Network Protection does not work with Custom DNS on iOS 16 and 17

Question

Network Protection does not work with Custom DNS on iOS 16 and 17

jurajhilje opened this issue a year ago · 6 comments

Description

Customer bug report:

For the past year I cannot reliably get IVPN's network protection (automatically connecting/disconnecting) to work as long as I am using custom DNS. I typically use NextDNS and tried DoH and DoT plus generic Cloudflare DoH. Most of the time when a connection is triggered IVPN just flip-flops connecting - disconnected. As soon as I disable custom DNS, network protection works perfectly. All versions of iOS 16 and 17 -- no difference.

Answer 1 · 2023-10-04T09:08:17.000Z

@jurajhilje I can also reproduce the issue on iOS 17, let me know if you need any help with this.

Answer 2 · 2023-10-04T09:11:30.000Z

@gorkapernas OK thanks for checking this! I'll look into it asap and let you know how it goes.

Answer 3 · 2023-10-04T09:17:47.000Z

@gorkapernas Also, flip-flop connecting indicates that crash of the WireGuard VPN tunnel is not handled properly in this case. I'll see if I can implement error handling similar to invalid WG keys error.

Answer 4 · 2023-10-17T12:34:31.000Z

STR:

Use a NextDNS endpoint with DoH
Enable Network Protection
Set WIFI to untrusted
Change network to mobile data
Change network back to WIFI
Observe that the keeps attempting to connect in a loop

Answer 5 · 2023-10-23T07:31:17.000Z

@gorkapernas The potential fix is available in 2.11.1 (7). Let me know how it goes.

Answer 6 · 2023-10-24T09:48:43.000Z

Verified fixed on versions 2.11.0 (7) and 2.11.0 (8), tested on iPhone XR iOS 17.1 and iPad 6 iOS 16.7, the app no longer keeps reconnecting when joining an untrusted network with custom DNS enabled, the connection is always established correctly.
Also tested with next DNS, OpenVPN and WireGuard.
This looks good to go.