Skip to main content
Chuck
Chuck
New Member
September 4, 2017
Question

IKEv2 iPhone and Facetime

  • September 4, 2017
  • 1 reply
  • 7038 views

I have successfully set up a supervised iPhone and deployed an always-on IKEv2 VPN to terminate on my Fortigate. As per IOS docs, the phone sets up 2 SA tunnels (1 for LTE, 1 for Wireless). I then send all traffic from the tunnels back out to the Internet so I can perform my filtering and logging using FW policies. I installed a cert on the phone and perform SSL deep-inspection.

 

All is working great except one iPhone app, Facetime.

 

For some reason (which I cannnot find an answer for on my Internet searches), Facetime just does not connect. It rings, but never connects.

 

I thought it was my deep-inspection, but removed that, have an any-any rule for the VPN.

I remove the profile, use the same rule for the phone on native wireless and Facetime works fine.

 

IOS docs do not call out any limitations in fact, always-on VPN is a supported feature and it even states Facetime and iMessgae and all IP traffic will go thru the tunnels.

 

Has anyone seen this before? Any workarounds either on cli options in the FG or IOS options on the VPN client?

 

Thanks.

 

Chuck

1 reply

Deftone
Deftone
New Member
October 25, 2017

I don't have anwser for the Facetime problem but question about the vpn configuration. How did you configured the vpn for IKEv2? Dit you followed the Wizzard? I just want to create IKEv2 VPN to configure my ios devices for always on VPN

Chuck
ChuckAuthor
New Member
October 25, 2017

I did follow the wizard. But then I converted it to a custom tunnel and edited the settings to match my iphone managed device. I needed to supervise the iphone, then use apple configurator 2 to setup the managed VPN. I played with the settings to match them up and all worked ok. 2 things. 1 it burned down the battery big time. 2, in trying to fix the facetime I upgraded the firewall to 5.6 and that broke everything (now the vpn doesn't work at all). tech support was no help. I abandoned the project.

Deftone
Deftone
New Member
October 26, 2017

Ok thanks for your reply. I did the same on OS 5.6 and indeed it's working. The only thing I have problem with is that the device must be erased before it can be supervised.. Because of that I think I will enable my vpn manually

Terms & ConditionsAccessibility statement