Original Publication Date: 09/27/2016
In July 2016, Apple posted the release of the iOS Edge Client version 2.0.9. Users should download this new version from the app store.
When a user navigates to a site using the short form hostname, and the fully qualified hostname has been specified in the VPN proxy bypass list, on iOS 9 the proxy will not be used, and on iOS 10 the proxy will be used.
For example, suppose that in a network, lab-100.lab.siterequest.com is on the proxy bypass list, and the DNS suffix lab.siterequest.com is defined. When an Edge Client user tries to access the site using the address lab-100, the proxy is used on the iOS 10 client, but the proxy is not used on the iOS 9 client. On both iOS 9 and 10, the proxy is bypassed when the full address lab-100.lab.siterequest.com is used to access the site.
|611899||When a user uses a per-app VPN configuration, that VPN connection is usually indicated with a VPN icon on the device status bar (at the top of the screen). In iOS 10, when an application that does not require the VPN is in the foreground, this VPN icon is not displayed. In addition, when Safari is used, even for a per-app VPN connection, the VPN icon is not displayed.
Note: The behavior for On-Demand and full device VPN configurations has not changed. For these configurations, the VPN icon is always displayed when the VPN connection is active, as long as the connection has not been disconnected.
|618956||On iOS 9 a client proxy exclusion entry name or IP address could be specified with wildcards. For example, the entry *.lab.siterequest.com would match ab-100.lab.siterequest.com. The entry 172.29.68.* would match 172.29.68.20. In both examples, the client proxy was bypassed. On iOS 10, client proxy exclusion list entries that are specified with wildcards do not bypass the proxy.|
The following are known iOS issues that affect the user experience when Edge Client is used on an iOS device. These issues may be addressed in the future by Apple.
|518576||After a user triggers VPN On Demand, when attempting to reach a domain that ends in .local, Safari displays the error message: Safari could not open the page because the server stopped responding. Such connections continue to fail until the user refreshes the web page.|
|557905||On iOS 9, if an managed app is being updated while Per-App VPN is active, the updated app might not make use of the active session until the active session is expired and a new one is created. As a workaround, wait until the current session expires, and restart the updated app.|
|559388||After users upgrade Edge Client to a later version (such as 2.0.7) on iOS 9, the following message might be displayed when launching applications that trigger VPN On Demand (including per-app VPN): Please launch Edge Client to enable the VPN connection. To address this issue, users, when prompted, should manually launch Edge Client to accept the use of VPN. VPN On Demand connections are not available unless users accept the use of VPN in Edge Client.|
|582315||If users first establish a VPN connection using VPN on-demand, the connection fails when the proxy is required to access the backend server. This happens when users enable proxy configuration in the network access resource, located on the server side, and the VPN configuration has VPN on-demand suffixes on the client side. To work around this issue, reestablish the connection by refreshing the webpage in Safari.|
|588205||When the iOS device goes into sleep mode, the on-demand connection terminates before the disconnect timeout. This can cause the iOS system to go into a non-recoverable state, disconnecting the VPN. In this state, Edge Client cannot reconnect, even when within the disconnect timeout limit.|
|591017||On iOS 9 with "Connect on Demand" enabled for a VPN configuration, the system downloads the proxy auto-config (PAC) file only after a delay. Users should wait for more than one minute after establishing the VPN tunnel so the PAC script downloads and applies.|
|591501||On iOS 9, when per-app VPN is triggered by Safari, the session is deleted after an inactivity timeout, instead of after the expected on-demand disconnect. Per-app VPN connections triggered by a provisioned application have sessions deleted correctly after an on-demand disconnect timeout.|
|596581||On iOS 9, if users create a VPN configuration that uses a client certificate, then deletes Edge Client, the certificate is removed as well.|
|611523||On iOS 10, when an Edge Client configuration requires no user intervention to start, a user can establish or stop a tunnel without unlocking the device.|
|611923||On iOS 10, Edge Client fails to establish a manual or on-demand VPN connection when a per-app VPN connection is already established. The following error is displayed: Server unreachable. Please check your network connectivity and server address. As a workaround, establish the manual or on-demand VPN connection before starting any per-app VPN connections.|
|612163||Sometimes when the Edge Client is disconnected and reconnected in a short period of time, the client displays the Connecting status when the VPN tunnel is already established. To workaround this issue, send the Edge Client app to the background, then reopen the client. The Connected state is displayed.|
|612412||On Edge Client for iOS 10, sometimes when a client connects to a Network Access resource that has no lease pool defined, the client connection fails without any message. With iOS 9, an error message is displayed.|
|612518||In the iOS 10 Edge Client, when connecting to a server with a configuration that uses an FQDN in native mode, when the DNS server cannot resolve the FQDN, the client fails to connect, and no error message is displayed. With the iOS 9 client, an error is displayed in the same situation.|
|612625||In Edge Client for iOS 10, IPv6 routes are added to the routing table to facilitate tunnel connections. These routes are not removed after the client connection is closed. These routes are removed on iOS 9.|
|612592||In Edge Client for iOS 10, when a connection is established and then a user moves to a wifi network that doesn't have access to the APM server, the connection status doesn't change from Connected to Reconnecting immediately. It takes about two minutes to establish the reconnecting state.|
|612629||In Edge Client for iOS 10, all Edge Client configurations are not displayed in the Notifications pane. When you slide down to see notifications, only the first 6 configurations are displayed. When you slide left to see notifications, only the first 8 configurations are displayed.|
|612767||On an iOS 10 device with Edge Client and cellular data enabled, if the virtual server for the Network Access connection becomes unavailable, Edge Client shows an error message after the timeout duration is reached, but remains in the Disconnecting state for 15-20 seconds. On iOS 9, the Disconnected state is reported immediately after the timeout.|
|612997||With Edge Client on iOS 10, when a user connects to a Network Access VPN tunnel with Client Proxy settings enabled in the Network Access resource, and a Client Proxy Autoconfig Script is configured, the settings are applied when Safari is started. Safari continues to use this PAC file even when the VPN connection is reestablished. As a workaround, quit and restart Safari to get the PAC file changes.|
|615858||When a managed application requires a per-app VPN connection, and that per-app VPN profile is removed from an iOS 10 device while the managed application is in the foreground, the VPN icon remains active on the device for 5-10 minutes.|
|597950||Previously, under certain conditions related to using iOS App Configurations with MDM solutions and iOS Edge Client, the Edge Client crashed and displayed only the background after Edge Client was stopped and restarted again. This crash no longer occurs.|
For additional information, please visit http://www.f5.com.
You can find additional support resources and technical documentation through a variety of sources.
Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.
AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.
The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.