cancel
Showing results for 
Search instead for 
Did you mean: 

IOS IKEv2 VPN over LTE does not work anymore

kris2k
I'm a contributor level 1
I'm a contributor level 1

I’ve read the recent posts about people affected by usage NordVPN complaining, but in my case, it’s my personal network and my internal users.

 

I’ve ran through the preliminary details and it appears that the phone is initiating a direct IPV6 tunnel that’s superseding the device’s routing table and not allowing the device to use the IPv4 or IPv6 gateways provided by the VPN tunnel (our IPSec tunnel is dual-stack) which are provided by the device’s routing table.

 

What’s up with this?

 

Any recommended IOS profile tweaks to push down?

125 REPLIES 125

FidoClaudia
Community Manager (Retired)
Community Manager (Retired)

Hey @fdmerin,

 

I'll send you a PM to take a closer look into this.

 

Talk soon!



AT15
I'm a participant level 2
I'm a participant level 2

I have same issue trying to connect to my VPN over LTE.  Not something I do very often, but important to test when having VPN problems.  Took some time to spot the issue but my iphone X (12.1.4) is getting an ipv6 address when on LTE. 

The built-in ios client is apperently using this address and the VPN won't connect.

When I tether my PC (ipv4) to the phone, and then initiate the VPN, that works fine.

 

Something changed on Fido side, this used to work...

 

Thanks

 

 

FidoJulien
Former Moderator
Former Moderator

Hey @AT15

 

I'll send you a PM so we can look at this together.

 

Talk to you soon!



AT15
I'm a participant level 2
I'm a participant level 2

Hi I never got a PM, can someone respond with workaround ?

Hello @AT15. There's a PM coming your way. Talk to you soon.



kingtong
I'm a participant level 1
I'm a participant level 1

Hello there,

 

I've the same issue, IKEv2 over LTE with ProtonVPN on iOS 12.2.

 

Thanks in advance for the support.

Hey @kindtong!

 

First of all, welcome to the community!

 

I'll send you a PM so we can take a look into this together.

mountainsofsnow
I'm a participant level 2
I'm a participant level 2

To everyone here that is having the same problem. As of January 6, 2019 I have opened two tickets. One here on the Fido forums and one on the phone. Support & administrators will take your information, ask you for your IMEI, and create a ticket—but they will not solve the issue however courteous they are. I have a theory is because they don't have a solution yet. If you need to use VPN over LTE it may be a good idea to start considering other options.

 

VPN over IKEv2 (native on iOS) âž  it connects, but all iPv4 traffic is blocked

 

VPN over OpenVPN (third-party app) âž  it works using iPv6 / iPv4 dual stack

Hey @mountainsofsnow

 

Have you rebooted your phone after you received the message that the issue was fixed?  If you did and are still having trouble, you should get in touch with the developer of the app to confirm if their app properly supports IPv6 only networks, as per Apple app standards published here: https://developer.apple.com/support/ipv6.



mountainsofsnow
I'm a participant level 2
I'm a participant level 2

{Update: January 12, 2018] I can confirm that after having opened a ticket and restarted my phone, VPN (IKEv2) now works. Horay!

jsdecarie
I'm a participant level 2
I'm a participant level 2

Same problem here, I use to have my ipv6 turn off from Fido technical support, but it seems I just the the ipv6 back few days ago... "jabber" voip app for job is not working anymore !  please help to block ipv6 again on my account !  

 

thank you,

MeMyselfAndYou
I'm a participant level 2
I'm a participant level 2

I do have the same problem would would  appreciate being told by a private message how to solve it.

Thanks

Hey @MeMyselfAndYou

 

Welcome to the community Smiley

 

I'll be sending you a PM so we can take a look at this together.

 

Talk to you soon!



Davidtai
I'm a participant level 2
I'm a participant level 2

Hi , I’m also having the exact same issue.  

Can I please get assistance via PM?

Hi @Davidtai Welcome to the Community! We're happy to have you with us. 

 

We're sending shortly a PM your way. Smiley 

 

Talk to you soon! 

 

 



ken20kca
I'm a participant level 2
I'm a participant level 2

Hi Francois,

 

I am having the same issue with VPN connecting back to work computer. Can you help take a look? Thx

FidoClaudia
Community Manager (Retired)
Community Manager (Retired)

Hey @ken20kca,

 

Just to clarify, are you using your phone to tether or is your work computer connected to your Home Internet?

 

 



ken20kca
I'm a participant level 2
I'm a participant level 2

Hi FidoClaudia,

 

I used my phone to tether, so my work laptop can VPN back to office PC for work. It has always work since I join Fido, but all of suddent it stop working like about a month ago. My work require me to VPN back to office for emergency response. I have done test with my coworker's phone(using Bell), and it was working. So there seems to be an issue on Fido's end. Thx

ken20kca
I'm a participant level 2
I'm a participant level 2

The issue has been resolved. It seems Fido is dropping IKE traffic from my VPN client. As a work around, I had to restrict the size of the first ISAKMP packet sent from my VPN client. (Sonicwall)

Hi @ken20kca

 

I'm happy to find out that it's resolved on your end.

 

@jsdecarie

 

What's the error message that you are getting on your end exactly?



jsdecarie
I'm a participant level 2
I'm a participant level 2

Hi, when ipv6 is activated, I can’t use a VOIP app I’m using for my works. (Cisco Jabber). If I’m using an APN to disable ipv6 it fixed the problems instantly.  I’ve already speak with « bureau of president » concerning that matters, and the problem has been fixed since October. But it seems somebody has reactivates ipv6 feature for my account.  To explained furthermore, when Rogers is converting ipv4 to ipv6 they screw my app authentication and I can’t get a positive handshake from our job server because my token is not valid anymore. I’ve already trace and dig into packets to found the reason of the issue with firewalls and IT team at my work. An engineer from Rogers (back in October) was aware of this protocol translation problem.