Problem with iPhone VPN DNS

Options

Hi,

some infos: USG Flex 200, firmware V5.36(ABUI.2)

VPN is configured for Apple iPhones, connect to our lokal on prem Exchange via IP works fine. It is configured on the iPhones with the Apple VPN with certificates. Everything works.

We have a server 2019 with CAS Genesisworld Software. We can access it with the iPhone app via VPN when configuring the iPhone app with IP adress.

I configure all necessary settings in the Zyxel, to use it with FQDN name resolution. I push our internal DNS IP to the WLAN. When connected to WLAN it works.

I configured a payload in Zyxel VPN with our internal DNS and a dns entry in Zyxel DNS, FQDN from the server to internal IP. Additional policies to reach internal dns are configured.

I disconnect WLan and try to connect via G5/LTE, it doesnot work. The app always says, i cannot connect to the server, and i get a certificate warning, but the certificate is from our provider, where our external site is hosted. The iPhone always takes the external domain first, not our internal dns. The external domain is like "example.de", the internal is "ad.example.de". I think, this is a Apple problem, but maybe i have to configure some more settings in the Zyxel.

Best Answers

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 798  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2023 Answer ✓
    Options

    Hi @Wollmaus ,

    Thank your files. This is iPhone limitiation.

    DNS from VPN won't be applied if you have split tunnel.

    Please kindly use Full tunnel (change local policy to ANY) and check if everything is well.

    Thank you

  • Wollmaus
    Wollmaus Posts: 3
    First Comment
    Answer ✓
    Options

    Hi,

    to accomplish this:

    CAS Support seeams to know about the problem, a new CAS App with a little bit older server version. They think, its a problem with a cached redirect…

    I will use port 80 for this app in future, the iphones connect via VPN to our system, so there is no security risks.

    i have configured a second VPN for our iphones, because i always had this strange 8 minute problem with Apple VPN, the VPN is always disconnected after 8 minutes. I take L2TP VPN and it works fine without disconnects.

    so once more, many thanks

All Replies

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 798  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    Options

    Hi @Wollmaus ,

    Greeting Forum, Please share your configuration file by private meesage.

    And describe what's IP addresss should be resolved in internal

    Thank you

  • Zyxel_Kevin
    Zyxel_Kevin Posts: 798  Zyxel Employee
    First Anniversary 10 Comments Friend Collector First Answer
    edited July 2023 Answer ✓
    Options

    Hi @Wollmaus ,

    Thank your files. This is iPhone limitiation.

    DNS from VPN won't be applied if you have split tunnel.

    Please kindly use Full tunnel (change local policy to ANY) and check if everything is well.

    Thank you

  • Wollmaus
    Wollmaus Posts: 3
    First Comment
    Options

    Hi,

    i changed the local policy settings to "any" (had to configure 0.0.0.0/0 for this first). DNS queries now goes to the internal DNS server. But now the CAS app wants to connect to port 80, though SSL 443 is configured in the app (can see it in the logfiles). I will ask our CAS supporter for this.

    Many thanks

  • Wollmaus
    Wollmaus Posts: 3
    First Comment
    Answer ✓
    Options

    Hi,

    to accomplish this:

    CAS Support seeams to know about the problem, a new CAS App with a little bit older server version. They think, its a problem with a cached redirect…

    I will use port 80 for this app in future, the iphones connect via VPN to our system, so there is no security risks.

    i have configured a second VPN for our iphones, because i always had this strange 8 minute problem with Apple VPN, the VPN is always disconnected after 8 minutes. I take L2TP VPN and it works fine without disconnects.

    so once more, many thanks

  • benmaxky
    Options

    I also had the same problem on my iphone xs. It's great that I was able to use it, Tonos123, Toque123

Security Highlight