We create custom VPN tunnel by overriding PacketTunnelProvider on MacOS. Normal VPN connection works seamlessly. But if we enable onDemand rules on VPN manager, intemittently during tunnel creation via OnDemand, internet goes away on machine leading to a connection stuck state.
Why does internet goes away during tunnel creation?
But we use some other auth as well where URLSession isn't used
OK. But what API is used in that case?
we still land into no internet for few ms
Should I interpret “ms” as milliseconds?
I believe on-demand flow itself has some issues.
Oh, I’m not disagreeing with you. Rather, I’m trying to characterise this problem so that I can advise you as to how best to proceed.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
In this 2nd auth scenario, internet drop is only for few ms, on-demand connection succeeds eventually and we don't experience any issues.
Yes ms is milliseconds.
OK, so we’re talking about very short transient failures here, right?
If so, that’s not super unexpected. As the networking reconfigures, existing connections can fail and their replacements might not connect immediately.
Our preferred networking APIs have a waits-for-connectivity feature so, when you start a connection, it won’t fail immediately but instead will wait for the connection to start. This is very different from the traditional BSD Sockets model.
I talk about this in some depth in TN3151 Choosing the right networking API, and specifically in the Connect by name and BSD Sockets best practices sections.
This is one of the reasons why I asked how NWConnection behaves in this scenario.
One further thing to note here is that, for compatibility reasons, the waits-for-connectivity feature is not the default with URLSession. You have to enable it via the waitsForConnectivity property on your session configuration. So it’d be interesting to see how that behaves in this environment.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
waitsForConnectivity property is not enabled for URLsession configuration. URLSession leads to no internet internmittently but when it does, there is no mitigation other than disabling always-on. That's the biggest problem right now.
