17 Replies
      Latest reply on Jul 18, 2016 11:58 AM by futuremind
      futuremind Level 1 Level 1 (0 points)

        Hello,

         

        I'm experiencing some problems related to a bug present in all iOS 9.3 betas (including beta 7). I have submitted a bug report to Apple, but there's no response so far, so I've decided to post it here and ask if anyone else got affected by this. I'm also counting that maybe someone from Apple will see this information. It's important for me, because, if not fixed, it will cause some of my apps to stop working properly, and it seems there's no way around it.

         

        More information about the bug:

         

        For VPN OnDemand connection profile ("ConnectIfNeeded"), when the VPN should be triggered for specified list of domains ("matchDomains") with additional condition set via "useDNSServers", the connection to VPN is being triggered even when DNS servers return a proper result. It appears that iOS 9.3 ignores the fact that the useDNSServers is specified and triggers the VPN without checking the DNS.

         

        Steps to Reproduce: Create and install a NEVPNManager object instance configured this way (below a print of NEVPNManager configuration):

         

        action = evaluate-connection
        interfaceTypeMatch = any
        connectionRules = (
             {
                  action = connect-if-needed
                  matchDomains = (
                       internal.vpn,
                  )
                  useDNSServers = (
                       10.10.22.1,
                       10.10.23.1,
                  )
             },
        )
        
        
        


        Expected Results:

        When connecting to "test.internal.vpn" in Safari or any third party app, because the DNS servers 10.10.22.1 and 10.10.23.1 return a proper "IN A" record when resolving the domain test.internal.vpn, the VPN should not be triggered.


        Actual Results:

        Current beta of iOS seems to ignore the useDNSServers value set in the NEVPNManager object and does not use the specified list of DNS servers for domain resolution. The VPN is triggered every time for the domains given in "metchDomains" array when it matches the requested domain. According to the documentation, the VPN should be triggered only when the specified DNS servers (list in "useDNSServers") return an error (for instance NXDOMAIN response, or they are not reachable at all, which is not the case in my scenario).


        Version:

        All iOS 9.3 beta builds released to date


        Notes:

        The code that worked properly and as expected on all iOS 9 releases (iOS 9.0 - 9.2.1) now doesn't work at all. This brakes compatibility across all devices that will receive iOS 9.3 update if the bug is not fixed. We've tested this on multiple devices and on both Wi-Fi and cellular networks.


        Configuration:

        iPhone 6S 64GB Wi-Fi + Cellular, iPad Mini 3 Wi-Fi + Cellular, iPhone 5S 32GB Wi-Fi + Cellular


        Any advice will be grately appreciated.