Network Protection does not work with Custom DNS on iOS 16 and 17

[jurajhilje]

Description

Customer bug report:

For the past year I cannot reliably get IVPN's network protection (automatically connecting/disconnecting) to work as long as I am using custom DNS. I typically use NextDNS and tried DoH and DoT plus generic Cloudflare DoH. Most of the time when a connection is triggered IVPN just flip-flops connecting - disconnected. As soon as I disable custom DNS, network protection works perfectly. All versions of iOS 16 and 17 -- no difference.

[gorkapernas]

@jurajhilje I can also reproduce the issue on iOS 17, let me know if you need any help with this.

[jurajhilje]

@gorkapernas OK thanks for checking this! I'll look into it asap and let you know how it goes.

[jurajhilje]

@gorkapernas Also, flip-flop connecting indicates that crash of the WireGuard VPN tunnel is not handled properly in this case. I'll see if I can implement error handling similar to invalid WG keys error.

[gorkapernas]

STR:

1. Use a NextDNS endpoint with DoH
2. Enable Network Protection
3. Set WIFI to untrusted
4. Change network to mobile data
5. Change network back to WIFI
6. Observe that the keeps attempting to connect in a loop

[jurajhilje]

@gorkapernas The potential fix is available in 2.11.1 (7). Let me know how it goes.

[gorkapernas]

Verified fixed on versions 2.11.0 (7) and 2.11.0 (8), tested on iPhone XR iOS 17.1 and iPad 6 iOS 16.7, the app no longer keeps reconnecting when joining an untrusted network with custom DNS enabled, the connection is always established correctly. Also tested with next DNS, OpenVPN and WireGuard. This looks good to go.