[strongSwan] Android Strongswan client

Dusan Ilic dusan at comhem.se
Sun May 7 13:15:05 CEST 2017


I have a problem with the Strongswan Android client. After some testing and troubleshooting I seem to have pin pointed the cause. If im connected to the VPN and dont use the phone activrly, lets say its in my pocket, after a while when I unlock the phone status is still connected however no traffic seem to go through. I have to manually disconnect and reconnect everytime.

I have monitored the Strongswan server and it seems to me the problem is that if the phone isnt used actively at the time for rekey or reauthentication thats when and why it fails. It seems that the phone is sleeping and not responding to the server, but still the client consider itself connected?
I have therefore tried disabling both reauth, rekey and DPD to see if it that can solve the stale connection, but then I see in the client log that it proposes reauth and rekey even if dissbled on server. I also see that the server instead keeps sending retransmissions and finally remove the SAs. 

This looks to me as a design flaw? Its really not viable having a client connected and manually have to reconnect every time the phone is unlocked...

Is this related to the fact that "always on" cant be enabled maybe? I have another third part client installed, Fortigate, and it has support natively in Android for this and that works good. This lack of seamless function should be a dealbreaker with the Strongswan client?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20170507/14f3aa9e/attachment.html>

More information about the Users mailing list