I am developing a VoIP application that uses NetworkExtension (Local PUSH function) And VoIP(APNs) PUSH. Since iPhone X, iPhones have supported eSIM, allowing for the simultaneous use of a physical SIM and an eSIM. Consequently, users of our VoIP app have requested the ability to lock the network used by the VoIP app to either the eSIM or the physical SIM. Our VoIP app utilizes the network through the socket API. Is there an API in the iOS SDK to lock the network used via sockets to either the eSIM or the physical SIM? In other words, we would like to be able to retrieve the IP address assigned to the eSIM or the physical SIM in advance, and know which IP address is assigned to which SIM. Are there any such APIs available (that are not "Deprecated")

Hi, We're receiving data via centralManager.centralManager.scanForPeripherals, with no options or filtering (for now), and in the func centralManager(_ central: CBCentralManager, didDiscover peripheral: CBPeripheral, advertisementData: [String : Any], rssi RSSI: NSNumber) callback, we get advertisementData for each bluetooth device found. But, I know one of my BLE devices is sending an Eddystone TLM payload, which generally is received into the kCBAdvDataServiceData part of the advertisementData dictionary, but, it doesn't show up. What is happening however (when comparing to other devices that do show that payload), is I've noticed the "isConnectable" part is false, and others have it true. Technically we're not "connecting" as such as we're simply reading passive advertisement data, but does that have any bearing on how CoreBluetooth decides to build up it's AdvertisementData response? Example (with serviceData; and I know this has Eddystone TLM) ["kCBAdvDataLocalName": FSC-BP105N, "kCBAdvDataRxPrimaryPHY": 1, "kCBAdvDataServiceUUIDs": <__NSArrayM 0x300b71f80>( FEAA, FEF5 ) , "kCBAdvDataTimestamp": 773270526.26279, "kCBAdvDataServiceData": { FFF0 = {length = 11, bytes = 0x36021892dc0d3015aeb164}; FEAA = {length = 14, bytes = 0x20000be680000339ffa229bbce8a}; }, "kCBAdvDataRxSecondaryPHY": 0, "kCBAdvDataIsConnectable": 1] Vs This also has Eddystone TLM configured ["kCBAdvDataLocalName": 100FA9FD-7000-1000, "kCBAdvDataIsConnectable": 0, "kCBAdvDataRxPrimaryPHY": 1, "kCBAdvDataRxSecondaryPHY": 0, "kCBAdvDataTimestamp": 773270918.97273] Any insight would be great to understand if the presence of other flags drive the exposure of ServiceData or not...

On "Accessory Interface Specification CarPlay Addendum R10", it says that it is recommended that the accessory uses a MIMO (2x2) hardware configuration, does this imply that WiFi 5 and SISO (1X1) will be phased out in the near future? When will WiFi 6 MIMO (2x2) become mandatory? On "Accessory Interface Specification CarPlay Addendum R10", it says that Spatial Audio is mandatory. However, for aftermarket in-vehicle infotainment (IVI) system due to the number of speakers are less than 6, is it allowed not to support spatial audio for this type of aftermarket IVI system?

Hello, I am seeking guidance regarding the com.apple.managed.vpn.shared keychain access group entitlement for our iOS app, which is required to support managed VPN configurations distributed via MDM profiles. Background: Our app uses the Network Extension framework and requires access to VPN credentials stored in configuration profiles, which—according to Apple documentation and forum posts—necessitates the com.apple.managed.vpn.shared entitlement We have already enabled the standard Network Extension entitlements via the Apple Developer portal What I Have Tried: I referenced the advice from a past Apple DTS engineer in this forum post: https://aninterestingwebsite.com/forums/thread/67613 I have submitted multiple requests to Apple Developer Technical Support (DTS) over the past two months, clearly explaining our use case and referencing the official documentation as well as the above forum thread Unfortunately, I have either received no response or responses that do not address my request for the special entitlement Questions: Has anyone successfully received the com.apple.managed.vpn.shared entitlement recently? If so, what was the process and how long did it take? Is there a specific format or information I should include in my DTS request to expedite the process or avoid misunderstandings? Are there any alternative contacts or escalation paths within Apple Developer Support for cases where standard DTS requests are ignored or misunderstood? Thank you in advance for your help

On "Accessory Interface Specification CarPlay Addendum R10", it says that it is recommended that the accessory uses a MIMO (2x2) hardware configuration, does this imply that WiFi 5 and SISO (1X1) will be phased out in the near future? When will WiFi 6 MIMO (2x2) become mandatory? On "Accessory Interface Specification CarPlay Addendum R10", it says that Spatial Audio is mandatory. However, for aftermarket in-vehicle infotainment (IVI) system due to the number of speakers are less than 6, is it allowed not to support spatial audio for this type of aftermarket IVI system?

{"bug_type":"210","timestamp":"2025-07-04 14:19:35.00 +0800","os_version":"macOS 15.5 (24F74)","roots_installed":0,"incident_id":"5457889A-1002-4389-BAE6-A447733EFD78"} { "build" : "macOS 15.5 (24F74)", "product" : "MacBookPro18,4", "socId" : "6001", "socRevision" : "11", "incident" : "5457889A-1002-4389-BAE6-A447733EFD78", "crashReporterKey" : "4ABE0CA2-C60B-8B0E-557A-C0BDEB1E9144", "kernel" : "Darwin Kernel Version 24.5.0: Tue Apr 22 19:54:49 PDT 2025; root:xnu-11417.121.62/RELEASE_ARM64_T6000", "date" : "2025-07-04 14:19:35.95 +0800", "panicString" : "panic(cpu 1 caller 0xfffffe00215f28e8): Kernel data abort. at pc 0xfffffe0021310d9c, lr 0x37a67e002116f050 (saved state: 0xfffffe60706d3240)\n\t x0: 0xfffffe2eaac676f8 x1: 0x0000000000000000 x2: 0xfffffe002116f050 x3: 0x0000000000000002\n\t x4: 0x0000000000002021 x5: 0xffffffffffffffff x6: 0x0000000000000000 x7: 0x0000006ddf79e068\n\t x8: 0xf9555cb919b50093 x9: 0x0000000000000000 x10: 0x0000000000000054 x11: 0x0000000000000000\n\t x12: 0xfffffe002477dfc8 x13: 0x0000000000000001 x14: 0x0000000000000052 x15: 0x0000000000000000\n\t x16: 0x0000020061052ad4 x17: 0x0000000000000001 x18: 0x0000000000000000 x19: 0xfffffe2eaa38d000\n\t x20: 0x0000000000000000 x21: 0xfffffe2eaac676f8 x22: 0x0000000000000020 x23: 0xfffffe2eab90f000\n\t x24: 0x000000001e22b50a x25: 0x0000000000000000 x26: 0x0000000000000000 x27: 0xfffffe2eab90efb4\n\t x28: 0x0000000000003500 fp: 0xfffffe60706d35b0 lr: 0x37a67e002116f050 sp: 0xfffffe60706d3590\n\t pc: 0xfffffe0021310d9c cpsr: 0x60401208 esr: 0xfffffe6096000006 far: 0x0000000000000068\n\nDebugger message: panic\nMemory ID: 0x6\nOS release type: User\nOS version: 24F74\nKernel version: Darwin Kernel Version 24.5.0: Tue Apr 22 19:54:49 PDT 2025; root:xnu-11417.121.62/RELEASE_ARM64_T6000\nFileset Kernelcache UUID: AF6531DB60D1EB2338126CF77682B8DE\nKernel UUID: CBC2F718-53E4-3C8D-BEC7-FB6DDC3318E1\nBoot session UUID: 5457889A-1002-4389-BAE6-A447733EFD78\niBoot version: iBoot-11881.121.1\niBoot Stage 2 version: iBoot-11881.121.1\nsecure boot?: YES\nroots installed: 0\nPaniclog version: 14\nKernelCache slide: 0x0000000018540000\nKernelCache base: 0xfffffe001f544000\nKernel slide: 0x0000000018548000\nKernel text base: 0xfffffe001f54c000\nKernel text exec slide: 0x0000000019ce0000\nKernel text exec base: 0xfffffe0020ce4000\nmach_absolute_time: 0x6ddf85c206\nEpoch Time: sec usec\n Boot : 0x686680ed 0x000c5ab2\n Sleep : 0x68676ff9 0x0005fdc0\n Wake : 0x68677007 0x000d2cfa\n Calendar: 0x68677252 0x00021537\n\nZone info:\n Zone map: 0xfffffe1016000000 - 0xfffffe3616000000\n . VM : 0xfffffe1016000000 - 0xfffffe15e2000000\n . RO : 0xfffffe15e2000000 - 0xfffffe187c000000\n . GEN0 : 0xfffffe187c000000 - 0xfffffe1e48000000\n . GEN1 : 0xfffffe1e48000000 - 0xfffffe2414000000\n . GEN2 : 0xfffffe2414000000 - 0xfffffe29e0000000\n . GEN3 : 0xfffffe29e0000000 - 0xfffffe2fac000000\n . DATA : 0xfffffe2fac000000 - 0xfffffe3616000000\n Metadata: 0xfffffe5e3a010000 - 0xfffffe5e43810000\n Bitmaps : 0xfffffe5e43810000 - 0xfffffe5e4f500000\n Extra : 0 - 0\n\nTPIDRx_ELy = {1: 0xfffffe28ded6aff0 0: 0x0000000000000001 0ro: 0x000000016fd330e0 }\nCORE 0 PVH locks held: None\nCORE 1 PVH locks held: None\nCORE 2 PVH locks held: None\nCORE 3 PVH locks held: None\nCORE 4 PVH locks held: None\nCORE 5 PVH locks held: None\nCORE 6 PVH locks held: None\nCORE 7 PVH locks held: None\nCORE 8 PVH locks held: None\nCORE 9 PVH locks held: None\nCORE 0: PC=0xfffffe0020f2d330, LR=0xfffffe0020f2d368, FP=0xfffffe60717cb460\nCORE 1 is the one that panicked. Check the full backtrace for details.\nCORE 2: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe607167bed0\nCORE 3: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe60725d3ed0\nCORE 4: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe6072bafed0\nCORE 5: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe6072197ed0\nCORE 6: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe60727abed0\nCORE 7: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe6071897ed0\nCORE 8: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe607149bed0\nCORE 9: PC=0xfffffe0020d81094, LR=0xfffffe0020d81094, FP=0xfffffe607214bed0\nCompressor Info: 0% of compressed pages limit (OK) and 0% of segments limit (OK) with 0 swapfiles and OK swap space\nPanicked task 0xfffffe1d4729c7a0: 1925 pages, 14 threads: pid 36674: com.TE.TEDataCloak.ne\nPanicked thread: 0xfffffe28ded6aff0, backtrace: 0xfffffe60706d28f0, tid: 743602\n\t\t lr: 0xfffffe0020d432b4 fp: 0xfffffe60706d2980\n\t\t lr: 0xfffffe0020ea52f8 fp: 0xfffffe60706d29f0\n\t\t lr: 0xfffffe0020ea3554 fp: 0xfffffe60706d2ab0\n\t\t lr: 0xfffffe0020cebb98 fp: 0xfffffe60706d2ac0\n\t\t lr: 0xfffffe0020d42b98 fp: 0xfffffe60706d2e90\n\t\t lr: 0xfffffe00215e7388 fp: 0xfffffe60706d2eb0\n\t\t lr: 0xfffffe00215f28e8 fp: 0xfffffe60706d30c0\n\t\t lr: 0xfffffe0020ea5154 fp: 0xfffffe60706d3160\n\t\t lr: 0xfffffe0020ea36c8 fp: 0xfffffe60706d3220\n\t\t lr: 0xfffffe0020cebb98 fp: 0xfffffe60706d3230\n\t\t lr: 0xfffffe002116f050 fp: 0xfffffe60706d35b0\n\t\t lr: 0xfffffe002116f050 fp: 0xfffffe60706d3730\n\t\t lr: 0xfffffe002116de88 fp: 0xfffffe60706d3780\n\t\t lr: 0xfffffe0021180174 fp: 0xfffffe60706d3810\n\t\t lr: 0xfffffe002117ea94 fp: 0xfffffe60706d38d0\n\t\t lr: 0xfffffe002117d69c fp: 0xfffffe60706d3a30\n\t\t lr: 0xfffffe0021281400 fp: 0xfffffe60706d3a80\n\t\t lr: 0xfffffe00213146dc fp: 0xfffffe60706d3c10\n\t\t lr: 0xfffffe0021324ff8 fp: 0xfffffe60706d3d00\n\t\t lr: 0xfffffe0021325580 fp: 0xfffffe60706d3de0\n\t\t lr: 0xfffffe00213edc24 fp: 0xfffffe60706d3e50\n\t\t lr: 0xfffffe0020ea35dc fp: 0xfffffe60706d3f10\n\t\t lr: 0xfffffe0020cebb98 fp: 0xfffffe60706d3f20\n\t\t lr: 0xfffffe0020cebb60 fp: 0x0000000000000000\n\nlast started kext at 3810289154: com.apple.filesystems.smbfs\t6.0 (addr 0xfffffe00200f68e0, size 111737)\nloaded kexts:\ncom.paragon-

The app is an official Apple app: https://aninterestingwebsite.com/documentation/wifiaware/building-peer-to-peer-apps. I have two phones, an iPhone 12 and an iPhone 13, both with Bluetooth turned on and connected to the same WiFi. The devices paired successfully the first time, but after I reset the Wi-Fi identifier in Settings - Privacy & Security - Paired Devices, the devices could no longer pair. Specifically, one device displays a PIN input pop-up, but the other device does not show the PIN. What could be the reason for this?

Hello, I am planning to build content filter application for iOS platform and based on the documentation I have read, it's not clear if I can just inspect/monitor network traffic and not filter or block URLs in the NEFilterDataProvider. Is this a valid use case ? With this approach, will the App get rejected during the App review.?

Hello! I have a quirky situation that I am looking for a solution to. The iOS app I am working on needs to be able to communicate with systems that do not have valid root certs. Furthermore, these systems addresses will be sent to the user at run time. The use case is that administrators will provide a self signed certificate (.pem) for the iPhones to download which will then be used to pass the authentication challenge. I am fairly new to customizing trust and my understanding is that it is very easy to do it incorrectly and expose the app unintentionally. Here is our users expected workflow: An administrator creates a public ip server. The ip server is then configured with dns. A .pem file that includes a self signed certificate is created for the new dns domain. The pem file is distributed to iOS devices to download and enable trust for. When they run the app and attempt to establish connection with the server, it will not error with an SSL error. When I run the app without modification to the URLSessionDelegate method(s) I do get an SSL error. Curiously, attempting to hit the same address in Safari will not show the insecure warning and proceed without incident. What is the best way to parity the Safari use case for our app? Do I need to modify the urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) method to examine the NSURLAuthenticationMethodServerTrust? Maybe there is a way to have the delegate look through all the certs in keychain or something to find a match? What would you advise here? Sincerely thank you for taking the time to help me, ~Puzzled iOS Dev

Do we have clear document around multiple content filter applications running on single device.? While the documentation says 8 content filters and Only one filter available for system-wide use, there is no clear mention about below scenarios - Which content filter will get precedence? System-wide or App managed? Can there be mulitple Content filters configured for same managed application? Will all control provider running on the device get notified about network traffic ? I searched the forums to get a clear answer but seems older threads where nothing was conclusive. Thanks in advance for the help !!

I was having a look through the documentation for NEPacketTunnelProvider, and wanted to know if it's possible for startTunnel(..) and stopTunnel(..) to run simultaneously, and thus require synchronization between resources they deal with? For example, if the VPN is toggled rapidly from system settings, could the setup that occurs in my startTunnel() definition (class instantiation and setTunnelNetworkSettings(value)) potentially occur after the tear-down logic (resource cleanup, setTunnelNetworkSettings(nil)), leaving the system in a state where the VPN is deactivated, but the configuration is in place?

At WWDC 25, Dr. Swetank mentioned, “DeviceDiscoveryUI is for making connections between apps and from an app to another device. It supports pairing with both Apple and third-party devices.” I find the pairing process in DeviceDiscoveryUI via Wi-Fi Aware intriguing. I have two questions: Can we pair devices via Bluetooth first and then establish a Wi-Fi Aware connection? If I use DeviceDiscoveryUI, how should I write an Android program to correspond with it and achieve iPhone-Android pairing? The app is an official Apple app: https://aninterestingwebsite.com/documentation/wifiaware/building-peer-to-peer-apps.

[Q] How many instances of the same NEFilterDataProvider subclass can there be in a single running Network Extension at any given time? I would expect that there can be only 1 instance but I'm looking at a memgraph where 2 instances are listed. As it's the Network Extension framework that is responsible for creating, starting and stopping these instances, this is rather strange.

We have a Java application built for macOS. On the first launch, the application prompts the user to allow local network access. We've correctly added the NSLocalNetworkUsageDescription key to the Info.plist, and the provided description appears in the system prompt. After the user grants permission, the application can successfully connect to a local server using its hostname. However, the issue arises after the system is rebooted. When the application is launched again, macOS does not prompt for local network access a second time—which is expected, as the permission was already granted. Despite this, the application is unable to connect to the local server. It appears the previously granted permission is being ignored after a reboot. A temporary workaround is to manually toggle the Local Network permission off and back on via System Settings > Privacy & Security, which restores connectivity—until the next reboot. This behavior is highly disruptive, both for us and for a significant number of our users. We can reproduce this on multiple systems... The issues started from macOS Sequoia 15.0 By opening the application bundle using "Show Package Contents," we can launch the application via "JavaAppLauncher" without any issues. Once started, the application is able to connect to our server over the local network. This seems to bypass the granted permissions? "JavaAppLauncher" is also been used in our Info.plist file Removing the following plist in Recovery Mode seems to resolve the issue rm "/Volumes/Macintosh HD/Library/Preferences/com.apple.networkextension.plist" Is this safe to do?

We have a Java application built for macOS. On the first launch, the application prompts the user to allow local network access. We've correctly added the NSLocalNetworkUsageDescription key to the Info.plist, and the provided description appears in the system prompt. After the user grants permission, the application can successfully connect to a local server using its hostname. However, the issue arises after the system is rebooted. When the application is launched again, macOS does not prompt for local network access a second time—which is expected, as the permission was already granted. Despite this, the application is unable to connect to the local server. It appears the previously granted permission is being ignored after a reboot. A temporary workaround is to manually toggle the Local Network permission off and back on via System Settings > Privacy & Security, which restores connectivity—until the next reboot. This behavior is highly disruptive, both for us and for a significant number of our users. We can reproduce this on multiple systems... The issues started from macOS Sequoia 15.0 By opening the application bundle using "Show Package Contents," we can launch the application via "JavaAppLauncher" without any issues. Once started, the application is able to connect to our server over the local network. This seems to bypass the granted permissions? "JavaAppLauncher" is also been used in our Info.plist file Removing the following plist in Recovery Mode seems to resolve the issue rm "/Volumes/Macintosh HD/Library/Preferences/com.apple.networkextension.plist" Is this safe to do?

We have a Java application built for macOS. On the first launch, the application prompts the user to allow local network access. We've correctly added the NSLocalNetworkUsageDescription key to the Info.plist, and the provided description appears in the system prompt. After the user grants permission, the application can successfully connect to a local server using its hostname. However, the issue arises after the system is rebooted. When the application is launched again, macOS does not prompt for local network access a second time—which is expected, as the permission was already granted. Despite this, the application is unable to connect to the local server. It appears the previously granted permission is being ignored after a reboot. A temporary workaround is to manually toggle the Local Network permission off and back on via System Settings > Privacy & Security, which restores connectivity—until the next reboot. This behavior is highly disruptive, both for us and for a significant number of our users. We can reproduce this on multiple systems... The issues started from macOS Sequoia 15.0 By opening the application bundle using "Show Package Contents," we can launch the application via "JavaAppLauncher" without any issues. Once started, the application is able to connect to our server over the local network. This seems to bypass the granted permissions? "JavaAppLauncher" is also been used in our Info.plist file

Question: What is the standard, most reliable way to manage temporary files associated with a URLSessionDownloadTask that has been terminated abnormally due to a network error or other issues? Details Hello, I'm currently developing a feature to download multiple files concurrently on iOS using URLSessionDownloadTask, and I have a question regarding the lifecycle of the temporary files created during this process. As I understand it, URLSessionDownloadTask stores incoming data in a temporary file within the tmp directory, typically with a name like CFNetworkDownload_*.tmp. In my testing, temporary files are managed correctly in the normal scenario. For instance, when I call the cancel() method on an active downloadTask and then release all references to it, the corresponding temporary file is automatically cleaned up from the tmp directory shortly after. However, the problem occurs when a download is interrupted abnormally due to external factors, such as a lost network connection. In this situation, the urlSession(_:task:didCompleteWithError:) delegate method is called, but the associated temporary file is not deleted and remains in the tmp directory. I've observed a particularly interesting behavior related to this. Immediately after the error occurs, if I check my app's storage usage in the iOS Settings app, the data size appears to have decreased momentarily. However, the tmp file has not actually been deleted, and after a short while, the storage usage is recalculated to include the size of this orphaned temporary file. Since my app does not support resuming interrupted downloads, these leftover files become orphaned and unnecessarily consume storage. Therefore, I want to ensure they are all reliably deleted. With this context, I'd like to ask the community: What is the standard, most reliable way to manage temporary files associated with a URLSessionDownloadTask that has been terminated abnormally due to a network error or other issues? I am wondering if there is an official guide or a framework-level API to handle these orphaned files. I would appreciate any advice from those with experience in this area. Thank you.

IMPORTANT The resume rate limiter is now covered by the official documentation. See Use background sessions efficiently within Downloading files in the background. So, the following is here purely for historical perspective. NSURLSession’s background session support on iOS includes a resume rate limiter. This limiter exists to prevent apps from abusing the background session support in order to run continuously in the background. It works as follows: nsurlsessiond (the daemon that does all the background session work) maintains a delay value for your app. It doubles that delay every time it resumes (or relaunches) your app. It resets that delay to 0 when the user brings your app to the front. It also resets the delay to 0 if the delay period elapses without it having resumed your app. When your app creates a new task while it is in the background, the task does not start until that delay has expired. To understand the impact of this, consider what happens when you download 10 resources. If you pass them to the background session all at once, you see something like this: Your app creates tasks 1 through 10 in the background session. nsurlsessiond starts working on the first few tasks. As tasks complete, nsurlsessiond starts working on subsequent ones. Eventually all the tasks complete and nsurlsessiond resumes your app. Now consider what happens if you only schedule one task at a time: Your app creates task 1. nsurlsessiond starts working on it. When it completes, nsurlsessiond resumes your app. Your app creates task 2. nsurlsessiond delays the start of task 2 a little bit. nsurlsessiond starts working on task 2. When it completes, nsurlsessiond resumes your app. Your app creates task 3. nsurlsessiond delays the start of task 3 by double the previous amount. nsurlsessiond starts working on task 3. When it completes, nsurlsessiond resumes your app. Steps 8 through 11 repeat, and each time the delay doubles. Eventually the delay gets so large that it looks like your app has stopped making progress. If you have a lot of tasks to run then you can mitigate this problem by starting tasks in batches. That is, rather than start just one task in step 1, you would start 100. This only helps up to a point. If you have thousands of tasks to run, you will eventually start seeing serious delays. In that case it’s much better to change your design to use fewer, larger transfers. Note All of the above applies to iOS 8 and later. Things worked differently in iOS 7. There’s a post on DevForums that explains the older approach. Finally, keep in mind that there may be other reasons for your task not starting. Specifically, if the task is flagged as discretionary (because you set the discretionary flag when creating the task’s session or because the task was started while your app was in the background), the task may be delayed for other reasons (low power, lack of Wi-Fi, and so on). Share and Enjoy — Quinn “The Eskimo!” @ Developer Technical Support @ Apple let myEmail = "eskimo" + "1" + "@" + "apple.com" (r. 22323366)

Hi everyone, I'm currently experimenting with building a simple DNS filter using Apple's Packet Tunnel framework. Here's the flow I'm trying to implement: Create a TUN interface Set up a UDP socket Read packets via packetFlow.readPackets Parse the raw IP packet Forward the UDP payload through the socket Receive the response from the server Reconstruct the IP packet with the response Write it back to the TUN interface using packetFlow.writePackets Here’s an example of an intercepted IP packet (DNS request): 45 00 00 3c 15 c4 00 00 40 11 93 d1 c0 a8 00 64 08 08 08 08 ed 6e 00 35 00 28 e5 c9 7f da 01 00 00 01 00 00 00 00 00 00 04 74 69 6d 65 05 61 70 70 6c 65 03 63 6f 6d 00 00 01 00 01 And here’s the IP packet I tried writing back into the TUN interface (DNS response): 45 00 00 89 5e 37 40 00 40 11 0b 11 08 08 08 08 c0 a8 00 64 00 35 ed 6e 00 75 91 e8 7f da 81 80 00 01 00 04 00 00 00 00 04 74 69 6d 65 05 61 70 70 6c 65 03 63 6f 6d 00 00 01 00 01 c0 0c 00 05 00 01 00 00 0c fb 00 11 04 74 69 6d 65 01 67 07 61 61 70 6c 69 6d 67 c0 17 c0 2c 00 01 00 01 00 00 03 04 00 04 11 fd 74 fd c0 2c 00 01 00 01 00 00 03 04 00 04 11 fd 74 7d c0 2c 00 01 00 01 00 00 03 04 00 04 11 fd 54 fb Unfortunately, it seems the packet is not being written back correctly to the TUN interface. I'm not seeing any expected DNS response behavior on the device. Also, I noticed that after creating the TUN, the interface address shows up as 0.0.0.0:0 in Xcode. The system log includes this message when connecting the VPN: NWPath does not have valid interface: satisfied (Path is satisfied), interface: utun20[endc_sub6], ipv4, dns, expensive, uses cellular Does anyone know how to properly initialize the TUN so that the system recognizes it with a valid IP configuration? Or why my written-back packet might be getting ignored? Any help would be appreciated!

Our application has initiated an NSURLSession data task, and we have received an initiation ID. However, Application not received callback on the subsequent activity: the task has not been requested, has not timed out, and no error callback has been received. [06/17 09:29:40:559][ 0x282a7d8c0] Requested TaskIdentifier 120 2025-06-17 09:29:40.623337 +0530 nsurlsessiond SUBMITTING: com.apple.CFNetwork-cc-166-373-Task .&lt;120&gt;:A71666 default 2025-06-17 09:29:40.631280 +0530 dasd Submitted Activity: com.apple.CFNetwork-cc-166-373-Task .&lt;120&gt;:A71666 at priority 10 default Seen couple of rejection with for CPUUsagePolicy and MemoryPressurePolicy 2025-06-17 09:29:40.989360 +0530 dasd com.apple.CFNetwork-cc-166-373-Task .&lt;120&gt;:A71666:[ {name: CPUUsagePolicy, policyWeight: 5.000, response: {Decision: Must Not Proceed, Score: 0.00, Rationale: [{[Max allowed CPU Usage level]: Required:90.00, Observed:95.00},]}} {name: MemoryPressurePolicy, policyWeight: 5.000, response: {Decision: Must Not Proceed, Score: 0.00, Rationale: [{[memoryPressure]: Required:1.00, Observed:2.00},]}} ], FinalDecision: Must Not Proceed} default 2025-06-17 10:55:22.500277 +0530 dasd com.apple.CFNetwork-cc-166-373-Task .&lt;120&gt;:A71666:[ {name: MemoryPressurePolicy, policyWeight: 5.000, response: {Decision: Must Not Proceed, Score: 0.00, Rationale: [{[memoryPressure]: Required:1.00, Observed:2.00},]}} ], FinalDecision: Must Not Proceed} default And more an hour later then it throws with an error BUT NEVER indicated the same to client 2025-06-17 10:55:27.426549 +0530 WAVE PTX Task .&lt;120&gt; is for &lt;&gt;.&lt;&gt;.&lt;120&gt; default 2025-06-17 10:55:27.776951 +0530 nsurlsessiond Task .&lt;120&gt; summary for task failure {transaction_duration_ms=5147145, response_status=-1, connection=0, reused=1, request_start_ms=0, request_duration_ms=0, response_start_ms=0, response_duration_ms=0, request_bytes=0, response_bytes=0, cache_hit=false} default 2025-06-17 10:55:27.777096 +0530 nsurlsessiond NDSession &lt;714296D7-20F9-4A0A-8C31-71FB67F39A56&gt; Task .&lt;120&gt; for client will be retried after error Error Domain=_nsurlsessiondErrorDomain Code=6 UserInfo={NSErrorFailingURLStringKey=, NSErrorFailingURLKey=, _NSURLErrorRelatedURLSessionTaskErrorKey=, _NSURLErrorFailingURLSessionTaskErrorKey=} - code: 6 default Then It got resumed and says successful but never got any callback on the same to client 2025-06-17 10:55:28.877245 +0530 nsurlsessiond NDSession &lt;714296D7-20F9-4A0A-8C31-71FB67F39A56&gt; Task .&lt;120&gt; resuming default 2025-06-17 10:55:55.225456 +0530 nsurlsessiond Task .&lt;120&gt; received response, status 401 content K default 2025-06-17 10:55:55.250371 +0530 nsurlsessiond Task .&lt;120&gt; finished successfully default Please refer feedback for diagnose logs: https://feedbackassistant.apple.com/feedback/18173303