Sonicwall Mobile Client & iOS 15.7 and 16
Juan_Moreno Newbie ✭
in VPN Client
From last updates of iOS and ipadOS we are experiencing that the devices can't connect to our sslvpn SMA500 using de app Sonicwall Mobile Client.
Someone else with this problem?
When i try to connect the status is "Connecting..." and never finish the connection.
Thanks in advance.
Category: VPN Client
Please accept our apologies for the inconvenience caused due to this issue. We have an update on this.
A Mobile Connect patch is live on App store.
You can find the details here: Notice: Mobile Connect Client fails to connect after upgrading to iOS 16.1 | SonicWall
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
@Juan_Moreno tested with iOS 16.0.2 and Mobile Connect 5.0.11, SSL-VPN and Wireguard is connecting without any errors.
Do you see anything in the Log of the SMA or Mobile Connect?
In the SMA log i see that my connection is finalished fine, user: connected. But in iOS o ipadOS the status don't change from "connecting..." and i can't access to the resources publisheds
@Juan_Moreno anything in the Mobile Connect logs which might give a clue? Did you tried SSL-VPN and Wireguard, what SMA Firmware version you're running?
Other client platforms do not face any issues?
I am also running into the same issue with a IOS device on version 16.1 of apple.
I have a IPHONE 14 PRO MAX and when trying to connect on the IOS app it takes my 2 factor Google Authenticator and just sits saying "connecting....."
The version i have installed is the latest apple store SonicWall Mobile Connect client 5.0.11 (5056)
I checked logs on my SONICWALL SMA410 and show the agent AgentSonicWALL Mobile Connect for iOS 5.0.11 (iPhone15,3; iOS 16.1; build 5056) being NetExtender connected.
But on the device the status is sitting connecting... and even checked the VPN tab under the settings of the apple device same thing. Not showing an IP on the IOS device at all.
I tested on a MACBOOK PRO and it worked fine when using the mac Sonicwall Mobile Connect just an issue on the latest version of IOS.
I also just updated the firmware of the SMA 410 to SMA 10.2.1.6-37sv. Tried both SSLVPN and AUTO same issue for the protocol tab. We are Not configured for WireGuard.
Any thoughts ? I just wanted to attach my issue on the discussion hoping for support, Thanks!
Same issue here.
iPad Pro 5th Generation
SonicWall Mobile Connect vs 5.0.11
Same issue as well
iPhone 14 Pro Max IOS 16.1
SonicWall Mobile Connect vs 5.0.11
are we really talking iOS 16.1 (which is a Beta) or 16.0.1 (which should be updated to 16.0.2)?
Do you all use the internal MFA or plain Username/Password for authentication? I only tested with Username/Password, but can give it a try with MFA at the weekend.
I have the problema with ios 15.7, ios 16.0.1 and beta 16.1
In my case always with user/password authentication
@Juan_Moreno OK, no problems here for that matter. Are you using Tunnel All or just a few Networks for the Client Routes?
Do you have Always on VPN activated?
Did you checked your Mobile Connect logs for any hint?
In our case we have tunnel for all the network and de client logs don't show any relevant information. It seems more a ios problema that sonicwall, but i have a lot of users affected
Same here for us, latest version 5.0.11 of MobileConnect on iOS 16 (new device, no update), tried both wireshark and sslvpn in protocol settings.
Asked the user to enable debug option on MobilConnect and send me the logs.
This seems something strange:
"Ignoring protrej" is repeated until the user cancels connection - I have samples of 30 seconds and more.
With debugging enabled:
This is the environment:
SonicWall Mobile Connect for iOS 5.0.11
Model: iPhone XR
OS: iOS 16.1
I am having the same problems on IpadOS 16.1 and IOS 16.1 (both are RC as I write this and will be pushed in four days). We are using the ssl-vpn and Duo MFA. Just says "connecting" perpetually. Client version 220.127.116.11. Duo MFA login worked on iOS and IpadOS 15.7 and 16.0.X.
@Trailcamper I don't wanna update my iPhone to 16.1 right now, but did I found a report that 16.1 had VPN trouble on multiple platforms (Cisco, OpenVPN, ...) and a possible solution was:
VPN not working on iPad after this update. Readers reported issues for Cisco IPSec VPN (Bog), OpenVPN (Jason), and 18.104.22.168 VPN (Vignesh M.).
Fix: Remove app and VPN profile -> Reset Network Settings -> Reconfigure VPN.
Did you tried this already?
This Fix don't work in my case with the Sonicwall cliente
@Juan_Moreno did you escalated with Support already to get this investigated? If it's a general 16.1 problem I guess it'll grow in the next days/weeks when 16.1 hits GA.
I have done all of the usual. I suspect that the root problem is with MFA and the token that is being passed to the VPN client from the browser after the DUO push prompt (there is not a specific request to share the clipboard in the 22.214.171.124). Without the token from MFA then there is no time sensitive "password." 16.1 requires apps to ask for specific permission to share the clipboard. The other alternative is to embed a browser in the vpn client.
I do have a workaround but it is Cisco specific. The weblogin for the vpn is still working because the auth and the "client" are in the same application (Safari). I have made shortcuts in the portal to support iPadOS devices in the interim (allowing pop-ups is necessary though). Net Extender on Windows works just fine.
We don't use MFA, so the problem seems to be more general.
@TRO I'am late to the party, but since yesterday after updating to iOS 16.1 (GA), MobileConnect is stuck while Connecting to the SMA with SSLVPN protocol. WireGuard is working fine.
The SMA is showing the User as connected with SSLVPN protocol, but MobileConnect isn't working.
I am having the same issue with every iOS device that we have updated to iOS 16.1
Having the same issue with IOS 16,1 on iPhone 12 and IOS 16 for iPad. No updates to the client through the App Store. ANyone found a workaround ?
We have also the same issue with every iOS device that we have updated to iOS 16.1. Devices that are running with iOS 16.0 are working normally. We use a SMA400.
On iOS 16.1 and mobileconnect stuck on connecting. Same issue with iPadOS 16.1, but downgraded to 15.7 and working on that version,
If you are running sma 100 series and with firmware 10.2.X. You can put wireguard on top over sslvpn protocol.
This is a workaround for IOS16.1.
Only SSLVPN protocol was affected.
We are aware of this issue and do apologize for this major inconvenience.
There is a KB that will be updated regarding this issue. It can be found here: https://www.sonicwall.com/support/notices/notice-mobile-connect-client-fails-to-connect-after-upgrading-to-ios-16-1/221028103453833/
@micah - SonicWall's Self-Service Sr. Manager
Is there any progress regarding this issue? Almost a week gone and board members without vpn are no fun.
I opened a ticket and the only response I got was
I have reviewed case ##### and after investigating found that this knowledge base article may help with the stated issue ***URGENT Board member affected*** iOS 16.1 Sonicwall MobilConnect unable to establish vpn tunnel :
Notice: Mobile Connect Client fails to connect after upgrading to iOS 16.1 - https://www.sonicwall.com/support/knowledge-base/221028103453833.
I don't know what investigation was going on there, but reading the kb article was clearly not included since it says
Workaround: There is no Workaround for this issue as of now.
Some good advice from my side:
129 (=0x81) Primary DNS Server Address [RFC1877]
131 (=0x83) Secondary DNS Server Address [RFC1877]
As from my logs above:
Is iOS rejecting the custom DNS settings?
Same as @TRO, we are getting a lot of heat about this issue, all of upper management uses iPhones. Our email server is behind the firewall so they can't get email on their phones.
Has anybody come up with a viable workaround? We started looking at WireGuard for a free fix but it seems clumsy to configure it behind a Sonicwall Firewall and we cant find any write-ups about it, its more than just a port forward to get it to work. Using pfsense with WireGuard would probably be a better way to go about it and there are more resources but a lot of work. Thanks!
@CPS_IT if you're running a SMA 100 Series you could use Firmware 10.2.1.6 which includes WireGuard Support, it works pretty good but broke at least at one Deployment Application Offloading for Exchange. In that scenario a simple Port Forward is enough.