Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Managed Android device with Split Tunneling fail to honor split rules for DNS requests

ygini
Occasional Visitor
‎11-14-2022 03:50:AM
‎11-14-2022 03:50:AM

Managed Android device with Split Tunneling fail to honor split rules for DNS requests

Hello,

 

We are facing a issue we cannot understand and that really look like a low level bug. I would like to ask if it is a well known issue or not.

 

We have a Pulse Secure VPN Concentrator used with Windows, iOS and Android endpoints.

 

All using the same kind of Split Tunnling rules: tunnel what is internal subnets, the rest over Internet, and use our internal DNS servers for name services.

 

Android and iOS are both managed by Workspace ONE, and set to authenticate automatically using certificate based authentication.

 

iOS and Android endpoit share the same VPN realm when Windows is on a dedicated one.

 

On iOS, everthing works as expected and quite easily.

 

On Android, we see a low level split tunneling issue with DNS packets on Work Profile and Work Managed devices. Which we don't see on personnal devices configured manually.

 

On those managed Android, the tunnel open as expected, and all internal services works using direct IP access. When we use an internal FQDN however we have an issue, the DNS resolution for internal addresses fail.

 

If we do a packed capture on the VPN Concentrator, we see that only DNS HTTPS record are requested. The A request is not shown and actually sent on the DNS server available on the client local settings.

 

If we turn off the split tunneling, everything works fine, we see A and HTTPS DNS requests, only the A works, and everything happen as expected in Chrome.

 

As soon as the Split Tunnel is enabled, the A request goes outside the VPN and the HTTPS one inside the VPN, which lead to a failure, our internal FQDN is not resolved.

 

If we take a non managed Android device, and manually install a certificate and the Pulse client, everything works as expected. Disabling Secure DNS settings in chrome does not fix anything. Chaning the DNS order preference in the Pulse settings (client/device, device/client) does not change anything.

 

On iOS, no issue at all, even when managed.

 

It look like the Pulse Secure client is failing to tunnel A DNS request when runned on a Work Profile and Work Managed Android device when the Split Tunnel is requested.

 

Are you aware of that issue? Any resolution or workaround option?

 

Cheers

Yoann

0 Kudos
1 REPLY 1
zanyterp
Moderator
Moderator
‎11-14-2022 09:59:AM
‎11-14-2022 09:59:AM

Re: Managed Android device with Split Tunneling fail to honor split rules for DNS requests

i do not think we have seen a report on this; if you have not done so, please open a case with our support team
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.