iPhone VPN with OpenSwan fails to reconnect

Question

I have managed to configure VPN with iPhone and OpenSWAN on Linux 2.6. Though, when disconnecting the iphone and reconnecting, it times out.

I have found that:

1) no packets are being sent when you disconnect iPhone from VPN.

2) when reconnecting, pluto picks up on the older socket and tries to use that state machine. which then fails and iPhone retransmits until times out.

I'm using the latest version in git, including #1204 patch. I see the NAT-T patch debug lines in the logs. But still, no cookie.

Help?

What does your configuration look like? I've been trying for hours to get this to work. — mpontillo, Mar 15 '12 at 05:22

score 4 · Accepted Answer · answered Dec 22 '11 at 13:40

Sounds like you've got it mostly working. My guess is that you'll need this added to your IPsec configuration:

     # Apple iOS doesn't send delete notify so we need dead peer
     # detection to detect vanishing clients
     dpddelay=10
     dpdtimeout=90
     dpdaction=clear

Basically, when you disconnect with an iPhone/iPad it does not send a DELETE signal, so the tunnel just sits there (until you restart the ipsec service, for instance). These options above say that if they haven't heard from the device in 90 seconds then to just close down and clean it up. You can obviously adjust the numbers to your needs.

iPhone VPN with OpenSwan fails to reconnect

1 Answers1