Network loss after period of bad cellular/WiFi connectivity on iOS

caphill · October 26, 2020, 1:47pm

I’m fairly sure this isn’t a Tailscale issue per se, but it is reproducible in certain circumstances and maybe you could work around it. The issue is:

Tailscale running on iOS (all updates)
Cellular connection, no WiFi in range
Everything is fine, can access public and private networks as you would expect
iPhone travels through an area of terrible cellular coverage (won’t be able to receive calls/sms/use data network)
When cellular coverage is restored the iOS data networking is half broken

The symptoms are that basically any higher level network apps will fail, whether they are accessing the Tailscale network or the public one. So a Twitter client won’t load, web pages won’t load, Calendars won’t refresh, ssh to private Tailscale IPs fail). The Tailscale client shows as connected, and the iOS VPN status in settings does too.

Even though most networking fails, functions like ping to 8.8.8.8 work fine, making the network seem functional to some degree. The fix is to turn Tailscale off then back on and things are back to normal.

The reason I don’t think this is unique to Tailscale is that I’ve seen the same behavior using the Guardian iOS firewall (https://guardianapp.com). This is implemented as a VPN as well, and it exhibits the exact same behavior (I’m not using them at the same time, but they do the same thing independently).

This seems like it is an issue with iOS, but if you can detect it the fix seems to be something that Tailscale could implement. The problem shouldn’t be very widespread…I have never seen it in an urban setting, but I regularly travel through some rural areas where it happens each time.

Thanks.

SupportBot · October 27, 2020, 6:33pm

HI caphill and welcome to Tailscale forum,

Can you reproduce this issue and share the specific steps with us?

Do you have DNS servers set in Tailscale admin or is Magic DNS enabled? If so, turn these off and try again.

Does pinging a DNS name (google.com) work, not just 8.8.8.8?

Tailscale CEO Avery has a tool at http://gfblip.appspot.com (note: not https). Try using this to diagnose.

caphill · November 2, 2020, 3:25pm

It is simple to reproduce, but only in the correct network environment (poor cellular coverage)

Enable Tailscale on iPhone (in good coverage, so everything works)
Travel through an area of poor/no cellular coverage (e.g. just drive or walk through)
Return to an area of good coverage

At this point Tailscale and Settings -> VPN will show connected, however, data networking (even to non-Tailscale sites/IP addresses) will fail.

I have DNS set (not Magic DNS), but I really can’t disable it as it would disrupt the whole company’s Tailscale use. I don’t seem to be able to disable this client side either.

Ping works to 8.8.8.8
Ping to private ip fails
DNS lookup of www.google.com fails
ping to www.google.com fails

All of these stay in this state even when I return to a good coverage area or even connect to WiFi.

One other note is that the tool I am using (https://apps.apple.com/us/app/network-analyzer-pro/id557405467) shows the Tailscale provided DNS host when I try the DNS lookup.

Everything returns to normal when I disable Tailscale (at that point the DNS server shown goes to the one provided by my LAN). Things stay normal if I re-enable Tailscale (I again see the Tailscale DNS but connectivity is fine).

So it seems that something like:

Tailscale and/or iOS thinks the tunnel is up and so sets the DNS
Tunnel is down so DNS is not reachable (nor are private IP addresses)
DNS lookups fail, even to public addresses

The issue here is that it makes Tailscale fairly disruptive in poor coverage areas. It means that I lose public network access just by passing through one.

I can’t use this during the issue b/c I can’t reach it.

Thank you.

SupportBot · November 3, 2020, 9:39pm

Hi @caphill This is curious.
Could you also try toggling in and out of airplane mode for us?
The idea here is to force iOS to generate an event to see if that helps.

If this does not work, send an email to support@tailscale.com with:
Link to this forum post (so you don’t have to rewrite everything)
Tailscale phone IP
Rough time that this happens

We’ll then take a look at the debug logs and see if we can figure this out!