I’ve read the recent posts about people affected by usage NordVPN complaining, but in my case, it’s my personal network and my internal users.
I’ve ran through the preliminary details and it appears that the phone is initiating a direct IPV6 tunnel that’s superseding the device’s routing table and not allowing the device to use the IPv4 or IPv6 gateways provided by the VPN tunnel (our IPSec tunnel is dual-stack) which are provided by the device’s routing table.
What’s up with this?
Any recommended IOS profile tweaks to push down?
Solved! Go to Solution.
A little bit of an update for this.
For Apple devices:
Apple has released the latest iOS 12.0.1 software which may resolve issues for certain remote/VPN Apps using the IPv6-only connections.
If you’re experiencing this issue, please update to iOS 12.0.1 (or newer) and test again.
A possible workaround for Android devices only:
Modify the APN “ltemobile.apn” to IPv4 instead of the default IPv4/IPv6 in the phone settings, under Wireless & Networks - Cellular Networks - Access Point Names.
Power cycle the device and test the VPN connection again.
If the issue persists, please note the date and time of the failure and let us know so we can send you a PM to look closer into this with you.
I have same issue trying to connect to my VPN over LTE. Not something I do very often, but important to test when having VPN problems. Took some time to spot the issue but my iphone X (12.1.4) is getting an ipv6 address when on LTE.
The built-in ios client is apperently using this address and the VPN won't connect.
When I tether my PC (ipv4) to the phone, and then initiate the VPN, that works fine.
Something changed on Fido side, this used to work...
To everyone here that is having the same problem. As of January 6, 2019 I have opened two tickets. One here on the Fido forums and one on the phone. Support & administrators will take your information, ask you for your IMEI, and create a ticket—but they will not solve the issue however courteous they are. I have a theory is because they don't have a solution yet. If you need to use VPN over LTE it may be a good idea to start considering other options.
VPN over IKEv2 (native on iOS) ➠ it connects, but all iPv4 traffic is blocked
VPN over OpenVPN (third-party app) ➠ it works using iPv6 / iPv4 dual stack
Have you rebooted your phone after you received the message that the issue was fixed? If you did and are still having trouble, you should get in touch with the developer of the app to confirm if their app properly supports IPv6 only networks, as per Apple app standards published here: https://developer.apple.com/support/ipv6.
Same problem here, I use to have my ipv6 turn off from Fido technical support, but it seems I just the the ipv6 back few days ago... "jabber" voip app for job is not working anymore ! please help to block ipv6 again on my account !
I used my phone to tether, so my work laptop can VPN back to office PC for work. It has always work since I join Fido, but all of suddent it stop working like about a month ago. My work require me to VPN back to office for emergency response. I have done test with my coworker's phone(using Bell), and it was working. So there seems to be an issue on Fido's end. Thx
The issue has been resolved. It seems Fido is dropping IKE traffic from my VPN client. As a work around, I had to restrict the size of the first ISAKMP packet sent from my VPN client. (Sonicwall)
Hi, when ipv6 is activated, I can’t use a VOIP app I’m using for my works. (Cisco Jabber). If I’m using an APN to disable ipv6 it fixed the problems instantly. I’ve already speak with « bureau of president » concerning that matters, and the problem has been fixed since October. But it seems somebody has reactivates ipv6 feature for my account. To explained furthermore, when Rogers is converting ipv4 to ipv6 they screw my app authentication and I can’t get a positive handshake from our job server because my token is not valid anymore. I’ve already trace and dig into packets to found the reason of the issue with firewalls and IT team at my work. An engineer from Rogers (back in October) was aware of this protocol translation problem.