IOS 6 IPSEC connects but no DNS lookup. iOS 5 was fine.



  • I know I'm quick off the mark and should've waited for 6.0.0.0.0.1, but…

    I've update my iPhone to iOS 6 and the following has manifested:

    • IPSEC VPN connects, banner shows etc.

    • Safari will connect to private hosts via IP

    • Safari will not connect to private hosts via name

    • Use 'SystemTools' app to test connection to a private host by DNS name & port - OK

    • Retry Safari with name - OK

    Has anyone else seen this (yet)?  iOS 5 was working without a problem, pfsense IPSEC settings have not been changed.

    Thanks in advance



  • PS. I know it's going to be an Apple issue, but this community will understand the technicalities a lot better than the 'Genius' at my local Apple Store, and you never know…


  • Rebel Alliance Developer Netgate

    On the pfSense server config, are you pushing a DNS server to the clients?

    If you do a packet capture on the IPsec interface, do you even see it trying to do a DNS query?

    I have my iPod touch upgrading to iOS 6 right now, but I'm not sure when I'll have a moment to do a proper IPsec test on it.



  • @jimp:

    I have my iPod touch upgrading to iOS 6 right now, but I'm not sure when I'll have a moment to do a proper IPsec test on it.

    Then you should be fine…

    UPDATE:

    WiFi works OK, it's just using cellular that this DNS thing occurs!

    DNS is being pushed to the client and it must be getting it because it will resolve (and cache by the looks of it) if I use that utility to ping or connect.

    Also WebSSH will connect - it's just Safari!



  • Looks like I'm not alone, and it's not a pfSense thing:

    https://discussions.apple.com/message/19663906#19663906

    Thanks to those who looked and replied - let's leave it to Apple….


  • Rebel Alliance Developer Netgate

    Install Chrome from the app store, see if that works. If it does, ditch Safari and don't look back ;-)



  • Hrm - I can't seem to get it to work period. Whether I use my local DNS server (my firewall that is), or 8.8.8.8/8.8.4.4 - nothing seems to work. I cannot resolve domain names whether using ATT cell signal or a wifi connection…

    Update: got external domains to work by enabling "Provide a list of accessible networks to clients" - this essentially bypasses the tunnel though...

    Internal domains are still not resolving... (which is not that big of a deal actually).

    Update 2: Same problem when creating a VPN connection on my macbook... cannot resolve internal hostnames (but IP addresses work fine)e

    Update 3: Annnnd same failure on a PC running Shrew...



  • Using 2.1-Beta1 (i386) built on Sun Dec 30 22:21:30 EST 2012

    The following settings worked for me to allow access to my internal networks
    by name or ip and still be able to browse the web or other networks.

    Mobile clients tab:

    I made sure I had "Provide a list of accessible networks to clients" is checked.

    Tunnels tab:

    I had to create three phase 2 and then add the following in each Local Network.
    Network Type: 10.0.0.0/8
    Network Type: 172.16.0.0/12
    Network Type: 192.168.0.0/16


Locked