Problem with iPhone VPN DNS
Hi,
some infos: USG Flex 200, firmware V5.36(ABUI.2)
VPN is configured for Apple iPhones, connect to our lokal on prem Exchange via IP works fine. It is configured on the iPhones with the Apple VPN with certificates. Everything works.
We have a server 2019 with CAS Genesisworld Software. We can access it with the iPhone app via VPN when configuring the iPhone app with IP adress.
I configure all necessary settings in the Zyxel, to use it with FQDN name resolution. I push our internal DNS IP to the WLAN. When connected to WLAN it works.
I configured a payload in Zyxel VPN with our internal DNS and a dns entry in Zyxel DNS, FQDN from the server to internal IP. Additional policies to reach internal dns are configured.
I disconnect WLan and try to connect via G5/LTE, it doesnot work. The app always says, i cannot connect to the server, and i get a certificate warning, but the certificate is from our provider, where our external site is hosted. The iPhone always takes the external domain first, not our internal dns. The external domain is like "example.de", the internal is "ad.example.de". I think, this is a Apple problem, but maybe i have to configure some more settings in the Zyxel.
Best Answers
-
Hi @Wollmaus ,
Thank your files. This is iPhone limitiation.
DNS from VPN won't be applied if you have split tunnel.
Please kindly use Full tunnel (change local policy to ANY) and check if everything is well.
Thank you
0 -
Hi,
to accomplish this:
CAS Support seeams to know about the problem, a new CAS App with a little bit older server version. They think, its a problem with a cached redirect…
I will use port 80 for this app in future, the iphones connect via VPN to our system, so there is no security risks.
i have configured a second VPN for our iphones, because i always had this strange 8 minute problem with Apple VPN, the VPN is always disconnected after 8 minutes. I take L2TP VPN and it works fine without disconnects.
so once more, many thanks
0
All Replies
-
Hi @Wollmaus ,
Greeting Forum, Please share your configuration file by private meesage.
And describe what's IP addresss should be resolved in internal
Thank you
0 -
Hi @Wollmaus ,
Thank your files. This is iPhone limitiation.
DNS from VPN won't be applied if you have split tunnel.
Please kindly use Full tunnel (change local policy to ANY) and check if everything is well.
Thank you
0 -
Hi,
i changed the local policy settings to "any" (had to configure 0.0.0.0/0 for this first). DNS queries now goes to the internal DNS server. But now the CAS app wants to connect to port 80, though SSL 443 is configured in the app (can see it in the logfiles). I will ask our CAS supporter for this.
Many thanks
0 -
Hi,
to accomplish this:
CAS Support seeams to know about the problem, a new CAS App with a little bit older server version. They think, its a problem with a cached redirect…
I will use port 80 for this app in future, the iphones connect via VPN to our system, so there is no security risks.
i have configured a second VPN for our iphones, because i always had this strange 8 minute problem with Apple VPN, the VPN is always disconnected after 8 minutes. I take L2TP VPN and it works fine without disconnects.
so once more, many thanks
0 -
I also had the same problem on my iphone xs. It's great that I was able to use it, Tonos123, Toque123
0
Categories
- All Categories
- 415 Beta Program
- 2.4K Nebula
- 149 Nebula Ideas
- 96 Nebula Status and Incidents
- 5.7K Security
- 263 USG FLEX H Series
- 271 Security Ideas
- 1.4K Switch
- 74 Switch Ideas
- 1.1K Wireless
- 40 Wireless Ideas
- 6.4K Consumer Product
- 249 Service & License
- 387 News and Release
- 84 Security Advisories
- 29 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.5K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 73 Security Highlight