2 files changed, 42 insertions, 13 deletions

diff --git a/WireGuard/WireGuardNetworkExtension/ErrorNotifier.swift b/WireGuard/WireGuardNetworkExtension/ErrorNotifier.swift
index 163535a..c392233 100644
--- a/WireGuard/WireGuardNetworkExtension/ErrorNotifier.swift
+++ b/WireGuard/WireGuardNetworkExtension/ErrorNotifier.swift
@@ -4,7 +4,17 @@
 import NetworkExtension
 
 class ErrorNotifier {
-    static func errorMessage(for error: PacketTunnelProviderError) -> (String, String)? {
+
+    let activationAttemptId: String?
+    weak var tunnelProvider: NEPacketTunnelProvider?
+
+    init(activationAttemptId: String?, tunnelProvider: NEPacketTunnelProvider) {
+        self.activationAttemptId = activationAttemptId
+        self.tunnelProvider = tunnelProvider
+        ErrorNotifier.removeLastErrorFile()
+    }
+
+    func errorMessage(for error: PacketTunnelProviderError) -> (String, String)? {
         switch error {
         case .savedProtocolConfigurationIsInvalid:
             return ("Activation failure", "Could not retrieve tunnel information from the saved configuration")
@@ -17,9 +27,24 @@ class ErrorNotifier {
         }
     }
 
-    static func notify(_ error: PacketTunnelProviderError, from tunnelProvider: NEPacketTunnelProvider) {
-        guard let (title, message) = ErrorNotifier.errorMessage(for: error) else { return }
-        // displayMessage() is deprecated, but there's no better alternative to show the error to the user
-        tunnelProvider.displayMessage("\(title): \(message)") { _ in }
+    func notify(_ error: PacketTunnelProviderError) {
+        guard let (title, message) = errorMessage(for: error) else { return }
+        if let activationAttemptId = activationAttemptId, let lastErrorFilePath = FileManager.networkExtensionLastErrorFileURL?.path {
+            // The tunnel was started from the app
+            let errorMessageData = "\(activationAttemptId)\n\(title)\n\(message)".data(using: .utf8)
+            FileManager.default.createFile(atPath: lastErrorFilePath, contents: errorMessageData, attributes: nil)
+        } else {
+            // The tunnel was probably started from iOS Settings app
+            if let tunnelProvider = self.tunnelProvider {
+                // displayMessage() is deprecated, but there's no better alternative if invoked from iOS Settings
+                tunnelProvider.displayMessage("\(title): \(message)") { _ in }
+            }
+        }
+    }
+
+    static func removeLastErrorFile() {
+        if let lastErrorFileURL = FileManager.networkExtensionLastErrorFileURL {
+            _ = FileManager.deleteFile(at: lastErrorFileURL)
+        }
     }
 }
diff --git a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
index f2fa269..559c7c2 100644
--- a/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
+++ b/WireGuard/WireGuardNetworkExtension/PacketTunnelProvider.swift
@@ -28,21 +28,23 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         networkMonitor?.cancel()
     }
 
-    /// Begin the process of establishing the tunnel.
     override func startTunnel(options: [String: NSObject]?, completionHandler startTunnelCompletionHandler: @escaping (Error?) -> Void) {
 
+        let activationAttemptId = options?["activationAttemptId"] as? String
+        let errorNotifier = ErrorNotifier(activationAttemptId: activationAttemptId, tunnelProvider: self)
+
         guard let tunnelProviderProtocol = self.protocolConfiguration as? NETunnelProviderProtocol,
             let tunnelConfiguration = tunnelProviderProtocol.tunnelConfiguration() else {
-                ErrorNotifier.notify(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid, from: self)
+                errorNotifier.notify(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
                 startTunnelCompletionHandler(PacketTunnelProviderError.savedProtocolConfigurationIsInvalid)
                 return
         }
 
-        startTunnel(with: tunnelConfiguration, completionHandler: startTunnelCompletionHandler)
+        startTunnel(with: tunnelConfiguration, errorNotifier: errorNotifier, completionHandler: startTunnelCompletionHandler)
     }
 
     //swiftlint:disable:next function_body_length
-    func startTunnel(with tunnelConfiguration: TunnelConfiguration, completionHandler startTunnelCompletionHandler: @escaping (Error?) -> Void) {
+    func startTunnel(with tunnelConfiguration: TunnelConfiguration, errorNotifier: ErrorNotifier, completionHandler startTunnelCompletionHandler: @escaping (Error?) -> Void) {
 
         configureLogger()
 
@@ -55,7 +57,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         } catch DNSResolverError.dnsResolutionFailed(let hostnames) {
             wg_log(.error, staticMessage: "Starting tunnel failed: DNS resolution failure")
             wg_log(.error, message: "Hostnames for which DNS resolution failed: \(hostnames.joined(separator: ", "))")
-            ErrorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure(hostnames: hostnames), from: self)
+            errorNotifier.notify(PacketTunnelProviderError.dnsResolutionFailure(hostnames: hostnames))
             startTunnelCompletionHandler(PacketTunnelProviderError.dnsResolutionFailure(hostnames: hostnames))
             return
         } catch {
@@ -73,7 +75,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         let fileDescriptor = packetFlow.value(forKeyPath: "socket.fileDescriptor") as! Int32 //swiftlint:disable:this force_cast
         if fileDescriptor < 0 {
             wg_log(.error, staticMessage: "Starting tunnel failed: Could not determine file descriptor")
-            ErrorNotifier.notify(PacketTunnelProviderError.couldNotStartWireGuard, from: self)
+            errorNotifier.notify(PacketTunnelProviderError.couldNotStartWireGuard)
             startTunnelCompletionHandler(PacketTunnelProviderError.couldNotStartWireGuard)
             return
         }
@@ -101,7 +103,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
 
         if handle < 0 {
             wg_log(.error, staticMessage: "Starting tunnel failed: Could not start WireGuard")
-            ErrorNotifier.notify(PacketTunnelProviderError.couldNotStartWireGuard, from: self)
+            errorNotifier.notify(PacketTunnelProviderError.couldNotStartWireGuard)
             startTunnelCompletionHandler(PacketTunnelProviderError.couldNotStartWireGuard)
             return
         }
@@ -115,7 +117,7 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
             if let error = error {
                 wg_log(.error, staticMessage: "Starting tunnel failed: Error setting network settings.")
                 wg_log(.error, message: "Error from setTunnelNetworkSettings: \(error.localizedDescription)")
-                ErrorNotifier.notify(PacketTunnelProviderError.coultNotSetNetworkSettings, from: self)
+                errorNotifier.notify(PacketTunnelProviderError.coultNotSetNetworkSettings)
                 startTunnelCompletionHandler(PacketTunnelProviderError.coultNotSetNetworkSettings)
             } else {
                 startTunnelCompletionHandler(nil /* No errors */)
@@ -128,6 +130,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         networkMonitor?.cancel()
         networkMonitor = nil
 
+        ErrorNotifier.removeLastErrorFile()
+
         wg_log(.info, staticMessage: "Stopping tunnel")
         if let handle = wgHandle {
             wgTurnOff(handle)