// This function MUST eventually call `NSApp.reply(toApplicationShouldTerminate: true)`

// or return `.terminateNow`

func applicationShouldTerminate(_:NSApplication)->NSApplication.TerminateReply{

if !settings.stopVPNOnQuit{return.terminateNow}

await vpn.quit()

await vpn.stop()

NSApp.reply(toApplicationShouldTerminate:true)

return.terminateLater

/// An actor that handles configuring, enabling, and disabling the VPN tunnel via the

/// NetworkExtension APIs.

// Updates the UI if a previous configuration exists

func loadNetworkExtension()async{

func hasNetworkExtensionConfig()async->Bool{

if !tm.isEnabled{

tm.isEnabled=true

tryawait tm.saveToPreferences()

logger.debug("saved tunnel with enabled=true")

try tm.connection.startVPNTunnel()

logger.error("enable network extension:\(error)")

logger.error("start tunnel:\(error)")

neState=.failed(error.localizedDescription)

logger.debug("enabled andstarted tunnel")

logger.debug("started tunnel")

neState=.enabled

tm.connection.stopVPNTunnel()

tm.isEnabled=false

tryawait tm.saveToPreferences()

logger.error("disable network extension:\(error)")

logger.error("stop tunnel:\(error)")

neState=.failed(error.localizedDescription)

logger.debug("saved tunnel with enabled=false")

logger.debug("stopped tunnel")

neState=.disabled

init(store:UserDefaults=.standard){

self.store= store

_literalHeaders=Published(

varlogger=Logger(subsystem:Bundle.main.bundleIdentifier!, category:"vpn")

lazyvarxpc:VPNXPCInterface=.init(vpn:self)

@PublishedvartunnelState:VPNServiceState=.disabled

super.init()

neState=ifawaithasNetworkExtensionConfig(){

.disabled

.unconfigured

xpc.connect()

xpc.getPeerState()

NotificationCenter.default.addObserver(

selector: #selector(vpnDidUpdate(_:)),

NotificationCenter.default.removeObserver(self)

func clearPeers(){

agents=[:]

workspaces=[:]

func start()async{

switch tunnelState{

case.disabled,.failed:

// this ping is somewhat load bearing since it causesxpc to init

xpc.connect()

xpc.ping()

logger.debug("network extension enabled")

func stop()async{

guard tunnelState==.connectedelse{return}

logger.info("network extension stopped")

// Instructs the service to stop the VPN and then quit once the stop event

// is read over XPC.

// MUST only be called from `NSApplicationDelegate.applicationShouldTerminate`

// MUST eventually call `NSApp.reply(toApplicationShouldTerminate: true)`

func quit()async{

guard tunnelState==.connectedelse{

NSApp.reply(toApplicationShouldTerminate:true)

terminating=true

func configureTunnelProviderProtocol(proto:NETunnelProviderProtocol?){

iflet proto{

func onExtensionPeerState(_ data:Data?){

guardlet dataelse{

logger.error("could not retrieve peer state from network extension, it may not be running")

logger.info("received network extension peer state")

letmsg=tryVpn_PeerUpdate(serializedBytes: data)

debugPrint(msg)

applyPeerUpdate(with: msg)

logger.error("failed to decode peer update\(error)")

func applyPeerUpdate(with update:Vpn_PeerUpdate){

// Delete agents

update.deletedAgents

switch connection.status{

case.disconnected:

if terminating{

NSApp.reply(toApplicationShouldTerminate:true)

connection.fetchLastDisconnectError{ errin

self.tunnelState=iflet err{

.failed(.internalError(err.localizedDescription))

import SwiftUI

Toggle(isOn: $settings.stopVPNOnQuit){

}.formStyle(.grouped)

privateletlogger=Logger(subsystem:Bundle.main.bundleIdentifier!, category:"VPNXPCInterface")

init(vpn:CoderVPNService){

svc= vpn

super.init()

func connect(){

guard xpc==nilelse{

letnetworkExtDict=Bundle.main.object(forInfoDictionaryKey:"NetworkExtension")as?[String:Any]

letxpcConn=NSXPCConnection(machServiceName: machServiceName!)

xpc= proxy

super.init()

xpcConn.exportedObject=self

xpcConn.invalidationHandler={[logger]in

logger.error("XPC connection invalidated.")

self.xpc=nil

xpcConn.interruptionHandler={[logger]in

logger.error("XPC connection interrupted.")

self.xpc=nil

xpcConn.resume()

func ping(){

xpc.ping{

xpc?.ping{

self.logger.info("Connected to NE over XPC")

func getPeerState(){

xpc?.getPeerState{ datain

self.svc.onExtensionPeerState(data)

func onPeerUpdate(_ data:Data){

svc.onExtensionPeerUpdate(data)

// Retrieves the current state of all peers,

// as required when starting the app whilst the network extension is already running

funcgetPeerInfo()asyncthrows(ManagerError)->Vpn_PeerUpdate{

funcgetPeerState()asyncthrows(ManagerError)->Vpn_PeerUpdate{

logger.info("sending peer state request")

func getPeerInfo(with reply:@escaping()->Void){

// TODO: Retrieve from Manager

func getPeerState(with reply:@escaping(Data?)->Void){

letreply=CallbackWrapper(reply)

letdata=try?await manager?.getPeerState().serializedData()

reply(data)

func ping(with reply:@escaping()->Void){

funcgetPeerInfo(with reply:@escaping()->Void)

funcgetPeerState(with reply:@escaping(Data?)->Void)

func ping(with reply:@escaping()->Void)