iOS 14.5 - using NextDNS and VPN together
I have an iPhone running iOS 14.5.1.
When my iPhone connects to a network - whether trusted or untrusted - I want to use NextDNS (to block ads)
When my iPhone connects to an untrusted network I also want it to use Cloudflare’s Warp VPN (so those on the untrusted Wi-Fi network cannot eavesdrop / intercept my connection).
Is this NextDNS & Warp VPN combination on my iPhone at all possible? If not, any suggestions to get what I am looking for on my iPhone, which is (1) ad blocking all the time and (2) VPNs when connected to untrusted networks?
I see this is a known issue for iOS (and macOS) - see https://help.nextdns.io/t/35hlk1r/known-issues-with-iosmacos-system-encrypted-dns-doh-support where it says:
macOS & iOS: VPN Conflict
When a VPN is connected, the Encrypted DNS profile is ignored in favor of the DNS server advertised by the VPN with no option to change this behavior. The DNS profile is still shown as active in the OS settings, which is confusing for the user.
We believe that Encrypted DNS should be part of the traffic going through the VPN as it is the case on other platforms. If you agree, please submit your feedback to Apple using Feedback Assistant.
Status: reported, probably won't fix
I have a solution that seems to work quite well.
- install the WireGuard iOS app (https://apps.apple.com/us/app/wireguard/id1441195209)
- generate a WireGuard config of Warp (I did this on my Windows PC) - you can find instructions of how to do this at https://github.com/ViRb3/wgcf - and then import the new WireGuard config settings (I had to put in a ZIP file and save on Google Drive to allow access of the config settings on my iOS app)
- change the DNS settings of the WireGuard config in the app so they are blank (i.e. remove 188.8.131.52) - this then allows the iOS encrypted DNS settings to work
- Make sure that NextDNS iOS app is active but you need to switch off "Use Ultra-Low Latency Network" in the settings
Does this work?
I have this working with NordVPN. Nord allows you to enter a custom DNS server and here is what I have done. It’s not perfect but it does work.
1. Setup a profile for your phone in NectDNS and copy the custom URL to link your IP address.
2. Create two automations in the Shortcuts app that Apple provides.
- The first one is for when you connect to a WiFi network and has the following:
— When the phone connects to a WiFi network, call the custom URL to link your IP to the NextDNS configuration.
- The second automation is
— When I leave the location of my house, call the custom URL to link your IP to link your IP to the NextDNS configuration.
With both of these I am always protected and my IP always linked to the NextDNS configuration.