[Openswan Users] Help - Can not reconnect to VPN after disconnected
Willie Gillespie
wgillespie+openswan at es2eng.com
Wed Nov 23 14:50:18 EST 2011
On 11/23/2011 2:01 AM, Stefanus Hartanto wrote:
> Hi,
>
> I use iphone to connect to the VPN server using its 3g connection so it
> is using separated network from my LAN
> I can connect to the VPN server. The issue happened if I disconnect the
> connection and try to reconnect. My iphone show error that the server is
> not responding.
> I can reconnect back again if I restart the ipsec service.
Sounds like you've got it mostly working. My guess is that you'll need
this added to your IPsec configuration:
# Apple iOS doesn't send delete notify so we need dead peer
# detection to detect vanishing clients
dpddelay=10
dpdtimeout=90
dpdaction=clear
Basically, when you disconnect with an iPhone/iPad it does not send a
DELETE signal, so the tunnel just sits there (until you restart the
ipsec service, for instance). These options above say that if they
haven't heard from the device in 90 seconds then to just close down and
clean it up. You can obviously adjust the numbers to your needs.
Willie
More information about the Users
mailing list