[Openswan Users] iPhone ipsec/l2tpd summary

Paul Wouters paul at xelerance.com
Mon Nov 26 18:45:56 EST 2007

Kim and me send a lot of email back and forth tryingto debug his iphone.
In the end, this was the summary of the results

---------- Forwarded message ----------
Date: Mon, 26 Nov 2007 23:24:56 +0000
From: Kim <kim at kiwiclan.com>
To: Paul Wouters <paul at xelerance.com>
Subject: Re: your mail

I've come to the conclusion that the iphone drops the datalink layer
to the mobile network if there is no tcp traffic initiated from itself
outgoing within about a minute. Certainly the link drops within a minute
no matter where you put keepalives, ipsec, l2tp or ppp. If I leave the
app in the mail program and get it to check for new mail every 15 seconds
or so then I can hold the link up apparently indefinately.

If I make a webpage that contains a meta tag to refresh itself every
5 seconds and leave safari open it also stays open indefinately. I'll
find out the minimum time necessary.  In any case, if I disable dpd leave
out the HELLO in l2tpd and enable ppp keepalive and 30 second intervals,
drop if miss 3 then I can always get the link back up again, which stays
up whilst I am using it with tcp.

Pain in the arse, means it's difficult to use a vpn as your standard
means for checking mail as the link can't be made to come up on demand
and you can't set the refresh interval lower than 15 minutes. But it
does mean you can use the vpn for securing vital web resources more
securely. And eventually when an api comes out one can make a keepalive
for it. Or you can use leave the phone running the keepalive webpage,
but you can't put the phone in sleep mode or it stops safari.


More information about the Users mailing list