.1"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- --- TLSv1.0 with PFS disabled and insecure HTTP allowed ATS Dictionary: { NSExceptionDomains = { "api.rankacy.com" = { NSExceptionAllowsInsecureHTTPLoads = true; NSExceptionMinimumTLSVersion = "TLSv1.0"; NSExceptionRequiresForwardSecrecy = false; }; }; } Result : PASS --- I am running out of ideas. Also it's hard to test because the preview ad-hoc build is working fine. So only after submitting the app to TestFlight I am having this issue Looking for your response Martin

We have found a VPN that does not work while our TPP is running, and I have a hypothesis why, and it does not make any sense. It only fails when our TPP asks for UDP flows. Their VPN claims to fail at a DNS query, but it's getting EPIPE (this is Twingate for the curious). Looking at all the logs I can on the system, including dtruss and dtrace, I see that it does a sendto, and gets that errno. I can't, of course, determine more. By adding more logging, I can see that their VPN tunnel provider tries to open up a UDP flow to 8.8.8.8 port 53. First red flag: I did not think we were supposed to get DNS queries -- my guess is that only means for apps that use the system DNS libraries, implying (to me) that this VPN has their own DNS code. We look at the app name, and decide we don't care for it -- handleNewUDPFlow(_:initialEndpoint:) returns false/NO. I see this in the system logs: 2024-06-26 11:06:56.342680+0100 0x300c839 Default 0x0 40823 0 ${us}.Redirector: (NetworkExtension) [com.apple.networkextension:] [Extension ${us}]: provider rejected new flow UDP ${them}.macos.tunnelprovider[{length = 20, bytes = 0xca1b405e014154c2e38e20159d033f9b2d3eea18}] local port 0 interface en0(bound) which is all correct. But then the very next log entry is 2024-06-26 11:06:56.342717+0100 0x300cc14 Info 0x0 0 0 kernel: (399482302): received connect result 61 which, there you go, ECONNREFUSED which will be turned into EPIPE by sendto. (ETA: No, that's not what happens at all. I see other port 53 queries in my logs, and they follow the same, er, flow -- TPP refuses them, next log entry for the flow by the system is result 61.) There is no traffic to 8.8.8.8 over any of the interfaces. I have tried using a NENetworkRule that _excludes` port 53, but it does not allow that at all. I am very deeply confused by all of this, to the point I'm not quite sure how to begin to articulate a request for help. If anyone has any thoughts, comments, questions, commiserative howls of agony, I'd appreciate it.

I am using the SIMInserted API on Xcode 16 beta. However, when I checked with a SIM card inserted, it returned "No". [Enviroment] Xcode：16beta iOS：18beta1,18beta2 [The modified implementation area is as follows] 1.Add "CarrierDescriptors" to the plist. <key>CarrierDescriptors</key> <array> <dict> <key>MCC</key> <string>440</string> <key>MNC</key> <string>10</string> </dict> </array> 2.Add "SIM Inserted for Wireless Carriers" to the capabilities. <key>com.apple.developer.coretelephony.sim-inserted</key> <true/> 3.In case of iOS 18 and above, perform SIM detection using "isSIMInserted" of CTSubscriber. - (BOOL)isSIMInseted { if(@available(iOS 18.0,*)){ CTSubscriber* ctSubscriber = [CTSubscriber new]; return = ctSubscriber.isSIMInserted; } return NO; } Is there any mistake in the implementation steps you provided? Why is it not possible to retrieve the desired information with this implementation? Please assistant me.

Hi. I'm trying to run tunnel_server from https://github.com/networkextension/SimpleTunnel sample on macOS Sonoma. Delegate's method netServiceWillPublish is called, but neither netServiceDidPublish nor netService(didNotPublish) are not. Firewall is enabled, incoming connections to the tunnel_server app are allowed. The app is not sandboxed and signed to run locally. When running the app, Allow Connections prompt pops up which is allowed.