Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    IOS 6 IPSEC connects but no DNS lookup. iOS 5 was fine.

    IPsec
    4
    8
    6169
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      jonallport
      last edited by

      I know I'm quick off the mark and should've waited for 6.0.0.0.0.1, but…

      I've update my iPhone to iOS 6 and the following has manifested:

      • IPSEC VPN connects, banner shows etc.

      • Safari will connect to private hosts via IP

      • Safari will not connect to private hosts via name

      • Use 'SystemTools' app to test connection to a private host by DNS name & port - OK

      • Retry Safari with name - OK

      Has anyone else seen this (yet)?  iOS 5 was working without a problem, pfsense IPSEC settings have not been changed.

      Thanks in advance

      1 Reply Last reply Reply Quote 0
      • J
        jonallport
        last edited by

        PS. I know it's going to be an Apple issue, but this community will understand the technicalities a lot better than the 'Genius' at my local Apple Store, and you never know…

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          On the pfSense server config, are you pushing a DNS server to the clients?

          If you do a packet capture on the IPsec interface, do you even see it trying to do a DNS query?

          I have my iPod touch upgrading to iOS 6 right now, but I'm not sure when I'll have a moment to do a proper IPsec test on it.

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          1 Reply Last reply Reply Quote 0
          • J
            jonallport
            last edited by

            @jimp:

            I have my iPod touch upgrading to iOS 6 right now, but I'm not sure when I'll have a moment to do a proper IPsec test on it.

            Then you should be fine…

            UPDATE:

            WiFi works OK, it's just using cellular that this DNS thing occurs!

            DNS is being pushed to the client and it must be getting it because it will resolve (and cache by the looks of it) if I use that utility to ping or connect.

            Also WebSSH will connect - it's just Safari!

            1 Reply Last reply Reply Quote 0
            • J
              jonallport
              last edited by

              Looks like I'm not alone, and it's not a pfSense thing:

              https://discussions.apple.com/message/19663906#19663906

              Thanks to those who looked and replied - let's leave it to Apple….

              1 Reply Last reply Reply Quote 0
              • jimpJ
                jimp Rebel Alliance Developer Netgate
                last edited by

                Install Chrome from the app store, see if that works. If it does, ditch Safari and don't look back ;-)

                Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

                Need help fast? Netgate Global Support!

                Do not Chat/PM for help!

                1 Reply Last reply Reply Quote 0
                • M
                  McFuzz
                  last edited by

                  Hrm - I can't seem to get it to work period. Whether I use my local DNS server (my firewall that is), or 8.8.8.8/8.8.4.4 - nothing seems to work. I cannot resolve domain names whether using ATT cell signal or a wifi connection…

                  Update: got external domains to work by enabling "Provide a list of accessible networks to clients" - this essentially bypasses the tunnel though...

                  Internal domains are still not resolving... (which is not that big of a deal actually).

                  Update 2: Same problem when creating a VPN connection on my macbook... cannot resolve internal hostnames (but IP addresses work fine)e

                  Update 3: Annnnd same failure on a PC running Shrew...

                  1 Reply Last reply Reply Quote 0
                  • B
                    ballerh3
                    last edited by

                    Using 2.1-Beta1 (i386) built on Sun Dec 30 22:21:30 EST 2012

                    The following settings worked for me to allow access to my internal networks
                    by name or ip and still be able to browse the web or other networks.

                    Mobile clients tab:

                    I made sure I had "Provide a list of accessible networks to clients" is checked.

                    Tunnels tab:

                    I had to create three phase 2 and then add the following in each Local Network.
                    Network Type: 10.0.0.0/8
                    Network Type: 172.16.0.0/12
                    Network Type: 192.168.0.0/16

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post