I set up SSL VPN Split Tunneling on XG, but I cannot access the Internet on the iPhone.
The same setting works on PC and android.
I disable Use as default gateway
This thread was automatically locked due to age.
Thank you for your response
iphone ios 14.7.1
SFVH (SFOS 18.0.5 MR-5-Build586)
I masked Public IP.
openvpn log
2021-09-14 19:49:06 1
2021-09-14 19:49:06 ----- OpenVPN Start -----
OpenVPN core 3.git::58b92569 ios arm64 64-bit
2021-09-14 19:49:06 OpenVPN core 3.git::58b92569 ios arm64 64-bit
2021-09-14 19:49:06 Frame=512/2048/512 mssfix-ctrl=1250
2021-09-14 19:49:06 UNUSED OPTIONS
3 [resolv-retry] [infinite]
4 [nobind]
5 [persist-key]
6 [persist-tun]
14 [route-delay] [4]
15 [verb] [3]
2021-09-14 19:49:06 EVENT: RESOLVE
2021-09-14 19:49:06 Contacting [*.*.*.*]:8443/TCP via TCPv4
2021-09-14 19:49:06 EVENT: WAIT
2021-09-14 19:49:06 Connecting to [*.*.*.*]:8443 (*.*.*.*) via TCPv4
2021-09-14 19:49:06 EVENT: CONNECTING
2021-09-14 19:49:06 Tunnel Options:V4,dev-type tun,link-mtu 1572,tun-mtu 1500,proto TCPv4_CLIENT,comp-lzo,cipher AES-128-CBC,auth SHA256,keysize 128,key-method 2,tls-client
2021-09-14 19:49:06 Creds: Username/Password
2021-09-14 19:49:06 Peer Info:
IV_VER=3.git::58b92569
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_GUI_VER=net.openvpn.connect.ios_3.2.3-3760
IV_SSO=openurl
2021-09-14 19:49:07 VERIFY OK: depth=1, /C=TW/ST=NA/L=NA/O=free/OU=OU/CN=Sophos_CA_*/emailAddress=*@*.*
2021-09-14 19:49:07 VERIFY OK: depth=0, /C=NA/ST=NA/L=NA/O=NA/OU=NA/CN=Appliance_Certificate_jk4Lp8ZesSNDjQ5/emailAddress=na@example.com
2021-09-14 19:49:09 SSL Handshake: CN=Appliance_Certificate_jk4Lp8ZesSNDjQ5, TLSv1.2, cipher TLSv1.2 DHE-RSA-AES256-GCM-SHA384, 2048 bit RSA
2021-09-14 19:49:09 Session is ACTIVE
2021-09-14 19:49:09 EVENT: GET_CONFIG
2021-09-14 19:49:09 Sending PUSH_REQUEST to server...
2021-09-14 19:49:10 Sending PUSH_REQUEST to server...
2021-09-14 19:49:12 Sending PUSH_REQUEST to server...
2021-09-14 19:49:12 OPTIONS:
0 [route-gateway] [10.81.234.5]
1 [sndbuf] [0]
2 [rcvbuf] [0]
3 [sndbuf] [0]
4 [rcvbuf] [0]
5 [ping] [45]
6 [ping-restart] [180]
7 [route] [192.168.99.0] [255.255.255.0]
8 [topology] [subnet]
9 [route] [remote_host] [255.255.255.255] [net_gateway]
10 [inactive] [900] [7680]
11 [dhcp-option] [DNS] [8.8.8.8]
12 [dhcp-option] [DNS] [168.95.1.1]
13 [ifconfig] [10.81.234.6] [255.255.255.0]
2021-09-14 19:49:12 PROTOCOL OPTIONS:
cipher: AES-128-CBC
digest: SHA256
compress: LZO_STUB
peer ID: -1
2021-09-14 19:49:12 EVENT: ASSIGN_IP
2021-09-14 19:49:12 NIP: preparing TUN network settings
2021-09-14 19:49:12 NIP: init TUN network settings with endpoint: *.*.*.*
2021-09-14 19:49:12 NIP: adding IPv4 address to network settings 10.81.234.6/255.255.255.0
2021-09-14 19:49:12 NIP: adding (included) IPv4 route 10.81.234.0/24
2021-09-14 19:49:12 NIP: adding (included) IPv4 route 192.168.99.0/24
2021-09-14 19:49:12 NIP: adding DNS 8.8.8.8
2021-09-14 19:49:12 NIP: adding DNS 168.95.1.1
2021-09-14 19:49:12 NIP: adding match domain ALL
2021-09-14 19:49:12 NIP: adding DNS specific routes:
2021-09-14 19:49:12 NIP: adding (included) IPv4 route 8.8.8.8/32
2021-09-14 19:49:12 NIP: adding (included) IPv4 route 168.95.1.1/32
2021-09-14 19:49:12 Connected via NetworkExtensionTUN
2021-09-14 19:49:12 LZO-ASYM init swap=0 asym=1
2021-09-14 19:49:12 Comp-stub init swap=0
2021-09-14 19:49:12 EVENT: CONNECTED alex@*.*.*.*:8443 (*.*.*.*) via /TCPv4 on NetworkExtensionTUN/10.81.234.6/ gw=[/]
Hi, you should not use 8.8.8.8 as an dns server on the vpn with a split tunnel, unless you allow, vpn->wan with snat. This is because 8.8.8.8 is on the outside but you're routing it through the tunnel, so it you can't access it. Only put internal dns in the vpn config.
2021-09-14 19:49:12 NIP: adding (included) IPv4 route 8.8.8.8/32
2021-09-14 19:49:12 NIP: adding (included) IPv4 route 168.95.1.1/32
Maybe you can edit the openvpn file for the iPhone.