Deploy BIG-IP Edge Client (iOS) with configuration string
Greetings all, I'm very new to F5 (only responsible for deploying Edge Client with MDM) and need some basic assistance. Are there any more examples available for Configuration XML strings used to deploy the Edge Client via MDM and VPP to iOS devices with connection settings already established? Specifically we are utilizing JAMF as our MDM. Apps can be given configuration settings in their deployment. I was attempting to use the below string but I'm getting an error - 'Incorrect Format'. Help is appreciated. Thanks! We are using user name and password for authentication, and it is an SSL appliance. IPv4 UserDefinedName The Name of our connection VPN AuthName $USERNAME RemoteAddress our F5 Address OnDemandMatchAppEnabled VPNSubType [com.f5.F5-Edge-Client.vpnplugin](//com.f5.F5-Edge-Client.vpnplugin) VPNType VPN289Views0likes0CommentsF5 Access 2018 app shows "Unable to retrieve network access configuration" on iPhone 7 with iOS 12 (beta)
F5 Access 2018 app shows "Unable to retrieve network access configuration" on iPhone 7 with iOS 12 (beta) when we use Web Logon for authentication (for OTP codes). If we choose Native authentication (and remove the requirement for OTP), the VPN establishes just fine. On the server side, "Session deleted due to user logout request." when the user receives the error message. We're using split-tunnel VPN. A user reported getting the above error after upgrading to iOS 12 Beta and installing the F5 Access 2018 app. I have replicated this on a brand new iPhone 7 after upgrading it to iOS 12. Am suspecting this is an iOS 12 Beta bug, but it is a problem nonetheless. See below for the relevant part of the client logs. I also saw this old thread which refers to the exact same "Error 111" message on iOS as seen in the F5 Access client log: https://stackoverflow.com/questions/20454853/nsxmlparsererrordomain-111 Excerpt from client log: PacketTunnelProvider.swift, 477, startTunnel(options:completionHandler:), Session has been established VpnFavoriteListOperation.swift, 110, main(), VPN Favorites failed: Error Domain=NSXMLParserErrorDomain Code=111 "(null)" PacketTunnelProvider.swift, 484, startTunnel(options:completionHandler:), Network parameters have been received PacketTunnelProvider.swift, 487, startTunnel(options:completionHandler:), Failed to get NA settings Internal Error: VPN resource was not found PacketTunnelProvider.swift, 334, displayMessage(_:completionHandler:), Unable to retrieve network access configuration Full log: 2018-07-09,13:23:07:672, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 368, startTunnel(options:completionHandler:), ------------------------------------------------------------ 2018-07-09,13:23:07:684, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 369, startTunnel(options:completionHandler:), Release Version: 3.0.0 2018-07-09,13:23:07:698, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 370, startTunnel(options:completionHandler:), Bundle Version: 3.0.0.224 2018-07-09,13:23:07:704, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 371, startTunnel(options:completionHandler:), Build Date: Fri Mar 2 13:20:26 PST 2018 2018-07-09,13:23:07:709, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 372, startTunnel(options:completionHandler:), Build Type: CM 2018-07-09,13:23:07:712, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 373, startTunnel(options:completionHandler:), Changelist: 2509912 2018-07-09,13:23:07:715, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 374, startTunnel(options:completionHandler:), Locale: engelsk (Norge) 2018-07-09,13:23:07:718, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 375, startTunnel(options:completionHandler:), ------------------------------------------------------------ 2018-07-09,13:23:07:727, 264,7683,PacketTunnel, 48, PacketTunnelProvider.swift, 382, startTunnel(options:completionHandler:), Connection Parameters: Optional("serverAddress: https://fjerntilgang.tine.no,password: ,ignorePassword: false,passwordExpirationTimeStamp: -1,passwordReference: not-set,passwordExpired: falseidentityReference: not-set,postLaunchUrl: ,webLogon: true,launchedByUriScheme: false,vpnScope: device,startType: manual,deviceIdentity: assignedId: ,instanceId: ,udid: ,macAddress: ,serialNumber: ") 2018-07-09,13:23:42:181, 264,7947,PacketTunnel, 48, PacketTunnelProvider.swift, 166, checkForConfigurationUpdate, Request update configuration with "{ "savePasswordEnabled" : false, "weblogonAutoPopulateEnabled" : true, "clearPassword" : false, "enforceWebLogon" : false, "enforceLogonMode" : false, "launchedByUriScheme" : false, "timeStamp" : -1, "logonSucceed" : true }" 2018-07-09,13:23:42:222, 264,7947,PacketTunnel, 48, PacketTunnelProvider.swift, 477, startTunnel(options:completionHandler:), Session has been established (Session ID: c47c4cf6) 2018-07-09,13:23:42:446, 264,12807,PacketTunnel, 1, VpnFavoriteListOperation.swift, 110, main(), VPN Favorites failed: Error Domain=NSXMLParserErrorDomain Code=111 "(null)" 2018-07-09,13:23:42:454, 264,12807,PacketTunnel, 48, PacketTunnelProvider.swift, 484, startTunnel(options:completionHandler:), Network parameters have been received 2018-07-09,13:23:42:459, 264,12807,PacketTunnel, 1, PacketTunnelProvider.swift, 487, startTunnel(options:completionHandler:), Failed to get NA settings Internal Error: VPN resource was not found 2018-07-09,13:23:42:487, 264,12807,PacketTunnel, 1, PacketTunnelProvider.swift, 334, displayMessage(_:completionHandler:), Unable to retrieve network access configuration1.1KViews0likes5CommentsSSL VPN iOS 12 connection error
All, After a while I wanted to start to use the F5 VPN again on the iPhone. I'm 100% sure that the policy is not changed since last time, when I was using the F5-App on the iOS10.x-11.x Now I'm ending up with the following errors on the client/server side: On the iPhone (PacketTunnel.log): 2019-01-12,18:57:53:263, 5332,13835,PacketTunnel, 48, PacketTunnelProvider.swift, 503, startTunnel(options:completionHandler:), Session has been established (Session ID: cbbdf673) 2019-01-12,18:57:53:537, 5332,14855,PacketTunnel, 48, PacketTunnelProvider.swift, 510, startTunnel(options:completionHandler:), Network parameters have been received 2019-01-12,18:57:53:737, 5332,14855,PacketTunnel, 1, PacketTunnelProvider.swift, 1058, establishTunnel(_:completionHandler:isReconnecting:), Tunnel connection fails: Error Domain=F5ChannelError Code=0 "" UserInfo={F5ChannelErrorCode=0, NSLocalizedDescription=} 2019-01-12,18:57:53:740, 5332,14855,PacketTunnel, 48, SessionManager.swift, 346, logout(_:completionHandler:), Start session logout request hangup code: (4) (Session ID: cbbdf673) 2019-01-12,18:57:53:880, 5332,7951,PacketTunnel, 48, SessionManager.swift, 399, logout(_:completionHandler:), Finished session logout request with hangup code (4) (Session ID: cbbdf673) ` And on the F5 APM logging: `Jan 12 18:57:56 bigip1 notice tmm[14712]: 01490567:5: /Common/SSL:Common:cbbdf673: Session deleted (network_error, code - 4). I'm running BIG-IP 12.0.0 Build 1.0.628 Hotfix HF1 Any help is really appreciated!! Edit1: From windows machine it is working, no problems there. Edit2: Just updated to BIG-IP 12.1.3.7 Build 0.0.2 Point Release 7, same errors. Edit3: Got my hands on a Ipad with ios11, working perfectSolved632Views0likes1CommentDoes the "Static Hosts" feature work for IOS VPN clients?
I've searched in vain for this elsewhere. Can I give IOS VPN clients (using F5 Access 3.0) a hosts file entry? The goal is for users to hit an internal server using an unqualified name. I've configured one in the network access list, but the test iPad behaves as if it's not there. There is no split tunnelling.Solved794Views0likes2CommentsAn invalid or expired certificate was presented by the server
Hi Guys! So we are building a per-app VPN setup using Intune för iOS (iPADOS) units and we pushed out F5 Access app along with Intune F5 Access App which is then configured using F5 Access VPN profile using authentication with certificate which is pushed out to the device from internal CA using connector. Certificates for device is installed fine along side with root and intermediate, the profile in F5 Access app has all the settings correct and the certificate is listed. On server side we also configured everything with access policy for iOS, we have added certificate for root and intermediate for trust and everything looks as it should but we seem to have missed something and are unable to initiate a VPN connection, the device attempts to start a VPN tunnel but failes to do so with error "An invalid or expired certificate was presented by the server" What are we missing? Something with the ceritficates? a setting on device? something on server we missed adding the trust? 2021-05-11,15:36:54:112, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:435, startTunnel(options:completionHandler:), ------------------------------------------------------------ 2021-05-11,15:36:54:112, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:436, startTunnel(options:completionHandler:), Release Version: 3.0.7 2021-05-11,15:36:54:112, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:437, startTunnel(options:completionHandler:), Bundle Version: 3.0.7.402 2021-05-11,15:36:54:113, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:438, startTunnel(options:completionHandler:), Build Date: Mon Sep9 12:13:19 PDT 2019 2021-05-11,15:36:54:113, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:439, startTunnel(options:completionHandler:), Build Type: CM 2021-05-11,15:36:54:113, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:440, startTunnel(options:completionHandler:), Changelist: 3134102 2021-05-11,15:36:54:114, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:441, startTunnel(options:completionHandler:), Locale: English (Sweden) 2021-05-11,15:36:54:114, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:442, startTunnel(options:completionHandler:), ------------------------------------------------------------ 2021-05-11,15:36:54:117, 537,21259[com.apple.NSXPCConnection.user.endpoint],PacketTunnel, 48, PacketTunnelProvider.swift:451, startTunnel(options:completionHandler:), Connection Parameters: Optional("serverAddress: https://ourserver.adress.com, password: , ignorePassword: false, passwordExpirationTimeStamp: -1, passwordReference: not-set, passwordExpired: false, identityReference: set, postLaunchUrl: , webLogon: false, launchedByUriScheme: false, vpnScope: device, startType: manual, deviceIdentity: assignedId: ,instanceId: ,udid: ,macAddress: ,serialNumber: ") 2021-05-11,15:36:54:229, 537,21259[com.apple.NSURLSession-delegate],PacketTunnel, 1, AsyncURLRequest.swift:186, urlSession(_:didReceive:completionHandler:), Server certificate can not be trusted. 2021-05-11,15:36:54:233, 537,21259[com.apple.NSURLSession-delegate],PacketTunnel, 1, ProfileDownloadOperation.swift:94, main(), Profile download failed: sslInvalidServerCertificate 2021-05-11,15:36:54:236, 537,10507[com.apple.root.default-qos],PacketTunnel, 1, SessionManager.swift:127, logon(connectionParams:completionHandler:), Failed to download Profile Settings...Error:sslInvalidServerCertificate 2021-05-11,15:36:54:237, 537,10507[com.apple.root.default-qos],PacketTunnel, 1, PacketTunnelProvider.swift:527, startTunnel(options:completionHandler:), Failed to logon Error Domain=f5PacketTunnelProvider Code=0 "An invalid or expired certificate was presented by the server" UserInfo={NSLocalizedFailureReason=Error Domain=PacketTunnel.AsyncURLRequestError Code=5 "An invalid or expired certificate was presented by the server", NSLocalizedDescription=An invalid or expired certificate was presented by the server} 2021-05-11,15:36:54:238, 537,10507[com.apple.root.default-qos],PacketTunnel, 1, PacketTunnelProvider.swift:383, displayMessageIfUIVisible, An invalid or expired certificate was presented by the server Any thoughts be much appreciated! Thanks in advance Alex1.5KViews0likes1CommentAPM versions compatible with F5 ACCESS for iOS
Trying to determine the minimum APM version required for F5 ACCESS for iOS 11. Found https://devcentral.f5.com/articles/faq-f5-access-2018-30203?tag=APM and https://support.f5.com/kb/en-us/products/big-ip_apm/manuals/product/apm-clientcompatmatrix-13-0-0.html for v13 support of F5 Access v3. My client does not have immediate budget for hardware upgrade to get to v13, but has requirement to support iOS 11 devices. Can F5 Access v2 be used with APM v12 or ideally v11.6 until their next budget cycle?256Views0likes1CommentHow to use F5 in Enterprise Android/iOS application
Hello everybody, I've made an Android/iOS app for a client to use inside his enterprise network, logging through simple json web token. He has some enterprise web applications that use F5 to grant access from everywhere. Now he wants the same thing for my app. He could not give me any other information but "WE USE F5!" How to proceed? I really don't know where to begin... Thanks (Sorry, I don't know if TECHNOLOGY check tag is right)184Views0likes0CommentsAPM Client side features for iOS and Android
The APM provides a list of supported access and endpoint security features showing Windows, Linux, and MAC. But it isn't clear which of these functions, if any, are available for mobile devices. Specifically iOS and Android. For example. I would like to do a couple simple 'fingerprint' checks on the devices. Is it possible to check to see if a certain certificate is present on the mobile device (something that our MDM placed there)? Any feedback and suggestions would be greatly appreciated. We do have MobileIron and I'm looking at perhaps using the iApp for MobileIron. Unfortuantely the information on DevCentral seems to have stopped after the first article.. there was no subsequent part II.377Views0likes1Comment11.6.0 SPDY Connection from iOS 8
Sorry to make this so generic, but has anybody seen an iOS 8 device successfully connect to a SPDY enabled virtual server on 11.6.0? I've tried applying /Common/spdy under both HF1 and HF3, and iOS devices stop being able to connect. Wireshark shows rapid connection attempts until the user cancels. Safari on Yosemite also seems unhappy, but every other browser functions correctly and the statistics show plenty of SPDY requests happening. Thanks for any sanity check you can offer.314Views0likes4CommentsF5 APM and external mobile application log in
Hi everybody, I'm a beginner and i start looking for solutions to create a connection between an IOS and Android and our F5 APM module. So far we're using mobile web application instead of mobile native application. In that case it's easier, we're using the native logon F5 form to establish a connection between the mobile browser (any browser in fact) from internet to our web mobile site in our Intranet. The idea 'll be to use the same mecanism but from our native apps. I already know that it's possible to use an external logon form (src : [https://devcentral.f5.com/questions/how-to-use-apm-external-logon-pages] ), i guess we could use something like that in our case. The mobile app will send the connection data with an http post request like the form to implement on the example before. If anybody has implemented this kind of solutions using F5 APM i would be very pleased to know how it's possible. Thanks, Xavier.453Views0likes3Comments