What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

Question

Everything works fine over Wi-Fi.

I tried disabling IPv6 using a provisioning profile.

I tried on two different devices (iPhone 6 and current iPhone SE) using the same VPN provisioning profile (each device on its own LTE carrier).

score 1 · Accepted Answer · answered Jul 17 '20 at 01:05

Figured it out! It was a MTU issue.

The following iptables rules saved the day!

-A FORWARD -p tcp -m policy --dir in --pol ipsec -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280
-A FORWARD -p tcp -m policy --dir out --pol ipsec -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1280

What can cause an iOS device to be able to connect to IKEv2/IPsec VPN over LTE but not browse most websites?

1 Answers1