I have setup a role for mobile users that works for iOS and Android. It is using split tunneling and has a set precedence to use the internal DNS server first (and then the client DNS). The DNS setting also pushes a couple of DNS search suffixes to the client.
When connecting with iOS, I can access internal ressources simply by their name (ommiting the DNS suffix) and it works as expected. However, I can not get Android to do the same. If I ommit the DNS suffix, Android seems to search it's local DNS server and not use the internal DNS server (as specified in the role's settings). If I access a ressource by specifying the host name as well as the DNS suffix (FQDN), Android uses the internal DNS server and it works.
Can anyone confirm this behavior? Is this normal/suspected? Can't Pulse re-configure Android's DNS subsystem?
I might add: Disabling split tunneling and thus forcing all traffic through the VPN does not help. Android keeps using the DNS server of it's primary network unless I use FQDNs.
Another addition: We tried different Android versions from 2.x up to 4.2, all with the same effect. All using the latest Pulse client from Play Store.
"Glad" to read we are not the only ones experiencing this issue.
We have a Juniper MAG-4610 running 7.1R6 (build 20169).
When connecting an Apple device running iOS 6.1 (10B141) outfitted with Junos Pulse Client 188.8.131.52145 the VPN sets up on the fly and we can access our internal resources via hostname (so correct DNS is used).
When connecting a Samsung Android device running Android 4.0.4 outfitted with Junos Pulse Client for Samsung 184.108.40.206101 the VPN also connects w/o any problem but hostnames cannot be resolved, only when using the FQDN names.
So far no luck in finding a way to make Android behave like iOS for this specific purpose.
If I do find anything useful on the subject I'll make sure to update this thread.
After some digging around I think what happens is pretty much what is described in this thread.
It seems Android completely disregards DHCP options 15 and 119. Last status is that it will be fixed in the next major release (be that 4.3 or 5.0) which, unfortunately, will mean for most current owners of an Android device, buy a new device.
I guess our company's choice between iOS and Android will be an easy one.
thank you for the update on the Android limitation listed and the impact for the VPN connection
And how do you explain that this worked for quite a while? Since the last Junos Pulse App Update on our Android Devices this isnt working anymore.
We always had split-tunneling enabled and were able to resolve internal resources and external names. Now DNS is only resolving externally...and we didnt do any changes to our SA configuration.
It is recommended to raise a case with JTAC,we need to confirm from logs if issue has alreday been reported.
I dont really know which version the users had before. Its just that since the last update it isnt working anymore. I'm talking about the latest generic one, the Samsung specific version is not being used (although we are using samsung devices).