Apple Services not available when connected to VPN with Custom DoH/DoT DNS

When a device is connected to VPN using NEPacketTunnelProvider, and configured with encrypted custom DNS (NEDNSOverHTTPSSettings), some Apple Services (e.g. Siri) are unavailable. The same configuration but with clear text custom DNS (NEDNSSettings) works as expected.

Inspecting network traffic while using Siri revealed SSL shutdown packets and TCP termination packets.

Device: iOS 14.4.2
Network Extension APIs: NEPacketTunnelProvider, NEPacketTunnelNetworkSettings, NEDNSOverHTTPSSettings

Attachments:
com.apple.siri-network-traffic-packets.txt
com.apple.siri-console-app-logs.txt



Up vote post of juraj_ivpn Down vote post of juraj_ivpn
1.6k views
Posted by
juraj_ivpn
Reply
Add a Comment

Accepted Reply

I would open a bug report here and include these logs as well as a pcap. Please respond back with the Feedback ID.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment

Replies

I would open a bug report here and include these logs as well as a pcap. Please respond back with the Feedback ID.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Post marked as solved
Add a Comment
Hi Matt, thanks for the quick response!
Report is submitted, ID: 9072905
Posted by
juraj_ivpn
Up vote reply of juraj_ivpn Down vote reply of juraj_ivpn

  • FB9072905

    eskimo
Add a Comment
No problem. I see you bug report internally and it looks like it has landed in the right spot.


Matt Eaton
DTS Engineering, CoreOS
meaton3@apple.com
Posted by
meaton
Up vote reply of meaton Down vote reply of meaton
Add a Comment

Hi!

From what I can see, the issue is still not fixed. Is there any info about this one?

Tested in iOS & iPadOS 15.2 Beta 4.

Posted by
juraj_ivpn
Up vote reply of juraj_ivpn Down vote reply of juraj_ivpn
Add a Comment

AFAIK Siri has never worked with encrypted DNS since iOS 14 introduced the feature. I can also confirm same behavior with macOS 12.6 today.

Is Apple going to do anything about this? We're talking about a critical issue for VPN providers.

Posted by
keeshux
Up vote reply of keeshux Down vote reply of keeshux
Add a Comment