ish icon indicating copy to clipboard operation
ish copied to clipboard

Published 20 hours ago verified publisher icon ish-app

Ressources reachable from VPN are not reachable from the application...

Open mcnahum opened this issue 6 years ago • 10 comments

when I mount a vpn to access work or home ressources I cannot reach them from the application.( even a simple nslookup) App like net analyzer can reach them.

My end goal is to run ldapsearch queries...

mcnahum avatar Dec 28 '18 21:12 mcnahum

Did you try using the IP address or the domain name of the internal resource? I don't know why using an IP address wouldn't work.

tbodt avatar Dec 28 '18 22:12 tbodt

Just an additional data point- this exact thing (ldapsearch over VPN) is working for me on the current TestFlight release 40 with a Cisco AnyConnect VPN connection active on my iPad Pro.

My ldapsearch query works using the hostname (without domain) for the connection.

mthused avatar Jan 04 '19 22:01 mthused

I see the same issue here when connected via VPN, versus when connected directly.

When I have another app (e.g. Termius / Blink) they’re able to route traffic across the VPN.

ISH on the other hand is unable to route across the VPN.

Typically I’d look to route / net stat but they’re not working due to lack of /proc entries

This is using a F5 VPN.

marksergeant avatar Feb 08 '19 06:02 marksergeant

@marksergeant To confirm, you're routing across the VPN using the remote IP address or the domain name? The DNS configuration management is questionable, but any IP addresses you use are passed directly through to the socket APIs, and I don't know of any reason that wouldn't route through the VPN.

tbodt avatar Feb 08 '19 06:02 tbodt

I doubled check and for me IP/ FQDN same issue with iSH it's not crossing the VPN.

I'm using Pulse Secure on my side.

mcnahum avatar Feb 08 '19 07:02 mcnahum

Confirmed, ping / ssh / traceroute all fail to VPN ips.

They work successfully to local IPs and internet IPs.

marksergeant avatar Feb 08 '19 08:02 marksergeant

Still working as expected for me on the latest TestFlight release with Cisco AnyConnect mobile, so it looks as if it may be VPN client or configuration dependent? I can send/receive apparently anything to or from VPN internal hosts by IP or unqualified hostname or FQDN and it all works. VPN connection is active before opening Ish.

mthused avatar Feb 08 '19 17:02 mthused

Ok, some further testing.

ISH open both prior to and post instantiating the VPN connection fails. Host / dig unfortunately crash ish, so can’t try anything more there.

Ping and mtr to the DNS server IP address actually works. Ping to the gateway shown in the VPN client doesn’t work within iSH.

The only thing I can think is it’s getting caught up having two default routes in play.

Whilst trying various things in iSH I can confirm Blink / Termius work as expected when sshing.

Let me know what else I can try to assist here, my standard troubleshooting is failing me without /proc or strace!

marksergeant avatar Feb 10 '19 11:02 marksergeant

OpenVPN works fine for ssh, scp etc, although I've only used IPv4 addresses and not tested DNS.

drpump avatar Feb 13 '19 22:02 drpump

My institution uses Global Protect VPN server. I can access the remote machine with Remote Desktop RD Client, but can't access through iSH app (doesn't matter whether I use the IP or the DNS). Not sure how to proceed. Anyone knows how to solve this issue?

iuryt avatar Oct 22 '23 22:10 iuryt