We are working on developing a macOS VPN client which uses IKEv2 protocol with username/password authentication. So far everything is working good except two system permission prompts, which we are trying to avoid altogether or at least handle during app installation so that we can provide a smooth and seamless one-click connection function to the end user.
We are using NEVPNManager and when we use saveToPreferences we get the first alert that reads (“App” Would like to add VPN Configurations). I have attached a screenshot of this below.
By looking at other macOS clients like ExpressVPN, they don’t have any system permission prompts and establishes the connection with a single tap. Upon further research it looks like they may be taking advantage of a Privileged Helper Tool.
Another issue we have is a keychain access prompt, which we have contacted Apple about and the GREAT GREAT ESKIMO is doing his best to help us on that. But we still have not found a solution for that yet. Maybe a Privileged Helper Tool would help here too?
From our understanding, as we are using username/password authentication for our VPN connection we MUST store the password to keychain and provide it’s reference to the protocol and doing so asks for keychain access permission from the user (neagent wants to access key “com.apple.testapp” in your keychain). I have attached a screenshot of this below.
Are there any alternatives that we can use to either avoid keychain use altogether or at least avoid showing that prompt to the user?
Both popup screenshots are attached below. Looking forward to anyones feedback.
VPN Popup – http://i.imgur.com/WwuT4Iv.png
Keychain Popup – http://i.imgur.com/mS26s4R.png
Powered by WPeMatico