I’m fairly sure this isn’t a Tailscale issue per se, but it is reproducible in certain circumstances and maybe you could work around it. The issue is:
- Tailscale running on iOS (all updates)
- Cellular connection, no WiFi in range
- Everything is fine, can access public and private networks as you would expect
- iPhone travels through an area of terrible cellular coverage (won’t be able to receive calls/sms/use data network)
- When cellular coverage is restored the iOS data networking is half broken
The symptoms are that basically any higher level network apps will fail, whether they are accessing the Tailscale network or the public one. So a Twitter client won’t load, web pages won’t load, Calendars won’t refresh, ssh to private Tailscale IPs fail). The Tailscale client shows as connected, and the iOS VPN status in settings does too.
Even though most networking fails, functions like ping to 220.127.116.11 work fine, making the network seem functional to some degree. The fix is to turn Tailscale off then back on and things are back to normal.
The reason I don’t think this is unique to Tailscale is that I’ve seen the same behavior using the Guardian iOS firewall (https://guardianapp.com). This is implemented as a VPN as well, and it exhibits the exact same behavior (I’m not using them at the same time, but they do the same thing independently).
This seems like it is an issue with iOS, but if you can detect it the fix seems to be something that Tailscale could implement. The problem shouldn’t be very widespread…I have never seen it in an urban setting, but I regularly travel through some rural areas where it happens each time.
HI caphill and welcome to Tailscale forum,
Can you reproduce this issue and share the specific steps with us?
Do you have DNS servers set in Tailscale admin or is Magic DNS enabled? If so, turn these off and try again.
Does pinging a DNS name (google.com) work, not just 18.104.22.168?
Tailscale CEO Avery has a tool at http://gfblip.appspot.com (note: not https). Try using this to diagnose.
It is simple to reproduce, but only in the correct network environment (poor cellular coverage)
- Enable Tailscale on iPhone (in good coverage, so everything works)
- Travel through an area of poor/no cellular coverage (e.g. just drive or walk through)
- Return to an area of good coverage
At this point Tailscale and Settings -> VPN will show connected, however, data networking (even to non-Tailscale sites/IP addresses) will fail.
I have DNS set (not Magic DNS), but I really can’t disable it as it would disrupt the whole company’s Tailscale use. I don’t seem to be able to disable this client side either.
Ping works to 22.214.171.124
Ping to private ip fails
DNS lookup of www.google.com fails
ping to www.google.com fails
All of these stay in this state even when I return to a good coverage area or even connect to WiFi.
One other note is that the tool I am using (https://apps.apple.com/us/app/network-analyzer-pro/id557405467) shows the Tailscale provided DNS host when I try the DNS lookup.
Everything returns to normal when I disable Tailscale (at that point the DNS server shown goes to the one provided by my LAN). Things stay normal if I re-enable Tailscale (I again see the Tailscale DNS but connectivity is fine).
So it seems that something like:
- Tailscale and/or iOS thinks the tunnel is up and so sets the DNS
- Tunnel is down so DNS is not reachable (nor are private IP addresses)
- DNS lookups fail, even to public addresses
The issue here is that it makes Tailscale fairly disruptive in poor coverage areas. It means that I lose public network access just by passing through one.
I can’t use this during the issue b/c I can’t reach it.
Hi @caphill This is curious.
Could you also try toggling in and out of airplane mode for us?
The idea here is to force iOS to generate an event to see if that helps.
If this does not work, send an email to firstname.lastname@example.org with:
Link to this forum post (so you don’t have to rewrite everything)
Tailscale phone IP
Rough time that this happens
We’ll then take a look at the debug logs and see if we can figure this out!
Am also seeing the exact same issue on iOS
I’ve experienced the same behaviour on iOS too.
Can you please provide us with the following details for troubleshooting this connection issue?
destination IP (and ideally port)
time (with timezone)
Tailscale version of the source machine
Tailscale version of destination machine (or the Tailscale subnet relay machine)
Feel free to email these details to email@example.com.
I wasn’t able to replicate the loss of network functionality while switching across networks - maybe this was a previous version.
However I believe this may be linked to a conflict on iOS between the Tailscale app and the WireGuard app.
Steps to reproduce:
- Connect to tailscale using the iOS app
- Open WireGuard app, connect to a VPN
- Wait for WireGuard to connect
- iOS VPN settings show WireGuard connected
- Switch back to tailscale app
- Tailscale status switch shows active.
- In tailscale app, toggling switch results in switch turning off, but status is displayed as active.
- Force quitting tailscale app and reopening app results in tailscale regaining control of iOS VPN connection and successful reconnection.
Perhaps tailscale app needs to poll iOS VPN status upon regaining the focus?
We logged the GitHub issue, please subscribe the same for future update.