dpd has no effect when using iOS anyconnect
David Frank
bitinn at gmail.com
Fri Jan 23 05:19:26 PST 2015
I recently read this fine-print on Cisco’s document for anyconnect:
http://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect30/user/guide/iphone-ugac-ios.html#pgfId-205596
Known Issues in Apple iOS Impacting VPN:
- A DTLS packet received while the device is asleep does not awaken it. TLS packets, however, awaken the device if notifications or Facetime is enabled. AnyConnect automatically disconnects the DTLS tunnel when the device goes to sleep to allow packets received over the TLS connection to wake the device. The DTLS tunnel is restored when the device resumes.
So Anyconnect closes UDP session when iOS sleeps (lockscreen), it means dpd is not usable, correct?
How can I fine-tune ocserv config to stay connected? Is setting a long cookie-timeout the only options?
More information about the openconnect-devel
mailing list