diff --git a/swift/apple/FirezoneNetworkExtension/Adapter.swift b/swift/apple/FirezoneNetworkExtension/Adapter.swift
index d8aceb94f..a44712770 100644
--- a/swift/apple/FirezoneNetworkExtension/Adapter.swift
+++ b/swift/apple/FirezoneNetworkExtension/Adapter.swift
@@ -53,6 +53,9 @@ class Adapter: @unchecked Sendable {
   /// Packet tunnel provider.
   private weak var packetTunnelProvider: PacketTunnelProvider?
 
+  /// Start completion handler, used to signal to the system the interface is ready to use.
+  private var startCompletionHandler: (Error?) -> Void
+
   /// Network routes monitor.
   private var networkMonitor: NWPathMonitor?
 
@@ -155,7 +158,8 @@ class Adapter: @unchecked Sendable {
     logFilter: String,
     accountSlug: String,
     internetResourceEnabled: Bool,
-    packetTunnelProvider: PacketTunnelProvider
+    packetTunnelProvider: PacketTunnelProvider,
+    startCompletionHandler: @escaping (Error?) -> Void
   ) {
     self.apiURL = apiURL
     self.token = token
@@ -164,6 +168,7 @@ class Adapter: @unchecked Sendable {
     self.accountSlug = accountSlug
     self.internetResourceEnabled = internetResourceEnabled
     self.packetTunnelProvider = packetTunnelProvider
+    self.startCompletionHandler = startCompletionHandler
   }
 
   // Could happen abruptly if the process is killed.
@@ -342,6 +347,8 @@ class Adapter: @unchecked Sendable {
       let ipv4, let ipv6, let dns, let searchDomain, let ipv4Routes, let ipv6Routes):
       Log.log("Received TunInterfaceUpdated event")
 
+      let firstStart = self.networkSettings == nil
+
       // Convert UniFFI types to NetworkExtension types
       let routes4 = ipv4Routes.compactMap { cidr in
         NetworkSettings.Cidr(address: cidr.address, prefix: Int(cidr.prefix)).asNEIPv4Route
@@ -367,7 +374,11 @@ class Adapter: @unchecked Sendable {
       networkSettings.setSearchDomain(domain: searchDomain)
       self.networkSettings = networkSettings
 
-      networkSettings.apply()
+      networkSettings.apply {
+        if firstStart {
+          self.startCompletionHandler(nil)
+        }
+      }
 
     case .resourcesUpdated(let resourceList):
       Log.log("Received ResourcesUpdated event with \(resourceList.count) resources")
diff --git a/swift/apple/FirezoneNetworkExtension/PacketTunnelProvider.swift b/swift/apple/FirezoneNetworkExtension/PacketTunnelProvider.swift
index b3dfd85dc..a09659e3a 100644
--- a/swift/apple/FirezoneNetworkExtension/PacketTunnelProvider.swift
+++ b/swift/apple/FirezoneNetworkExtension/PacketTunnelProvider.swift
@@ -114,7 +114,8 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
         logFilter: logFilter,
         accountSlug: accountSlug,
         internetResourceEnabled: internetResourceEnabled,
-        packetTunnelProvider: self
+        packetTunnelProvider: self,
+        startCompletionHandler: completionHandler
       )
 
       // Start the adapter
@@ -122,10 +123,6 @@ class PacketTunnelProvider: NEPacketTunnelProvider {
 
       self.adapter = adapter
 
-      // Tell the system the tunnel is up, moving the tunnel manager status to
-      // `connected`.
-      completionHandler(nil)
-
     } catch {
 
       Log.error(error)