<div dir="ltr">I don't have an answer but part of your premise confuses me. You said: "He can connect via ... <span style="font-size:12.8px">in-home wifi over vpn to office, and shaw open wifi outside". </span><span style="font-size:12.8px">if he can connect on public wifi (Shaw), why does he need a VPN to connect from home? And why did you mention Shaw public wifi specifically? Why not all public wifi?</span><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">I'm not an IOS guy at all but I was under the impression that iPhones will not connect without a valid certificate, including situations where a valid certificates name does not match the domain name. I've commonly seen this in situations where a phone connects to an internal Wifi and the phone does a DNS lookup for an external name, but then ends up hitting an internal IP address with a self-signed internal domain trusted certificate. Since the phone is not domain joined (unlike corporate laptops for example, it doesn't trust the cert and refuses to connect.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">One solution is to manually install the certificate on the iPhone.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">That being said, it doesn't match your scenario so I'm not sure this is your problem.</span></div><div><span style="font-size:12.8px"><br></span></div><div><span style="font-size:12.8px">John</span></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Mar 7, 2016 at 1:40 PM, Theodore Baschak <span dir="ltr"><<a href="mailto:theodore@ciscodude.net" target="_blank">theodore@ciscodude.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr">Not that I'd expect this to be the underlying cause, but have you tried with a valid cert? <a href="https://letsencrypt.org/" target="_blank">https://letsencrypt.org/</a> makes this free for those dabble in TLS without spending a fortune. <div class="gmail_extra"><span class="HOEnZb"><font color="#888888"><br clear="all"><div><div><div dir="ltr"><div><div dir="ltr"><br><div>Theodore Baschak</div><div><a href="https://ciscodude.net/" target="_blank">https://ciscodude.net/</a></div><div><a href="https://theodorebaschak.com" target="_blank">https://theodorebaschak.com</a>/</div></div></div></div></div></div></font></span><div><div class="h5">
<br><div class="gmail_quote">On Mon, Mar 7, 2016 at 12:30 PM, Trevor Cordes <span dir="ltr"><<a href="mailto:trevor@tecnopolis.ca" target="_blank">trevor@tecnopolis.ca</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Brad & I are having a weird problem with his iphone 4S (with the latest<br>
iOS versions).<br>
<br>
iphone builtin mail<br>
imaps (port 993)<br>
ssl (self-signed) (old ciphers disabled on server)<br>
dovecot<br>
<br>
He can connect to imap with the above config on his in-office wifi,<br>
in-home wifi over vpn to office, and shaw open wifi outside his<br>
office/home network.<br>
<br>
If he switches to 3G (I don't think his phone does LTE) then suddenly he<br>
can't connect! (With some useless "can't connect" error.)<br>
<br>
Huh? Duh?<br>
<br>
Exact same setup and settings on an iphone 5 works fine. Also works fine<br>
on Android. The problem is just on his 4S.<br>
<br>
Even more interesting, if he wifi tethers a PC to his 4S over 3G and hits<br>
imaps using thunderbird on the PC it works fine.<br>
<br>
My question is, what on earth does changing the connection layer have<br>
anything to do with this? Can the phone be doing something differently in<br>
the mail app depending on 3G or wifi??? Can the 3G network be blocking<br>
something (unlikely since the tethered PC works)? It make no sense<br>
whatsoever to me. Maybe his phone is p0wned? I'm stumped. Ideas?<br>
_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca" target="_blank">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" rel="noreferrer" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
</blockquote></div><br></div></div></div></div>
<br>_______________________________________________<br>
Roundtable mailing list<br>
<a href="mailto:Roundtable@muug.mb.ca">Roundtable@muug.mb.ca</a><br>
<a href="http://www.muug.mb.ca/mailman/listinfo/roundtable" rel="noreferrer" target="_blank">http://www.muug.mb.ca/mailman/listinfo/roundtable</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br><div class="gmail_signature">John Lange<br><a href="http://www.johnlange.ca" target="_blank">www.johnlange.ca</a></div>
</div>