My target platform is OS X 10.10 / Xcode 7.2 I am trying to keep the NEVPNManager preference and I got an error in the domain = NEConfigurationErrorDomain:
Error Domain = NEConfigurationErrorDomain Code = 10 "permission denied" UserInfo = 0x610000073280 {NSLocalizedDescription = permission denied}
Sample code below:
let manager = NEVPNManager.sharedManager() manager.loadFromPreferencesWithCompletionHandler { (error) -> Void in if((error) != nil) { print("VPN load preferences error") print(error!) exit(0) } if manager.`protocol` == nil { let proto = NEVPNProtocolIKEv2() proto.serverAddress = "host.net" proto.username = "username" Keychain.save("vpnpassword", data: "password".dataUsingEncoding(NSUTF8StringEncoding)!) proto.passwordReference = Keychain.load("vpnpassword") // I got the same error without passwordReference too proto.authenticationMethod = NEVPNIKEAuthenticationMethod.None manager.`protocol` = proto manager.enabled = true manager.localizedDescription = "VPN" manager.saveToPreferencesWithCompletionHandler({ (error) -> Void in if((error) != nil) { print("VPN Save to Preferences error") print(error!) exit(0) } else { do { try manager.connection.startVPNTunnel() print("Started error") } catch { print("Unexpected error") } } } }) } })
I also found the following log entries:
Jan 10 14:24:51 y.local nehelper[196]: app has the com.apple.developer.networking.vpn.api entitlement but not the application-identifier entitlement Jan 10 14:24:51 y.local nehelper[196]: app Failed to obtain authorization right for 3: no authorization provided Jan 10 14:24:51 y.local app[33627]: __55-[NEVPNManager saveToPreferencesWithCompletionHandler:]_block_invoke142: failed to save the new configuration: Error Domain=NEConfigurationErrorDomain Code=10 "permission denied" UserInfo=0x608000660240 {NSLocalizedDescription=permission denied}
I have the following rights
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>T76ZSM474A.app</string> <key>com.apple.developer.aps-environment</key> <string>development</string> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.developer.team-identifier</key> <string>T76ZSM474A</string> <key>com.apple.security.application-groups</key> <array> <string>T76ZSM474A.</string> </array> <key>keychain-access-groups</key> <array> <string>T76ZSM474A.group</string> </array> </dict> </plist>
And the next xcent
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>T76ZSM474A.vpn</string> <key>com.apple.developer.aps-environment</key> <string>development</string> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.developer.team-identifier</key> <string>T76ZSM474A</string> <key>com.apple.security.application-groups</key> <array> <string>T76ZSM474A.</string> </array> <key>keychain-access-groups</key> <array> <string>T76ZSM474A.group</string> </array> </dict> </plist>
embedded.provisionprofile has allow-vpn and the correct command identifier (T76ZSM474A)
The configured application has the following code output.
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.application-identifier</key> <string>T76ZSM474A.app</string> <key>com.apple.developer.aps-environment</key> <string>development</string> <key>com.apple.developer.networking.vpn.api</key> <array> <string>allow-vpn</string> </array> <key>com.apple.developer.team-identifier</key> <string>T76ZSM474A</string> <key>com.apple.security.application-groups</key> <array> <string>T76ZSM474A.</string> </array> <key>keychain-access-groups</key> <array> <string>T76ZSM474A.group</string> </array> </dict> </plist>
I tried to decompile Network.framework, but it is not easy. I tested this problem on OS X 10.11 and I did not find the problem, my application is working correctly. I copied the built application from OS X 10.11 to OS X 10.10 and I received the previous error. I think the documentation has an error and NEVPNManager is not supported in OS X 10.10 or NEVPNManager in OS X 10.10 has an error.
What did I misunderstand?