Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Sonicwall Mobile Client & iOS 15.7 and 16

Hi everyone,

From last updates of iOS and ipadOS we are experiencing that the devices can't connect to our sslvpn SMA500 using de app Sonicwall Mobile Client.

Someone else with this problem?

When i try to connect the status is "Connecting..." and never finish the connection.


Thanks in advance.

Category: VPN Client
Reply

Best Answer

«1

Answers

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Juan_Moreno tested with iOS 16.0.2 and Mobile Connect 5.0.11, SSL-VPN and Wireguard is connecting without any errors.

    Do you see anything in the Log of the SMA or Mobile Connect?

    --Michael@BWC

  • Hi, thanks

    In the SMA log i see that my connection is finalished fine, user: connected. But in iOS o ipadOS the status don't change from "connecting..." and i can't access to the resources publisheds

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Juan_Moreno anything in the Mobile Connect logs which might give a clue? Did you tried SSL-VPN and Wireguard, what SMA Firmware version you're running?

    Other client platforms do not face any issues?

    --Michael@BWC

  • kenmaz716kenmaz716 Newbie ✭
    edited September 28

    Greetings,

    I am also running into the same issue with a IOS device on version 16.1 of apple.

    I have a IPHONE 14 PRO MAX and when trying to connect on the IOS app it takes my 2 factor Google Authenticator and just sits saying "connecting....."

    The version i have installed is the latest apple store SonicWall Mobile Connect client 5.0.11 (5056)

    I checked logs on my SONICWALL SMA410 and show the agent AgentSonicWALL Mobile Connect for iOS 5.0.11 (iPhone15,3; iOS 16.1; build 5056) being NetExtender connected.

    But on the device the status is sitting connecting... and even checked the VPN tab under the settings of the apple device same thing. Not showing an IP on the IOS device at all.

    I tested on a MACBOOK PRO and it worked fine when using the mac Sonicwall Mobile Connect just an issue on the latest version of IOS.

    I also just updated the firmware of the SMA 410 to SMA 10.2.1.6-37sv. Tried both SSLVPN and AUTO same issue for the protocol tab. We are Not configured for WireGuard.

    Any thoughts ? I just wanted to attach my issue on the discussion hoping for support, Thanks!

  • Same issue here.

    iPad Pro 5th Generation

    SonicWall Mobile Connect vs 5.0.11

  • OsmanAOsmanA Newbie ✭

    Same issue as well

    iPhone 14 Pro Max IOS 16.1 

    SonicWall Mobile Connect vs 5.0.11




    .

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi guys,

    are we really talking iOS 16.1 (which is a Beta) or 16.0.1 (which should be updated to 16.0.2)?

    Do you all use the internal MFA or plain Username/Password for authentication? I only tested with Username/Password, but can give it a try with MFA at the weekend.

    --Michael@BWC

  • I have the problema with ios 15.7, ios 16.0.1 and beta 16.1

    In my case always with user/password authentication

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Juan_Moreno OK, no problems here for that matter. Are you using Tunnel All or just a few Networks for the Client Routes?

    Do you have Always on VPN activated?

    Did you checked your Mobile Connect logs for any hint?

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭


  • Juan_MorenoJuan_Moreno Newbie ✭

    In our case we have tunnel for all the network and de client logs don't show any relevant information. It seems more a ios problema that sonicwall, but i have a lot of users affected

  • TROTRO Newbie ✭

    Same here for us, latest version 5.0.11 of MobileConnect on iOS 16 (new device, no update), tried both wireshark and sslvpn in protocol settings.

  • TROTRO Newbie ✭
    edited October 19

    Asked the user to enable debug option on MobilConnect and send me the logs.

    This seems something strange:

    2022-10-19 13:06:14.761 NxPlugin[837.37543] <info>  Starting PPP negotiation...
    2022-10-19 13:06:15.633 NxPlugin[837.37543] <warn>  Ignoring protrej
    2022-10-19 13:06:15.683 NxPlugin[837.37543] <warn>  Ignoring protrej
    2022-10-19 13:06:18.603 NxPlugin[837.37543] <warn>  Ignoring protrej
    2022-10-19 13:06:19.601 NxPlugin[837.37542] <warn>  Ignoring protrej
    2022-10-19 13:06:21.560 NxPlugin[837.37542] <warn>  Ignoring protrej
    2022-10-19 13:06:24.544 NxPlugin[837.37542] <warn>  Ignoring protrej
    

    "Ignoring protrej" is repeated until the user cancels connection - I have samples of 30 seconds and more.

    With debugging enabled:

    2022-10-19 13:29:07.856 NxPlugin[925.43275] <warn>  Ignoring protrej
    2022-10-19 13:29:10.754 NxPlugin[925.43275] <debug> processPacketFromServer(_:) 2391: IPCP packet received:
    IPCP code: confreq (1)
    IPCP identifier: 0x0006
    IPCP length: 22
    IPCP config option ipAddress (0x03, 4 bytes):
        192.0.2.1
    IPCP config option unknown (0x81, 4 bytes):
        00 00 00 00                                       ....
    IPCP config option unknown (0x83, 4 bytes):
        00 00 00 00                                       ....
    2022-10-19 13:29:10.758 NxPlugin[925.43275] <debug> processPacketFromServer(_:) 2394: Config options: [MCKit.IPCPPacket.ConfigOption.ipAddress, MCKit.IPCPPacket.ConfigOption.unknown, MCKit.IPCPPacket.ConfigOption.unknown]
    2022-10-19 13:29:10.761 NxPlugin[925.43275] <debug> processPacketFromServer(_:) 2405: received 1st IPCP CONFREQ, sending IPCP CONFREJ for option 02
    

    This is the environment:

    SonicWall Mobile Connect for iOS 5.0.11

    Build: 5056

    Model: iPhone XR

    OS: iOS 16.1

  • TrailcamperTrailcamper Newbie ✭

    I am having the same problems on IpadOS 16.1 and IOS 16.1 (both are RC as I write this and will be pushed in four days). We are using the ssl-vpn and Duo MFA. Just says "connecting" perpetually. Client version 5.0.1.1. Duo MFA login worked on iOS and IpadOS 15.7 and 16.0.X.

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Trailcamper I don't wanna update my iPhone to 16.1 right now, but did I found a report that 16.1 had VPN trouble on multiple platforms (Cisco, OpenVPN, ...) and a possible solution was:

    VPN not working on iPad after this update. Readers reported issues for Cisco IPSec VPN (Bog), OpenVPN (Jason), and 1.1.1.1 VPN (Vignesh M.).

    Fix: Remove app and VPN profile -> Reset Network Settings -> Reconfigure VPN.

    Did you tried this already?

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Juan_Moreno did you escalated with Support already to get this investigated? If it's a general 16.1 problem I guess it'll grow in the next days/weeks when 16.1 hits GA.

    --Michael@BWC

  • TrailcamperTrailcamper Newbie ✭

    I have done all of the usual. I suspect that the root problem is with MFA and the token that is being passed to the VPN client from the browser after the DUO push prompt (there is not a specific request to share the clipboard in the 5.0.1.1). Without the token from MFA then there is no time sensitive "password." 16.1 requires apps to ask for specific permission to share the clipboard. The other alternative is to embed a browser in the vpn client.


    I do have a workaround but it is Cisco specific. The weblogin for the vpn is still working because the auth and the "client" are in the same application (Safari). I have made shortcuts in the portal to support iPadOS devices in the interim (allowing pop-ups is necessary though). Net Extender on Windows works just fine.

  • TROTRO Newbie ✭
  • BWCBWC Cybersecurity Overlord ✭✭✭
    edited October 25

    @TRO I'am late to the party, but since yesterday after updating to iOS 16.1 (GA), MobileConnect is stuck while Connecting to the SMA with SSLVPN protocol. WireGuard is working fine.

    The SMA is showing the User as connected with SSLVPN protocol, but MobileConnect isn't working.

    --Michael@BWC

  • HypnotoadHypnotoad Newbie ✭

    I am having the same issue with every iOS device that we have updated to iOS 16.1

  • Chechler_2Chechler_2 Newbie ✭

    Having the same issue with IOS 16,1 on iPhone 12 and IOS 16 for iPad. No updates to the client through the App Store. ANyone found a workaround ?

  • E_ROME_ROM Newbie ✭

    +1

    We have also the same issue with every iOS device that we have updated to iOS 16.1. Devices that are running with iOS 16.0 are working normally. We use a SMA400.

  • clmtclmt Newbie ✭

    On iOS 16.1 and mobileconnect stuck on connecting. Same issue with iPadOS 16.1, but downgraded to 15.7 and working on that version,

  • NatNat Newbie

    If you are running sma 100 series and with firmware 10.2.X. You can put wireguard on top over sslvpn protocol.

    This is a workaround for IOS16.1.

    Only SSLVPN protocol was affected.

  • Hi All,

    We are aware of this issue and do apologize for this major inconvenience.

    There is a KB that will be updated regarding this issue. It can be found here: https://www.sonicwall.com/support/notices/notice-mobile-connect-client-fails-to-connect-after-upgrading-to-ios-16-1/221028103453833/

    Regards,

    Micah

    @micah - SonicWall's Self-Service Sr. Manager

  • TROTRO Newbie ✭
    edited November 3

    Is there any progress regarding this issue? Almost a week gone and board members without vpn are no fun.

    I opened a ticket and the only response I got was

    I have reviewed case #####  and after investigating found that this knowledge base article may help with the stated issue  ***URGENT Board member affected*** iOS 16.1 Sonicwall MobilConnect unable to establish vpn tunnel :

    Notice: Mobile Connect Client fails to connect after upgrading to iOS 16.1 -  https://www.sonicwall.com/support/knowledge-base/221028103453833.

    I don't know what investigation was going on there, but reading the kb article was clearly not included since it says

    Workaround: There is no Workaround for this issue as of now.

    Some good advice from my side:

    • The were lots of people pointing to the issue when iOS16.1 was still beta. You would have had time to investigate before the final release if you took this serious.
    • If you have no solution ready, you should at least try to communicate - maybe say what you have tried and what did not work so others don't waste time in e.g. deleting and recreating vpn connections.
    • Try to provide at least an estimated time frame for the fix. Is it one week, one month, never? I'm asked every other day by, you know, board members...

    Thanks,

  • TROTRO Newbie ✭

    129 (=0x81) Primary DNS Server Address [RFC1877]

    131 (=0x83) Secondary DNS Server Address [RFC1877]

    As from my logs above:

    IPCP config option unknown (0x81, 4 bytes):
        00 00 00 00                                       ....
    IPCP config option unknown (0x83, 4 bytes):
        00 00 00 00                                       ....
    

    Is iOS rejecting the custom DNS settings?

  • CPS_ITCPS_IT Newbie ✭

    Same as @TRO, we are getting a lot of heat about this issue, all of upper management uses iPhones. Our email server is behind the firewall so they can't get email on their phones.

    Has anybody come up with a viable workaround? We started looking at WireGuard for a free fix but it seems clumsy to configure it behind a Sonicwall Firewall and we cant find any write-ups about it, its more than just a port forward to get it to work. Using pfsense with WireGuard would probably be a better way to go about it and there are more resources but a lot of work. Thanks!

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @CPS_IT if you're running a SMA 100 Series you could use Firmware 10.2.1.6 which includes WireGuard Support, it works pretty good but broke at least at one Deployment Application Offloading for Exchange. In that scenario a simple Port Forward is enough.

    --Michael@BWC

Sign In or Register to comment.