pietia336

Q: VPN problem on iPhone after updating to iOS6 - server not found for .local URLs in Safari

Hi!

I have a PPTP VPN configured on SBS 2003 which is built-in by default in the OS.

iPhone 4 (iOS 5.1.1), iPhone 4S and iPad 2 connected fine to this VPN. Also the URLs which where poinintg to addresses in local domain (e.g. service.contooso.local) were resolved properly.

After updating to iOS 6 connection to VPN still establishes properly. Unfortunately all these devices cannot connect through Safari to local websites anymore when a URL in .local domain is specified (e.g. http://service.contooso.local) and that was working fine before the udpate. Safari returns the following message: "Safari cannot open this website. Server cannot be found." - this is a translation to English, so original message may slightly differ.

When IP address is entered in Safari the connection is succesfuly established to the default website on SBS.

It seems like after connecting to the VPN the DNS address used for resolving the names is not poining to the local DNS server (which is the same as webserver, VPN server, etc. as all the services are on SBS), but still to the ISP's DNS.

Is that behavior normal in iOS 6 or is it a bug? As I have written before in iOS 5.1.1 this kind of behavior did not occur, and after connecting to VPN I could use http://service.contooso.local URL which was resolved properly to correct website in the intranet.

I am looking forward for any hints.

Best regards,

Piotr

iPhone 4, iOS 6

Posted on Sep 20, 2012 7:38 AM

Close

Q: VPN problem on iPhone after updating to iOS6 - server not found for .local URLs in Safari

  • All replies
  • Helpful answers

Previous Page 2 of 5 last Next
  • by cpohle,

    cpohle cpohle Oct 4, 2012 4:05 AM in response to CodePro
    Level 1 (0 points)
    Oct 4, 2012 4:05 AM in response to CodePro

    Hi CodePro,

     

    I cannot confirm that the iOS 6 VPN ignores the VPN's DNS server, even over GPS.

     

    I've aliased several mycompany.local-hosts in our intranet with .mycompany names, and these are successfully resolved via VPN, both on W-LAN and GPS. As our ISP has now knowledge of the .mycompany domain, VPN obviously is able to contact our internal DNS server.

  • by Tom Rock,

    Tom Rock Tom Rock Oct 4, 2012 4:10 AM in response to MakMak1980
    Level 1 (0 points)
    Oct 4, 2012 4:10 AM in response to MakMak1980

    O.K., so here in detail:

    say, you have problems connecting to a URL "http://myserver.mycompany.local" via VPN/3G ...

     

    1. Open "Free Ping" and you´ll find only one Input box (labelde "Type IP") and a button: "PING".

    2. Enter "myserver" in the Input box and press "PING"

    The output of Free Ping should say something like "64 bytes from xx.xx.xx.xx icmp_seq...". That means the IP Address of the host could be resolved.

    3. Open your App (which could not contact the host/server) and try to establish a connection again.

    It should work.

  • by ioniansailor,

    ioniansailor ioniansailor Oct 4, 2012 4:25 AM in response to Tom Rock
    Level 1 (0 points)
    Oct 4, 2012 4:25 AM in response to Tom Rock

    I can approve the solution.

     

    After changing exchange.companyname.local/server into 123.456.890/server everything is okay.

     

    Thanks for your help.

     

    Apple support needed 3 calls and 30 minutes for no solution.

  • by CodePro,

    CodePro CodePro Oct 5, 2012 6:34 AM in response to CodePro
    Level 1 (0 points)
    Oct 5, 2012 6:34 AM in response to CodePro

    Additional Info on the iPhone VPN configuration:

     

    Using IPSec Setup:

    Server is filled out with external VPN IP

    Account and Password are filled out correctly

    Use Certificate is Off

    Group Name and Secret are filled out Correctly

    Proxy is off

     

    How do I know these items are filled out correctly?  Because I can access the VPN with no issues on WiFi.

     

    Like this comment if your settings are the same, or reply with your settings if you have a different setup.

  • by CodePro,

    CodePro CodePro Oct 5, 2012 6:36 AM in response to pietia336
    Level 1 (0 points)
    Oct 5, 2012 6:36 AM in response to pietia336
  • by CodePro,

    CodePro CodePro Oct 5, 2012 6:40 AM in response to pietia336
    Level 1 (0 points)
    Oct 5, 2012 6:40 AM in response to pietia336

    This post implies there was a similar issue in previous versions of iOS:

     

    https://discussions.apple.com/message/12160761

  • by CodePro,

    CodePro CodePro Oct 5, 2012 6:47 AM in response to cpohle
    Level 1 (0 points)
    Oct 5, 2012 6:47 AM in response to cpohle

    Cpohle, by GPS I assume you mean a 3G-only connection, correct?  And you confirmed you turned off WiFi, have a 3G connection and are using iOS6, correct?

     

    What does your VPN configraution look like?  Are you using IPSec?

     

    If you made changes to your VPN host server or DNS server, what exactly were those, or did you simple upgrade to iOS6 without any changes to your iPhone or your private network?

     

    We have some iPhones that are still using iOS 5.1, and they still connect without any issues on 3G only, so the only change was upgrading to iOS 6.

     

    If any one else having (or not having) this issue can post their details, that might help.

  • by cpohle,

    cpohle cpohle Oct 5, 2012 8:47 AM in response to CodePro
    Level 1 (0 points)
    Oct 5, 2012 8:47 AM in response to CodePro

    CodePro,

     

    Cpohle, by GPS I assume you mean a 3G-only connection, correct?

    Of course, I meant "GPRS", or call it 3G/UMTS. Sorry for the typo.

    And you confirmed you turned off WiFi, have a 3G connection and are using iOS6, correct?

    Correct.

    What does your VPN configraution look like?  Are you using IPSec?

    Yes, I'm using IPSec. On the other side of the tunnel, there is a StrongSwan listening for roadwarriors.

    If you made changes to your VPN host server or DNS server, what exactly were those, or did you simple upgrade to iOS6 without any changes to your iPhone or your private network?

    I upgraded to iOS 6 and noted that I could not get to the .local-hosts anymore. I then created a new DNS domain on our ActiveDirectory controller / internal DNS server, as described above, with "myhost.mycompany" aliases pointing to the still existing "myhost.mycompany.local" addresses.

     

    HTH

  • by prochejr,

    prochejr prochejr Oct 5, 2012 12:50 PM in response to pietia336
    Level 1 (0 points)
    Oct 5, 2012 12:50 PM in response to pietia336

    I'm having same issue here.  Can ping the internal resources by IP Address but DNS will not resolve to them when VPN is active.  If I ping using IP Address, it actually responds with the server name, but pinging server name does not work (and therefore Safari does not work for any internal websites). 

  • by Tom Rock,

    Tom Rock Tom Rock Oct 5, 2012 12:59 PM in response to prochejr
    Level 1 (0 points)
    Oct 5, 2012 12:59 PM in response to prochejr

    o.k., just one thing to be metioned: try to ping the fully qualified host name (myserver.whatever.local). my workaround works, because i declared the Domain ".local" as a (MS Term) "Domain Suffix" for local searches.

  • by prochejr,

    prochejr prochejr Oct 5, 2012 1:01 PM in response to Tom Rock
    Level 1 (0 points)
    Oct 5, 2012 1:01 PM in response to Tom Rock

    Is this a change you made in your domain's DNS server?

  • by Tom Rock,

    Tom Rock Tom Rock Oct 5, 2012 1:04 PM in response to prochejr
    Level 1 (0 points)
    Oct 5, 2012 1:04 PM in response to prochejr

    no, actually it´s a parameter in our cisco vpn appliance (dhcp config). what´s your vpn endpoint?

  • by prochejr,

    prochejr prochejr Oct 5, 2012 1:09 PM in response to Tom Rock
    Level 1 (0 points)
    Oct 5, 2012 1:09 PM in response to Tom Rock

    We use a Palo Alto.

  • by Tom Rock,

    Tom Rock Tom Rock Oct 5, 2012 1:15 PM in response to prochejr
    Level 1 (0 points)
    Oct 5, 2012 1:15 PM in response to prochejr

    have you tried my workaround: Free Ping (App)- Ping fully qualified hostname (myserver.whatever.local)? you should get a Ping-reply?

  • by prochejr,

    prochejr prochejr Oct 5, 2012 1:23 PM in response to Tom Rock
    Level 1 (0 points)
    Oct 5, 2012 1:23 PM in response to Tom Rock

    Yes tried it using IT Tools app but no response to pings to any server names (FQDN or not).  Responds to IP addresses fine.  Actually responds to the IP address ping with the FQDN.  Crazy, working fine on my iOS5 devices, but broken once I upgrade devices (ipads and iphones) to iOS6.  If I replace url in safari with IP address it works also.  Definitely a DNS issue created by the iOS6 change.

Previous Page 2 of 5 last Next