Skip navigation

VPN disconnects when iPhone goes into auto-lock ?

131903 Views 114 Replies Latest reply: Apr 7, 2014 5:30 AM by mavisiyah RSS Branched to a new discussion.
  • seechrisgo Level 1 Level 1 (0 points)
    Currently Being Moderated
    Aug 30, 2011 8:16 AM (in response to KJCarey)

    Ok, Jail Breaking the phone is not the answer.  The problem is the iPhone and how the VPN tunnel works -- the iPhone shuts down its transmitter when in auto-lock to save battery probably.  When this happens the VPN tunnel can no longer send keep-alive messages to the concentrator so the tunnel drops.

     

    The answer is for Cisco to modify the VPN client so that it is not required to send keep-alives, but allow incoming messages from the network.  I'm no security expert, so this could violate all kinds of best practice recommendations and security policies. 

     

    Our solution was to install Good for Enterprise which is an email proxy solution with a server on prem.  It uses a special email client that continuously listens even when in auto-lock.  It is able to provide alerts to the client about email and calendar events.  When you wake up the phone it does a quick sync and runs normal, all emails are available.  This works with Exchange and Lotus Notes backend.  The Good for Enterprise does NOT require a VPN, it does its own security certificate exchange and encryption.

  • G J Piper Level 1 Level 1 (90 points)
    Currently Being Moderated
    Nov 13, 2011 6:46 PM (in response to robertvg)

    I'm also interested in a setting that would force all iPhone data access only through the VPN, and make the VPN try to remain connected at all times unless manually turned off.

  • seechrisgo Level 1 Level 1 (0 points)
    Currently Being Moderated
    Nov 15, 2011 3:01 PM (in response to robertvg)

    The answer is to use Cisco AnyConnect VPN with PKI certificates.  We are testing this and it works pretty well.  It is possible to set the VPN to be persistant and it only reauthenticates when it wakes up, it does this very quickly and using PKI certs it does not require any manual intervention.  The tunnel restablishes very quickly.

     

    Requires Cisco ASA on the host side at your data center, requires some method of securely distributing the digital certificates and a certificate authority, either your own or subscribe to Verisign or equivalent.  It is not a simple proposition to implement, you need to be committed and have some resources to get it done.

  • G J Piper Level 1 Level 1 (90 points)
    Currently Being Moderated
    Nov 15, 2011 3:13 PM (in response to seechrisgo)

    What about the inherent Push problem regarding data transfers while the phone is locked or asleep -- will your Cisco AnyConnect still keep that data through its (disconnected) tunnel safe? I think this is half of the issue. Not only do you have to turn it back on when waking (no matter how fast) but it is still insecure while sleeping. No VPN will help that unless it remains intact even while locked and sleeping.

  • Michael Ginsberg Level 3 Level 3 (875 points)
    Currently Being Moderated
    Dec 30, 2011 8:59 PM (in response to robertvg)

    Just discovered this post in researching why this was happening.

     

    Still a problem with the latest IOS and not yet fixed.

     

    Agree that Jailbreaking isn't the solution.

  • Average_JRo Level 1 Level 1 (0 points)

    +1 that this is still a problem.  What is this 1995?  Seems this should have been addressed by now.  Makes the iPhone better as a paperweight than as a secure communication device.

  • ashequr Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 7, 2012 3:27 AM (in response to robertvg)

    still same problem. vpn disconnected in lock screen. how to resolve the issue?

  • jz1492 Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 17, 2012 12:36 PM (in response to robertvg)

    I've found that the VPN connection does not drop during sleep as long as the iPhone (4s, iOS 5.0.1) is kept plugged in. So here is one possible solution:

     

    Buy a charging holster for your 3G or 3GS (Amazon), or one of the multitude of charging cases for your 4 or 4S --your VPN connection should stay alive, and your battery gets some needed reinforcement for the increased power drain that will occur.

     

    This should work, at least until the external battery pack runs out of juice.

    iPhone 4S, iOS 5.0.1
  • KeithCFL Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 19, 2012 9:49 AM (in response to jz1492)

    I read somewhere, I dont recall if it was in this thread or not, that this problem doesn't exist if you connect a VPN using Cisco AnyConnect app.  I installed the app, and couldn't setup the VPN for my purposes because, as I expected, you need to use ot with Cisco VPN equipment/router.  HOWEVER... The first time I launched the app, it said something like "AnyConnect will make changes to the way VPNs work on your device.  Is this OK?" and I clicked yes/ok/proceed, whatever the button said.  Ever since this time, my VPN has not disconnected when going to sleep.  I don't even have the app anymore, I removed it when I realized it wouldn't work for me.

     

    If you are able to establish a Cisco VPN, then it will also auto-reconnect when you go from wi-fi to 3g, loose and regain a connection, etc.  It is designed to keep you constantly connected to the corporate network.  However, it appears part of what it does is change the VPN functions of iOS sothe VPN does not drop after 30 seconds of being in sleep mode.  I have gone 6 hours with the VPN remaining connected through 30 min to an hour of sleep at a time.

     

    I hope this helps others out there.  Just install Cisco AnyConnect, run it, accept/allow the changes, and reply to this post to let others know it it resoved the problem for you too.  Once you have got it working, you can uninstall AnyConnect and it will still work.

     

    **I dont know if there is a way to undo this, so once it changes the VPN to persistent you cant go back to the sleep-and-disconnect way, but why would you want to?

  • fabiogalera Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 20, 2012 3:13 PM (in response to KeithCFL)

    I really believe that its not a issue in the VPN, but how the iPhone manage the connection (3G/EDGE/WiFi) when the screen lock.

     

    I'm facing this issue, look to

     

    https://discussions.apple.com/message/17351670#17351670

  • VRADesign Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 23, 2012 3:03 PM (in response to KeithCFL)

    Hey KeithCFL. I tried installing Cisco AnyConnect on my iPhone 4 and it didn't work.

     

    Still hoping someone out there can figure out a workaround.

  • fastfret Level 1 Level 1 (0 points)
    Currently Being Moderated
    Jan 24, 2012 9:15 PM (in response to KeithCFL)

    @KeithCFL: The AnyConnect app didn't work for me.

     

    However, the iphone DOES have a built-in funcion to "auto-connect on demand" to a VPN. (I guess this is what the Anyconnect App does in essence)

     

    The setting can't be made through the iPhone directly (why on earth not?!). You need to install Apple's iPhone Configuration Utility: http://support.apple.com/kb/DL1465

     

    However it ONLY works with a Cisco IPSec tunnel using certificates.

     

    So there it is, built-in to the iOS, but only works with one particular protocol and isn't accessible to the average user....

  • MiddleAgedMan Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 4, 2012 5:17 AM (in response to fastfret)

    Does any have a solution for iPad VPN disconnecting? Trying to rollout a corp Mobile ap and it's not user friendly to have to re VPN ever lock session

     

    Help!!!!

    Spence

  • Xabra Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 12, 2012 10:21 PM (in response to KeithCFL)

    I tried this with little success.  I did see that the VPN doesn't disconnect when the iPhone is plugged into the dock, then it stays connected for the whole day. So it does look like an automatic power management issue.

  • KeithCFL Level 1 Level 1 (0 points)
    Currently Being Moderated
    Feb 14, 2012 6:46 AM (in response to VRADesign)

    I dropped my iPad (shattered screen), and had to replace it with a refurbished model.  I can't get the VPN to stay conmected any more on y new iPad, even with the AnyConnect app.  I guess I just got lucky last time, the VPN would only disconnect when I left WiFi.  This really *****.  I've tried everything I did last time, to no avail.  I miss the persistent VPN connection-- I know it's possible because it worked on my last iPad2.  It didn't create any significant battery drain either-- then again, I was on an iPad which has a bigger battery than iPhone, so the drain wouldn't be quite as noticable.

     

    If I get it working again I'll be sure to update this thread.

1 2 3 4 5 ... 8 Previous Next

Actions

More Like This

  • Retrieving data ...

Bookmarked By (6)

Legend

  • This solved my question - 10 points
  • This helped me - 5 points
This site contains user submitted content, comments and opinions and is for informational purposes only. Apple disclaims any and all liability for the acts, omissions and conduct of any third parties in connection with or related to your use of the site. All postings and use of the content on this site are subject to the Apple Support Communities Terms of Use.