iPhone - iMessage not working over VPN

Hi Folks,

iPhone 6S iOS 9.3.1

We're having a problem with iMessage not working over our VPN/Private APN. We're using an IPSec VPN to push traffic at 3 virtual machines running a VPN agent which allows us to filter web content based of the devices having a static IP address rather than the IP address of whatever Wifi network they're connected to. We also have a private APN from our telecom provider which routes the traffic to the same 3 virtual machines. We have confirmed that ports 80, 443 and 5223 are open on the firewall on the boxes.

To give some context, our company decided to blocked iMessage a few years ago due to not being able to retrieve details of texts sent/received in the event of a data leakage occurrence (it's happened in the past). We blocked iMessage via our MDM (Airwatch) which simply disabled the user from opening Settings>Messages. What it was not doing was preventing the phones from enrolling in iMessage when the push notification is sent to the device about SMS charges.

Fast forward to now, we're receiving multiple complaints from our users informing us they are missing texts from clients. Our users phones are registered with iMessage, clients are texting them which are going as iMessage but not being received by our users. On the clients end, they are not receiving any notification from iMessage that the message failed to deliver (it does not say delivered either).

After discussion with our IT Sec team, they decided to accept the risk and allow us to re-enable iMessage across the board. So we simply removed the restriction on the MDM to "disable iMessage" thinking this would resolve the problem. After testing on some devices in our department, we determined that the problem was still there and iMessages were not being received. Troubleshooting the issue has led me to believe that the problem is on our VPN/Private APN.

To determine this, I setup a phone from scratch and registered it to iMessage. Sent multiple test messages and confirmed iMessage was working. I then manually installed the VPN profile and confirmed it was connected. At this point I am still able to send and receive iMessages. However, the problem begins after restarting the phone. Once I try and send an iMessage it fails and prompts me to send via SMS. Sending messages to the phone does not fail but the phone doesnt receive them.

We have a Firewall setup after the VPN, however I can confirm that ports 80, 443 and 5223 are open. I ran a live packet capture on Wireshark with one of the phones connected. When sending an iMessage to it from another device, I can see the traffic coming in over 5223 from a 17.*.*.* address so it seems as though the connectivity is there, however the message is not received on the phone. At the same time, I was running console in Xcode and noticed this

identityservicesd[52]: [Warning] Warning, missing tel:+35387******* in (null) - This is the number of the phone I am sending iMessages from so there is definitely communication there

This is an out of the box iPhone 6S with the VPN pushed down via a profile from Apple Configurator. We've engaged with our VPN provider and they see traffic going out over 5223 to and from the device. Has anyone else encountered similar issues with iMessage?

Thanks

Dave