My target platform is OS X 10.10 / Xcode 7.2 I'm trying to save the preference for NEVPNManager and I got an error in the domain=NEConfigurationErrorDomain:
Error Domain = NEConfigurationErrorDomain Code = 10 "permission denied" UserInfo = 0x610000073280 {NSLocalizedDescription = permission denied}
The sample code below:
let manager = NEVPNManager.sharedManager()
manager.loadFromPreferencesWithCompletionHandler { (error) -> Void in
if((error) != nil) {
print("VPN load preferences error")
print(error!)
exit(0)
}
if manager.`protocol` == nil {
let proto = NEVPNProtocolIKEv2()
proto.serverAddress = "host.net"
proto.username = "username"
Keychain.save("vpnpassword", data: "password".dataUsingEncoding(NSUTF8StringEncoding)!)
proto.passwordReference = Keychain.load("vpnpassword") // I got the same error without passwordReference too
proto.authenticationMethod = NEVPNIKEAuthenticationMethod.None
manager.`protocol` = proto
manager.enabled = true
manager.localizedDescription = "VPN"
manager.saveToPreferencesWithCompletionHandler({ (error) -> Void in
if((error) != nil) {
print("VPN Save to Preferences error")
print(error!)
exit(0)
}
else {
do {
try manager.connection.startVPNTunnel()
print("Started error")
} catch {
print("Unexpected error")
}
}
}
})
}
})
Also I found next log entries:
Jan 10 14:24:51 y.local nehelper[196]: app has the com.apple.developer.networking.vpn.api entitlement but not the application-identifier entitlement
Jan 10 14:24:51 y.local nehelper[196]: app Failed to obtain authorization right for 3: no authorization provided
Jan 10 14:24:51 y.local app[33627]: __55-[NEVPNManager saveToPreferencesWithCompletionHandler:]_block_invoke142: failed to save the new configuration: Error Domain=NEConfigurationErrorDomain Code=10 "permission denied" UserInfo=0x608000660240 {NSLocalizedDescription=permission denied}
I have next entitlements
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string>T76ZSM474A.app</string>
<key>com.apple.developer.aps-environment</key>
<string>development</string>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>T76ZSM474A</string>
<key>com.apple.security.application-groups</key>
<array>
<string>T76ZSM474A.</string>
</array>
<key>keychain-access-groups</key>
<array>
<string>T76ZSM474A.group</string>
</array>
</dict>
</plist>
And next xcent
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string>T76ZSM474A.vpn</string>
<key>com.apple.developer.aps-environment</key>
<string>development</string>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>T76ZSM474A</string>
<key>com.apple.security.application-groups</key>
<array>
<string>T76ZSM474A.</string>
</array>
<key>keychain-access-groups</key>
<array>
<string>T76ZSM474A.group</string>
</array>
</dict>
</plist>
embedded.provisionprofile has allow-vpn and correct team id (T76ZSM474A)
Builded app has next codesign output
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.application-identifier</key>
<string>T76ZSM474A.app</string>
<key>com.apple.developer.aps-environment</key>
<string>development</string>
<key>com.apple.developer.networking.vpn.api</key>
<array>
<string>allow-vpn</string>
</array>
<key>com.apple.developer.team-identifier</key>
<string>T76ZSM474A</string>
<key>com.apple.security.application-groups</key>
<array>
<string>T76ZSM474A.</string>
</array>
<key>keychain-access-groups</key>
<array>
<string>T76ZSM474A.group</string>
</array>
</dict>
</plist>
I tried to decompile Network.framework, but it isn't easy. I checked this problem on OS X 10.11 and I didn't found problem, my app works correctly. I copied builded app from OS X 10.11 to OS X 10.10 and I got previous error. I think that documentation has an error and NEVPNManager not supported in OS X 10.10 or NEVPNManager on OS X 10.10 has a bug.
What did I wrong?
I had long meet with Apple Support. They told that — NEVPNManager is not fully available on 10.10. You should upgrade to OS X El Capitan or use Strongswan Frontend for OS X (https://wiki.strongswan.org/projects/strongswan/wiki/MacOSX).