Hi everyone!
I'm using an iPhone 8 with IOS 14.0.1 (updated yesterday from 13.5.x - not an iOS version issue I guess).
I have setup VPN on Demand with below XML profile that I found online (I tried various, but this is the one that works ... somewhat).
I'm at home (for testing) and disabling my WiFi. Then I open Safari and enter http://myserver.lab.mydomain. Now I see the VPN is being established, but the webpage does not load. If VPN is established and I enter htttp://myserver, however, it works as expected.
So:
- FQDN of my host at home is required in order for the VPN on Demand rule to "fire"
- FQDN however, does not get resolved and the server is not reachable.
- hostname, however, does get resolved correctly.
I can verify the same behaviour with ping from within the Net Analyzer App.
Is this a bug or am I understanding something completely wrong here? Am I of tracks?
Thanks in advance for any feedback!
I'm using an iPhone 8 with IOS 14.0.1 (updated yesterday from 13.5.x - not an iOS version issue I guess).
I have setup VPN on Demand with below XML profile that I found online (I tried various, but this is the one that works ... somewhat).
I'm at home (for testing) and disabling my WiFi. Then I open Safari and enter http://myserver.lab.mydomain. Now I see the VPN is being established, but the webpage does not load. If VPN is established and I enter htttp://myserver, however, it works as expected.
So:
- FQDN of my host at home is required in order for the VPN on Demand rule to "fire"
- FQDN however, does not get resolved and the server is not reachable.
- hostname, however, does get resolved correctly.
I can verify the same behaviour with ping from within the Net Analyzer App.
Is this a bug or am I understanding something completely wrong here? Am I of tracks?
Thanks in advance for any feedback!
XML:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>PayloadContent</key>
<array>
<dict>
<key>IPSec</key>
<dict>
<key>AuthenticationMethod</key>
<string>SharedSecret</string>
<key>LocalIdentifier</key>
<!-- FRITZ!Box Benutzername -->
<string>[USERNAME]</string>
<key>LocalIdentifierType</key>
<string>KeyID</string>
<key>RemoteAddress</key>
<!-- DDNS-URL der FRITZ!Box, z.B. xxxxxx.myfritz.net -->
<string>[DDNS-URL der FRITZ!Box]</string>
<key>SharedSecret</key>
<!-- SharedSecret der FRITZ!Box -->
<data>
[SHAREDSECRET]
</data>
<key>XAuthEnabled</key>
<integer>1</integer>
<key>XAuthName</key>
<!-- FRITZ!Box Benutzername -->
<string>[USERNAME]</string>
<key>XAuthPassword</key>
<!-- FRITZ!Box Passwort des Benutzers -->
<string>[PASSWORD]</string>
<!-- VPN-On-Demand Codeblock -->
<key>OnDemandEnabled</key>
<!-- Die 1 im Folgenden bedeutet, dass VPN on Demand aktiviert wird -->
<integer>1</integer>
<key>OnDemandRules</key>
<array>
<!-- VPN beim Zugriff auf Heimnetz-Adressen aufbauen -->
<dict>
<key>Action</key>
<string>EvaluateConnection</string>
<key>ActionParameters</key>
<array>
<dict>
<key>Domains</key>
<array>
<string>*.local</string>
<string>*.fritz.box</string>
<string>fritz.box</string>
<string>.lab.mydomain</string>
</array>
<key>DomainAction</key>
<string>ConnectIfNeeded</string>
<key>RequiredDNSServers</key>
<array>
<string>192.168.0.3</string>
<string>192.168.0.4</string>
</array>
</dict>
</array>
</dict>
<dict>
<!-- VPN bei einzelnen WLAN-Netzwerken deaktivieren -->
<key>Action</key>
<string>Disconnect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
<key>SSIDMatch</key>
<array>
<string>heFritzbox</string>
<string>wtFritzbox</string>
</array>
</dict>
<dict>
<!-- VPN bei aktiver WLAN-Verbindung aktivieren -->
<key>Action</key>
<string>Connect</string>
<key>InterfaceTypeMatch</key>
<string>WiFi</string>
</dict>
<dict>
<!-- VPN im Mobilfunknetz nicht aktivieren - falls eine Verbindung auch beim Mobilfunk gewünscht ist, dann muss hier die Action auf "Connect" geändert werden -->
<key>Action</key>
<string>Disconnect</string>
<key>InterfaceTypeMatch</key>
<string>Cellular</string>
</dict>
<dict>
<!-- VPN Default state -->
<key>Action</key>
<string>Ignore</string>
</dict>
</array>
<!-- VPN-On-Demand Codeblock ENDE-->
</dict>
<key>IPv4</key>
<dict>
<key>OverridePrimary</key>
<integer>1</integer>
</dict>
<key>PayloadDescription</key>
<string>Configures VPN settings</string>
<key>PayloadDisplayName</key>
<!-- Bezeichnung, z.B. FRITZ!Box-VPN -->
<string>[VPN-BEZEICHNUNG]</string>
<key>PayloadIdentifier</key>
<!-- Hier könnt ihr einfach die myfritz-Adresse hinterlegen, z.B. xxxxxx.myfritz.net -->
<string>[DDNS-URL der FRITZ!Box]</string>
<key>PayloadType</key>
<string>com.apple.vpn.managed</string>
<key>PayloadUUID</key>
<!-- PayloadUUID, hier könnt ihr einfach die myfritz-Adresse hinterlegen, z.B. xxxxxx.myfritz.net -->
<string>[DDNS-URL der FRITZ!Box]</string>
<key>PayloadVersion</key>
<real>1</real>
<key>Proxies</key>
<dict>
<key>HTTPEnable</key>
<integer>0</integer>
<key>HTTPSEnable</key>
<integer>0</integer>
</dict>
<key>UserDefinedName</key>
<!-- Name des VPNs auf dem iPhone, z.B. FRITZ!Box-VPN -->
<string>[VPN-NAME]</string>
<key>VPNType</key>
<string>IPSec</string>
</dict>
</array>
<key>PayloadDisplayName</key>
<!-- Name des VPN Profils, z.B. "VPN on Demand-Profil" -->
<string>[PROFILNAME]</string>
<key>PayloadIdentifier</key>
<!-- PayloadIdentifier, Hier könnt ihr einfach die myfritz-Adresse hinterlegen, z.B. xxxxxx.myfritz.net -->
<string>[DDNS-URL der FRITZ!Box]</string>
<key>PayloadRemovalDisallowed</key>
<false/>
<key>PayloadType</key>
<string>Configuration</string>
<key>PayloadUUID</key>
<!-- PayloadUUID, Hier könnt ihr einfach die myfritz-Adresse hinterlegen, z.B. xxxxxx.myfritz.net -->
<string>[DDNS-URL der FRITZ!Box]</string>
<key>PayloadVersion</key>
<integer>1</integer>
</dict>
</plist>
