I’ve read the recent posts about people affected by usage NordVPN complaining, but in my case, it’s my personal network and my internal users.
I’ve ran through the preliminary details and it appears that the phone is initiating a direct IPV6 tunnel that’s superseding the device’s routing table and not allowing the device to use the IPv4 or IPv6 gateways provided by the VPN tunnel (our IPSec tunnel is dual-stack) which are provided by the device’s routing table.
What’s up with this?
Any recommended IOS profile tweaks to push down?
Solved! Go to Solution.
A little bit of an update for this.
For Apple devices:
Apple has released the latest iOS 12.0.1 software which may resolve issues for certain remote/VPN Apps using the IPv6-only connections.
If you’re experiencing this issue, please update to iOS 12.0.1 (or newer) and test again.
A possible workaround for Android devices only:
Modify the APN “ltemobile.apn” to IPv4 instead of the default IPv4/IPv6 in the phone settings, under Wireless & Networks - Cellular Networks - Access Point Names.
Power cycle the device and test the VPN connection again.
If the issue persists, please note the date and time of the failure and let us know so we can send you a PM to look closer into this with you.
Of course; via WIFI, VPN works flawlessly.
I’m unable to ping the next-hop VPN-encrypted gateway either via IPv4 or IPv6 when I’m on LTE.
A tcpdump from the firewall side reveals no packets entering the tunneled interface from the mobile device.
Indeed, my situation got fixed by Fido. It appears that they pushed an alternate APN configuration to use the dual-stack IPv4/IPv6 Gateway again.
From a technology standpoint,I’m sure it’s not what they want (since being IPv6 native has some added benefits for data transmission reliability and efficiency), but I’m confident the bugs have been documented + submitted to Apple, and there’s a ‘hope’ for next IOS version to have additional capabilities to better handle ipv4/ipv6 vpn connections with an ipv6-only WAN.