Hi folks, For a feature that I am exploring, I need to be able to set up VPN and tunnel selective web-traffic through to a backend service. I have been experimenting with the iOS Always-On VPN functionality, towards this purpose. I am using a Strongswan server on the backend. Just in case it matters, the VPN profile is set up for certificate based authentication. Configuration is being pushed to the device via the Configurator. The DNS configuration mentioned below was added manually into the generated .mobileconfig, as the app doesn't seem to have support for those dictionary items yet.
I have been able to successfully set up a connection and have it stay on. However, I am having trouble getting the DNS queries to route correctly: The server pushes the DNS server, once the VPN connection is established. I do see, from the Xcode logs for the device (an iPad running 10.2.1) that iOS receives the DNS server and sets it up as a resolver. However, the wi-fi DNS resolver continues to stay on as the primary resolver. Following advice from https://lists.strongswan.org/pipermail/users/2015-October/008842.html, I set up the 'ServerAddresses' item and an empty 'SupplementalMatchDomains' [as described at https://developer.apple.com/library/content/featuredarticles/iPhoneConfigurationProfileRef/Introduction/Introduction.html#//apple_ref/doc/uid/TP40010206-CH1-SW40] to see if I can force the VPN-based resolver to take precedence. But, this has had no effect. Has anyone had success getting DNS functioning in this fashion i.e., for the VPN-based DNS server to take over as primary resolver? Thanks. Prashanth _______________________________________________ Users mailing list Users@lists.strongswan.org https://lists.strongswan.org/mailman/listinfo/users