Hello,
I have a problem with the Strongswan Android client. After some testing and
troubleshooting I seem to have pin pointed the cause. If im connected to the
VPN and dont use the phone activrly, lets say its in my pocket, after a while
when I unlock the phone status is still connected however no traffic seem to go
through. I have to manually disconnect and reconnect everytime.
I have monitored the Strongswan server and it seems to me the problem is that
if the phone isnt used actively at the time for rekey or reauthentication thats
when and why it fails. It seems that the phone is sleeping and not responding
to the server, but still the client consider itself connected?
I have therefore tried disabling both reauth, rekey and DPD to see if it that
can solve the stale connection, but then I see in the client log that it
proposes reauth and rekey even if dissbled on server. I also see that the
server instead keeps sending retransmissions and finally remove the SAs.
This looks to me as a design flaw? Its really not viable having a client
connected and manually have to reconnect every time the phone is unlocked...
Is this related to the fact that "always on" cant be enabled maybe? I have
another third part client installed, Fortigate, and it has support natively in
Android for this and that works good. This lack of seamless function should be
a dealbreaker with the Strongswan client?
_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users
