IPSec VPN not working under iOS 9 Beta

Hello everyone:


I think I have found a pretty serious bug in the iOS 9 Public Beta:


At home I have a router provided by my ISP. Because I want to use my Fortigate firewall, I have to set up my firewall with the WAN in the private network provided to me by the ISP, with my network behind it. I have my ISP router forwarding everything (DMZ) to my firewall. This is, more or less, completely transparent, as I can forward ports and create VPN connections directly on my Fortigate without touching anything else on the ISP router.


My iPad, running iOS 8.4, works just fine using the same exact connection parameters. I can dial in via IPSec and access my home network or the internet via VPN. However, when I connect with my iPhone running the latest iOS 9 public beta, the connection comes up, but I cannot pass any traffic. More specifically, traffic leaves the iPhone, arrives at the firewall, is forwarded to the destination, comes back to the firewall, is reencrypted and sent back to the iPhone, then nothing.


I think it has something to do with NAT Traversal. With standard IPSec, UDP port 500 is used. If the protocol detects NAT in the middle, it will switch to port 4500. I think the iPhone understands how to build a connection with NAT in the middle, but when the packets arrive, something happens and the iPhone forgets about NAT Traversal, dropping the packets. It's the only thing I can think of.


Is there any way to directly contact Apple with this issue without going through the low-level "have you tried rebooting your phone" guys first?

Replies

You should file a bug about this, then post your bug number, just for the record.

Share and Enjoy

Quinn "The Eskimo!"
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

Same Problem here.

IPSEC VPN is offered by an FritzBox. Ipsec Configuration is done manual over the iOS build-in VPN client.


iPad Air 2 with public Beta --> VPN connection comes up, but no traffic is possible.


iPhone 6 Plus with iOS 8 latest version was working fine, after update to iOS 9 public beta the same problem as on the iPad.


Best Regards

Matthias

Thanks Matthias.


I also have a Fritzbox (in front of my usual Fortigate firewall) and I tried setting up the VPN connection there. Seems like the same issue. Connection comes up fine, but traffic disappears.


So it's manufacturer independent (in fact, both manufacturers have automatic templates for iOS devices that generally work very well). I'll take Quinn's advice and open up a ticket.


The keynote is today, but maybe they can fix this bug before official release 😉

22627532 Bug report was submitted successfully.


Hopefully they can come up with a solution. If they drop the final version tonight or in the next week or so without fixing the bug, there's going to be a major sh!tstorm 😝

Same problem here, connecting to my Router - iPhone and Router say everythings fine - but no traffic possible. On Devices with iOS8.4 no problem. When connecting to "VPN Unlimited"-Servers, it works fine.

Already opened a case (#1099761) - i hope they will manage - cause if this bug spreads with the release...i don't want to know...

Hi Paddy, did you open a bug or a ticket? I opened a bug and I'm afraid that's gonna get shuffled to the bottom. If you opened up a ticket, let me know where you did so I can do the same.


What kind of Router are you connecting to, by the way?

Nothing has changed under the 9.1 beta. Oh boy.

Same issue here, everything still worked up to 9.0 beta 4 and was broken in beta 5.

I haven't updated to 9.1 public beta yet.

I will do this now, but I assume that I shouldn't raise my hopes.


Do you have any news from your bug reports?


>> Edit: it seems that removing the profile and restarting the phone fixes the issue for us.

Unfortunately that didn't help me. Deleted my VPN and also the VPN profile added by Hide My ***, restarted the phone several times, no dice.

Currently on 9.1 Beta. Will completeley wipe my phone tomorrow when iOS 9 is officially released and see if it's been fixed.

With iOS 9 official version there is still the same problem on iPhone (6+) and iPad (air2).

VPN Connection comes up, but no traffic is possible.


I removed the VPN configuration an created the connection totaly new - nothing changed.

thats sad...


What is about the status of the ticket (22627532 Bug report)? some news?


Best regards

Matthias

Hi,


I can confirm that the situation has not changed. I completely restored my phone from the 9.1 Beta to 9.0 Public and the VPN connection still does not pass any traffic. As part of the restore, I had to set my phone up as a completely new device, so that eliminates any possibility of old configuration that may have snuck its way back in.


Last night I got a message from Apple on my bug report, they wanted to know if the issue had been resolved with the 9.0 GM seed. I told them everything I wrote above. No answer yet.

Same issue here with iOS 9.0, IPsec and Fritzbox.


Filed bug #22759427


Cheers,

Markus

Oh boy... could it be the FritzBox? I don't see how it could be messing with iOS 9 specifically, though. iOS 8 works just fine, and NATting packets isn't black magic.

I was phoning and trying to solve with AVM - they are seriously concerned after they had found out that there's more people than me...

But we couldn't find a real hint. They set up a box in Berlin, i could connect via iOS9.1.

The other way around - from AVM-Berlin to my box - the same issue - tunnel established - no traffic.

Maybe there is a NAT-Problem, or Apple modified the IPSec in a way, that not every provider's infrastructure can manage....

AVM is not able to find out, cause the traffic in the tunnel is encoded and there is no way to find out what is happening when the tunnel is being established but no traffic gets through it.

I am in straight contact to a supporter in Berlin - i hope we will find out.

As long as this problem occurs, i will keep my iOS8.4.1 on my iPhone. Otherwise my flat will be cold, the alarm-system cannot be managed, etc......


My Configuration: Fritzbox6490 Cable - Unitymedia. / iPhone 6Plus 8.4.1 / iPadmini2 iOS9.1 / iPad Air1 iOS9.0

Hi Paddy,


I also have the FritzBox 6490 from Unitymedia. Maybe it's an issue with this particular box? Maybe they used a different box for your test, maybe that's why it worked?