iOS traffic being blocked



  • Hi All.

    I wonder if anyone can help.

    I have stumbled across a very strange issue indeed. I seem to be having troubles browsing certain pages and using certain services on iOS on my clients network.

    For example, when we try browsing to apple.com it fails and we try opening apple store it fails. Also o365 in mail fails to connect and we cannot browse to outlook.office365.com. There are others but these are just examples.

    I have tested DNS this all resolves fine. I have tested this with a laptop and other mobile devices such as Android and they are fine. I have tested this with multiple brands of wireless access points and the issue remains. The client has a second gateway (draytek) on site so i pointed my ios device to use that gateway on a seperate ADSL line and everything works fine.

    I have copied the config and restored it to a spare device we have in the office with the same brand AP and i cannot replicate the issue. Bearing in mind its setup in a double NAT.

    One thing different is they have a leased line which has a cisco router from the provider.

    Router - XG-7100 1U
    AP - Draytek 710
    Line - Leased Line

    Thanks in advance.



  • I ran a packet collector that is available under diagnostics. It shows the packets of info going to a from apple's server and it negotiates the certificate so don't understand whats going wrong.

    I can post this here if that is helpful.



  • @dannyr1992 said in iOS traffic being blocked:

    browsing to apple.com

    IPv6 or MTU troubles ?
    I can access apple.com just fine using my iOS devices, using pfSense, some bare-bone Linksys AP's and an ISP router upfront.

    "Double NAT" isn't related here, because these connections are "from the outside (Internet) to the inside, your LAN's - and apple.com is never ever connecting to your iOS devices, it's the other way around.



  • Hi ,

    I believe it is MTU.

    Thanks for checking this. One thing i have enabled is
    "Clear invalid DF bits instead of dropping the packets" the reason for this users couldn't browse many websites , this was on PCs , phones etc. I am wondering if this is something that is causing problems with iphones.

    The double NAT i was referring too was my test lab not the clients network. I couldn't replicate the problem in my test lab using the same kit and config.

    i am puzzled but i bet it's something silly as tick box somewhere.