User Profile

Since upgrading to iOS 16, I've been having issues with mobile data when using an L3 VPN with Network Extension APIs. The remote address provided by my carrier is a mapped IPv6 IP (64:ff9b::e61:6f0), but we've had problems with mapped IPs in the past and have been using the next available IPv4 IP from the DNS response instead. This has been working fine until now. However, with iOS 16, any TCP connection going to the gateway fails once the VPN is up. After analyzing a TCP dump, I noticed that the client is sending the initial SYN packet, and the server responds with SYN+ACK, but the client is not sending the final ACK in the 3-way handshake and instead sends an RST packet. I've found that using the mapped IP to connect with the server resolves the issue, but I'm concerned about the possibility of reintroducing previous bugs. My question is: what is the best way to handle mapped (WKP) IPs in this situation? Note: I've tried excluding the gateway IP's explicitly in the network setting, problem persists.

Hi, Network extension crashes when we set network settings with 2048 IPv6 routes. We have been using 1024 IPv4 and IPv6 routes without any problem however when we try to increase the size to 2048 routes, Network extension crashes saying "memory limit exceeded". Is it not possible to configure 2048 routes on iOS? Is there any workaround? Thanks in advance. Meera Mohideen

If we set default IPV6 includedRoutes and configure IPV4 with some valid routes, now all the IPV4 traffics are tunnelled.Sample NETunnelNetworkSettings Info:{ tunnelRemoteAddress = 14.143.66.7 DNSSettings = { server = ( 10.209.112.2, ) searchDomains = ( ) matchDomains = ( ) matchDomainsNoSearch = NO } IPv4Settings = { configMethod = PPP addresses = ( 10.209.125.38, ) subnetMasks = ( 255.255.255.255, ) includedRoutes = ( { destinationAddress = 10.209.116.143 destinationSubnetMask = 255.255.255.255 }, { destinationAddress = 10.209.125.82 destinationSubnetMask = 255.255.255.255 }, ) overridePrimary = NO } IPv6Settings = { configMethod = automatic addresses = ( fc00:1111:5678:5678::2101, ) networkPrefixLengths = ( 64, ) includedRoutes = ( { destinationAddress = :: destinationNetworkPrefixLength = 0 }, ) } MTU = 1300}Steps to Reproduce:1. Configure split tunnel resource, set default includedRoutes for IPV6 (i.e ::) and valid includedRoutes for IPV4 (i.e 10.209.116.143).2. Connect VPN .3. Try access the any non defined IPV4 split tunnel resource and observe the traffic is tunnelled.Expected Results:Only defined IPV4 includedRoutes should be tunnelled.Actual Results:All IPV4 traffics are tunnelled.Is this the expected behaviour? If so any workaround for this?

Hello,Network extension call stopTunnelWithReason: method randomly with reason NEProviderStopReasonConfigurationDisabled. Not sure why configuration get disabled after few hours of successful connection. It keeps happening every few hours. It happens at customer place, we are not able to simulate it in our lab, so any help regarding this would be really appreciated.Set up details:L3 connectionUser initiated VPNThanks,Meera

Hi,On iOS 13 when we evaluate the trust for self signed certificates it throws kSecTrustResultRecoverableTrustFailure however same url loads fine on Safari. And It seems to be happening only with third party apps, I've tested with my app and also using Chrome browser It throws "Connection is not private" error in both the apps but Safari loads the url properly. Is this a Bug on iOS 13?Note: Public certificates works fine. I do not observe the same error on iOS 12.Regards,Meera Mohideen

Hi,Is it possible to acheive FQDN based split tunnelling on iOS using packet tunnel? I'm thinking of capturing DNS responses and update tunnel network settings (include / exclude) route at runtime? Would this solution work?Thanks.