Unable to disable onDemandRules from NEPacketTunnelProvider Extension

Originator:mufti14
Number:rdar://50723668 Date Originated:May 13 2019, 10:40 AM
Status:Open Resolved:
Product:Network Extensions Product Version:iOS 9.0+
Classification:Enhancement Reproducible:Yes
 
I am trying to disable the onDemanRules from within the NEPacketTunnelProvider extension, but when I try to load the NETunnelProviderManager I get this message in the logs:

NETunnelProviderManager objects cannot be instantiated from NEProvider processes


It seems odd that we can cancel the tunnel from the extension using cancelTunnelWithError(_:) but can't stop the system from trying to reconnect due to onDemandRules. Especially that in the documentation it says:

The Packet Tunnel Provider should call this method when an unrecoverable error occurs, such as the tunnel server going down or the VPN authentication session expiring.

 
It is not very useful to call this method when an unrecoverable error occurs, since we cannot stop it from reconnecting. If for example, the tunnel server is down, it shouldn't keep trying to reconnect indefinitely. That would just block the internet connection from the phone, and for the user to gain access to the internet again they have to go to Settings > VPN > VPN Profile > Disable "Connect on Demand", which is a bad user experience, we should just be able to disable it from the extension.

It would be great if we can access the NETunnelProviderManager from the extension itself so that we can update the VPN profile as we see fit.

Thanks.

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!