Hello,
In the code I have utilised the NEVPNManager to establish an IKEv2 connection to my StrongSwan server. I have disabled IPv4 on the server to focus only on the IPv6 issues.
When I run the app under MacOS, it works perfectly fine. When I run the app under iPad (iOS) it also works perfectly fine. Both obtain an IPv6 from the server.
But when I run the app under my iPhone X, the IPv6 connection can't be established. I have updated the OS to iOS 15.1, but it didn't help. I have restarted the phone several times and made sure the DNS settings in Wifi connection is set to automatic.
When I do a sudo tcpdump icmp6 on the server I get this for iPad:
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 08:46:45.036393 IP6 fe80::9400:ff:fef1:6bcb > fe80::1: ICMP6, neighbor solicitation, who has fe80::1, length 32 08:46:45.037036 IP6 fe80::1 > fe80::9400:ff:fef1:6bcb: ICMP6, neighbor advertisement, tgt is fe80::1, length 24
But when I run it under my iPhone X I get errors on tcpdump:
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes 08:49:36.594341 IP6 2a01:4f8:c17:1f2d::1 > one.one.one.one: ICMP6, destination unreachable, unreachable port, 2a01:4f8:c17:1f2d::1 udp port 61921, length 121 08:49:36.594693 IP6 2a01:4f8:c17:1f2d::1 > one.one.one.one: ICMP6, destination unreachable, unreachable port, 2a01:4f8:c17:1f2d::1 udp port 49461, length 155 08:49:36.605300 IP6 2a01:4f8:c17:1f2d::1 > one.one.one.one: ICMP6, destination unreachable, unreachable port, 2a01:4f8:c17:1f2d::1 udp port 63572, length 152 ...
Does the iPhone has some sort of firewall enabled?
Below is my code. Why is the iPhone X affected, but not the iPad?
func connectIKEv2VPN() { self.vpnManager.loadFromPreferences(completionHandler: vpnLoadHandler) } func vpnLoadHandler(error: (Error?)) -> Void { let tkcs = MyKeychainService() let deviceService = DeviceService.shared var protcol: NEVPNProtocol let ikev2 = NEVPNProtocolIKEv2() ikev2.useExtendedAuthentication = true ikev2.localIdentifier = "My VPN" ikev2.remoteIdentifier = EnvFabric.shared.getUrlForCode(DeviceService.shared.getRetrievedServerCode()) ikev2.authenticationMethod = NEVPNIKEAuthenticationMethod.none ikev2.deadPeerDetectionRate = NEVPNIKEv2DeadPeerDetectionRate.medium ikev2.ikeSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM ikev2.ikeSecurityAssociationParameters.integrityAlgorithm = .SHA256 ikev2.ikeSecurityAssociationParameters.diffieHellmanGroup = .group19 ikev2.ikeSecurityAssociationParameters.lifetimeMinutes = 1440 ikev2.childSecurityAssociationParameters.encryptionAlgorithm = .algorithmAES256GCM ikev2.childSecurityAssociationParameters.integrityAlgorithm = .SHA256 ikev2.childSecurityAssociationParameters.diffieHellmanGroup = .group19 ikev2.childSecurityAssociationParameters.lifetimeMinutes = 1440 ikev2.disableMOBIKE = false protcol = ikev2 protcol.disconnectOnSleep = false protcol.serverAddress = EnvFabric.shared.getUrlForCode(DeviceService.shared.getRetrievedServerCode()) self.vpnManager.localizedDescription = DeviceService.shared.getRetrievedServerName() protcol.username = deviceService.getDeviceId() tkcs.save(key: "DEVICE_TOKEN", value: deviceService.getDeviceToken()) protcol.passwordReference = tkcs.load(key: "DEVICE_TOKEN") self.vpnManager.protocolConfiguration = protcol self.vpnManager.onDemandRules = nil self.vpnManager.isOnDemandEnabled = false self.vpnManager.isEnabled = true self.vpnManager.saveToPreferences(completionHandler: vpnSaveHandler) } func vpnSaveHandler(error: (Error?)) -> Void { if let error = error { if ((error as NSError).code == 4) { return } } else { do { try self.vpnManager.connection.startVPNTunnel() } } catch let error { SwiftyBeaver.warning("Error starting VPN Connection", error.localizedDescription) } } }