I am trying to disable the onDemanRules from within the NEPacketTunnelProvider extension, but when I try to load the NETunnelProviderManager I get this message in the logs:
NETunnelProviderManager objects cannot be instantiated from NEProvider processes
It seems odd that we can cancel the tunnel from the extension using cancelTunnelWithError(_:) but can't stop the system from trying to reconnect due to onDemandRules. Especially that in the documentation it says:
The Packet Tunnel Provider should call this method when an unrecoverable error occurs, such as the tunnel server going down or the VPN authentication session expiring.
It is not very useful to call this method when an unrecoverable error occurs, since we cannot stop it from reconnecting. If for example, the tunnel server is down, it shouldn't keep trying to reconnect indefinitely. That would just block the internet connection from the phone, and for the user to gain access to the internet again they have to go to Settings > VPN > VPN Profile > Disable "Connect on Demand", which is a bad user experience, we should just be able to disable it from the extension.
It would be great if we can access the NETunnelProviderManager from the extension itself so that we can update the VPN profile as we see fit.
Description
I am trying to disable the onDemanRules from within the NEPacketTunnelProvider extension, but when I try to load the NETunnelProviderManager I get this message in the logs:
NETunnelProviderManager objects cannot be instantiated from NEProvider processes
It seems odd that we can cancel the tunnel from the extension using cancelTunnelWithError(_:) but can't stop the system from trying to reconnect due to onDemandRules. Especially that in the documentation it says:
The Packet Tunnel Provider should call this method when an unrecoverable error occurs, such as the tunnel server going down or the VPN authentication session expiring.
It is not very useful to call this method when an unrecoverable error occurs, since we cannot stop it from reconnecting. If for example, the tunnel server is down, it shouldn't keep trying to reconnect indefinitely. That would just block the internet connection from the phone, and for the user to gain access to the internet again they have to go to Settings > VPN > VPN Profile > Disable "Connect on Demand", which is a bad user experience, we should just be able to disable it from the extension.
It would be great if we can access the NETunnelProviderManager from the extension itself so that we can update the VPN profile as we see fit.
Thanks.
- Product Version: iOS 9.0+ Created: 2019-05-13T14:45:41.432917 Originated: 2019-05-13T10:40:00 Open Radar Link: http://www.openradar.me/50723668