iOS 9.3 VPN On Demand ignores RequiredDNSServers

Question

We have an app which works well on iOS 9.2, it use the feature "RequiredDNSServers" of VPN On Demand. But when upgrade to 9.3 (9.3 all versions, including 9.3.2 beta 4), VPN On Demand just ignore "RequiredDNSServers". We submiited a bug to apple and got response that "There is nothing Developer Technical Support can help, you should connect general VPN support which is supported by AppleCare". I am using the same mobile configuration on iOS 9.2 and iOS 9.3 but get totally opposite result. But the document didn't indicate they have made API change. As far as I know, it should be a bug instead of a isse AppleCare can handle.

I'm asking this question hoping to get some advice which apple department I should asking for help? Our app really heavily depends on this API.

Here is some code snippet of our mobile configuation.

Expected result:

When loading google.com, it should first check 8.8.8.8 for DNS result.

Actual result:

It will not request 8.8.8.8 for DNS result and will start VPN connection immediately.

<key>OnDemandEnabled</key> 
   <integer>1</integer> 
  <key>OnDemandRules</key> 
   <array> 
     <dict> 
       <key>Action</key> 
         <string>EvaluateConnection</string> 
       <key>InterfaceTypeMatch</key> 
        <string>Wifi</string> 
       <key>ActionParameters</key> 
         <array> 
           <dict> 
             <key>Domains</key> 
               <array> 
                 <string>www.google.com</string> 
               </array> 
             <key>RequiredDNSServers</key> 
               <array> 
                 <string>8.8.8.8</string> 
               </array>                
             <key>DomainAction</key> 
               <string>ConnectIfNeeded</string> 
           </dict> 
         </array> 
     </dict> 
   </array>

Network

997

Posted by

dollar

Reply

Add a Comment

Answer 1

If you think it’s a bug, file a bug report about it. Please post your bug number, just for the record.

For help working around bugs, you have two general options:

If the bug involves an API, you can open a DTS tech support incident.
If not, you should contact AppleCare.

My understanding is that this problem is reproducible when you set up VPN using a configuration profile. If so, that falls into AppleCare’s domain.

Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Posted by

eskimo

Add a Comment

Answer 2

Thanks for your reponse.

I'm contacting AppleCare, and AppleCare suggest me to apple feedback to submit a bug😢. I'm afraid the bug submitted here is not going to AppleCare.

http://www.apple.com/feedback/

Posted by

dollar

Add a Comment

Answer 3

When I contact AppleCare for help regarding similar issues with VPN configuration profiles, I have been told that AppleCare does not provide support for them.

Posted by

tsfrank

Add a Comment

Answer 4

Hello, We've been told AppleCare didn't handle VPN configuration issue. Could you help to suggest another way if possible?

Posted by

dollar

Add a Comment

Answer 5

I talked with AppleCare today again, They knew nothing about VPN configuration file!

Posted by

dollar

Add a Comment

Answer 6

Has there ever been a fix for this? I am on iOS 14 and am experiencing exactly the same problem. If it doesn't work, why does it still exist on the official Apple Documents?

Posted by

marcandre

Add a Comment

Answer 7

A few things to check when debugging this type of situation:

1) Are matching the Domains that you have specified to be directed to your DNS servers?
2) If (1) is true, are you sure this traffic is being handled by the Packet Tunnel?
3) If you remove all other NEOnDemandRule's and just test with dnsSearchDomainMatch, do you experience the same issue?

Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com

Posted by

meaton

Add a Comment

iOS 9.3 VPN On Demand ignores RequiredDNSServers

Replies