User profile for user: ckdwibedy
ckdwibedy Author
User level: Level 1
4 points

dns resolution failed with IPsec VPN connected (IPsec XAUTH RSA) using iphone 5s

Hi,

I configured the Apple iOS Device ( Client-To-Site VPN) for IPsec VPN connection (IPsec XAUTH RSA). After configuring the Apple device, could able to connect to the IPsec VPN Server. After a few seconds, the VPN icon appears in the status bar to indicate that the connection is successful.

Using xCode package , collected the iPhone device logs . (Followed the procedure mentioned at https://support.kaspersky.com/12419). The below logs confirm that , IPsec VPN connection is established .

Device logs:

Phase 1/ISAKMP SA (IKEv1 Main mode ) establishment

Aug 26 15:19:45 iPhone racoon[562] <Notice>: IPSec Network Configuration established.

Aug 26 15:19:45 iPhone racoon(NetworkExtension)[562] <Notice>: >>>>> phase change status = Phase 1 established

Aug 26 15:19:45 iPhone racoon[562] <Notice>: >>>>> phase change status = Phase 1 established

Aug 26 15:19:45 iPhone nesessionmanager(NetworkExtension)[233] <Info>: IPSec Controller: PH1 ESTABLISHED. phase 3, assert 0


Phase 2 /IPsec SA (IKEv1 Quick mode ) establishment

Aug 26 15:19:46 iPhone racoon[562] <Notice>: IPSec Phase 2 established (Initiated by me).

Aug 26 15:19:46 iPhone racoon(NetworkExtension)[562] <Info>: IPsec-SA established: ESP/Tunnel 192.168.9.83[0]->72.22.171.100[0]


However with VPN established , unable to browse the google.com (using Safari ) and any other websites. Upon debugging found that , it does not send DNS query to DNS server. Please have a look into the below logs .

Oct 25 15:21:05 iPhone mDNSResponder[91] <Info>: ShouldSuppressUnicastQuery: Query suppressed for www.google.co.in., qtype AAAA, as the DNS server is NULL

Oct 25 15:21:05 iPhone mDNSResponder[91] <Info>: GetServerForQuestion: 000000010080A8C8 no DNS server (Scope None:0000000000000000:-1) found for name www.google.co.in. (Addr)


Oct 25 15:21:05 iPhone mDNSResponder[91] <Info>: InitDNSConfig: question 000000010080A8C8 www.google.co.in. (Addr) Timeout 30, DNS Server <<NULL>>:0



Can anyone please let me know where could be the issue ? please feel free to let me know if additional information is needed. Thank you in advance for your support and time.


Notes:

  1. 1) I am able to browse different websites when VPN (IPsec) is not connected.
  2. 2) However with VPN (IPsec) established, could able to ping to 8.8.8.8 Google Public DNS IP address) successfully (using ping tool on iPhone)

Regards,

Chinmaya

iPhone 5s

Posted on Aug 26, 2017 5:42 PM

Reply
1 reply
User profile for user: Diana.McCall
Diana.McCall
User level: Level 7
21,297 points

Aug 28, 2017 3:15 AM in response to ckdwibedy

Hi. It sounds like the VPN is not fully set up, since your log reports the DNS server is "null". Your device should be getting DNS from the remote VPN server.

Are you using an app to configure the VPN, or are you trying to do it manually, somehow?

Are you connecting to a commercial server, or something else?


This is just a user-to-user forum, so you might find more help on the web.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

dns resolution failed with IPsec VPN connected (IPsec XAUTH RSA) using iphone 5s

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up