[BUG] Problematic behaviors on iOS

There are a few things going on with Zero Trust on iOS I want to bring your attention to:

  • The iOS app doesn’t support all modes which can be set in the dashboard. For example Gateway without DNS or Device Information Only won’t work on this platform. The problem here is, this isn’t documented anywhere - you should add some warning to the dashboard.
  • Adding Local Domain Fallback domains with external resolvers leads to these IP addresses being automatically excluded from the split tunnel configuration on iOS, which doesn’t happen on other operating systems. This makes it impossible to resolve internal DNS names without a resolver policy - which requires an enterprise plan. Adding a switch to the Local Domain Fallbacks to explicitly define whether to exclude the addresses would be great feature here. Also this inconsistent behavior on various platforms is rather suboptimal
  • When the mode in the settings is set to Gateway without DNS, the Local Domain Fallback gets greyed out on the dashboard, which makes perfect sense. However the Local Domain Fallback configuration which was previously set, still gets pushed to the devices. Since the iOS app doesn’t support Gateway without DNS, the Local Domain Fallbacks still get applied - including the exclusion of the local resolvers in the split tunnel configuration. This is an also rather weird behavior which isn’t obvious at the first sight - some warning here would also be great.
  • And the probably worst bug is in regards to the alternate networks feature. When the iOS app connects to WARP while on Wi-Fi, iOS switches the connection over to 5G for a few seconds. This leads for WARP to reevaluate the current alternate network - which obviously changes because of the switch to the external 5G network - and restarts the connection with the new settings. But iOS then reconnects to the Wi-Fi which leads WARP to reevaluate again. This results in a theoretical infinite loop with “Connecting…”, which only gets resolved when a race condition is reached in which the iOS Wi-Fi reconnect is faster than the alternate network check in the WARP app.

I hope there is some feedback here you can work with and make Zero Trust even better.
Best regards :smiling_face: