iOS 13: Not receiving a UDP-encapsulated ESP frame via recvfrom()

Hello,


we're facing a problem in iOS 13. We have a VPN tunnel provider that uses IKE/IPsec to establish a VPN connection. The communication is done via BSD socket API. Before iOS 13, everything worked fine.


However, after the update (and still with 13.1 Beta4), some devices don't receive incoming UDP-encapsulated ESP frames. Other IKE frames that have the same src/dst IP and port number are received. Wireshark/tcpdump on the virtual rci0 device show the incoming frames, however, the recvfrom system call in the application doesn't get it.


Any ideas what is going wrong here?


Regards,

Bernhard

Accepted Reply

Someone, not sure if it was bwalle or not, opened a DTS tech support incident about this, and we ended it up determining that it was a bug (r. 55220057). If I’m reading it right, the fix should be in the just-released iOS 13.2b2 (17B5068e). Please test it there and let us know how you get along.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Replies

We also appear to be facing this same problem. It seems device specific and more strangely maybe even carrier specific. Does anyone have any other information about this issue?


Regards,

-Tim

Someone, not sure if it was bwalle or not, opened a DTS tech support incident about this, and we ended it up determining that it was a bug (r. 55220057). If I’m reading it right, the fix should be in the just-released iOS 13.2b2 (17B5068e). Please test it there and let us know how you get along.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

This does seem to fix that issue. Is there a scheduled release date for iOS 13.2? Thank you very much!

This does seem to fix that issue.

Yay!

Is there a scheduled release date for iOS 13.2?

Not one that’s been publicly announced.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Yes this was me. 🙂 As workaround you can try to disable VoLTE, at least that fixed the issue here.

We tested our VPN application with iOS 13.2 and we can confirm that IPSEC traffic now flows with tunnel provider.


Thanks apple for fixing this annoying bug.

How is the bug caused?

I did not see a description of the bug and a description of the fix in any release notes.

(https://developer.apple.com/documentation/ios_ipados_release_notes/ios_ipados_13_2_release_notes)(https://developer.apple.com/documentation/xcode_release_notes/xcode_11_3_beta_release_notes).

could you provide me a link?

I did not see a description of the bug and a description of the fix in any release notes.

That’s not uncommon. Things only make it into the release notes if they affect a wide range of developers, and that’s not the case here (which is not to downplay the importance of this bug for those who were affected by it).

How is the bug caused?

What sort of information are you looking for here? The symptoms of the bug are as described in the very first post. What else do you need?

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"