stuartsjb 0 Posted ... Hi there, I often find that my iPhone has disconnected from AirVPN during the day. Looking at the dashboard, it appears that it's failing reauthentication because of the 3 connection limit. However this occurs even when my phone is the only of my devices connected to AirVPN. This typically happens when handing over from a mobile data connection to wifi, but also happens periodically when just using mobile data -- I guess when I temporarily lose connectivity or fall back to 3G. I've seen that other people have reported the same problem. AirVPN support suggested that I use TCP, rather than UDP, to aid detection of disconnections -- but I'm doing this already, to no avail. In my OpenVPN client I have the following settings:Seamless tunnel: on.Connect via: any network.Reconnect on wakeup: on.Protocol: adaptive.Compression: full.Connection timeout: none.Network state detection: active.Force AES-CBC ciphersuites: on.Google DNS failback: on.Layer 2 reachability: on. By design, the OpenVPN client doesn't attempt a reconnection after it's informed of an auth failure, which is what the AirVPN network sends if you exceed the maximum number of connections. I've suggested that it might be useful for AirVPN to have a 1-2min grace period on the max connection cut-off, which should fix this problem. Has anyone found a work-round in the meantime? Many thanks,Stuart. Quote Share this post Link to post
zhang888 1066 Posted ... You should try TCP mode. With TCP the server can know faster that the connection has been terminated.In UDP it has to rely on the explicit-exit-notify directive which is not always reliable, since the iOS can putthe OpenVPN client to sleep before it was able to send the termination message. If you handover WiFi to 3G and back very soon, you will end up with multiple sessions opened. Another grace period is technically impossible. This will mean that the 3 connection limit will be impossibleto enforce, since during your suggested 1-2min timeframe you suggest that more than 3 sessions should beallowed to connect. Then there is a little problem, the server should be forced to disconnect clients, and thiswill be quite impossible for it to determine which sessions to disconnect. The 3 sessions limit is thereforethe only possible way to avoid such situation. Quote Hide zhang888's signature Hide all signatures Occasional moderator, sometimes BOFH. Opinions are my own, except when my wife disagrees. Share this post Link to post
Keksjdjdke 35 Posted ... Also disable "force AES-CBC ciphersuites", disabling this option will 'enable AES-256-GCM with HMAC-SHA384'. When the option "force AES-CBC cipher suites" is enabled the Vpn client will use AES-256-CBC with HMAC-SHA1. Quote Share this post Link to post
stuartsjb 0 Posted ... Many thanks for all the helpful suggestions -- and sorry for the delay in replying. I'm already using TCP mode, as I mentioned. However @zhang888: I'm slightly confused as to why the grace period wouldn't be possible -- let me explain... At the moment, my device is presumably making several connections in a row, as it tries to cope with the handover from wifi to GSM. As its IP address changes unexpectedly, it has to establish a new connection each time, without being able to disconnect the old VPN connection. The problem is that the handover from GSM to wifi typically seems to create more than 3 connection attempts, so I get a fatal 'auth failed' error and my phone drops back into non-VPN mode without me knowing. Despite this, when I log into my account as soon as I notice this, I see see no current connections -- so I guess after a short delay the stale connections drop out due to inactivity (which can be more reliably identified with TCP, as you say). My suggestion was to allow >3 simultaneous connections from an account for a grace period of, say, a minute (or however long it takes for stale connections to be dropped). After that time, the stale connections would hopefully drop out (no longer responding at that location), and only the latest connection would survive. If more than 3 connections were ongoing at that point, then all but the latest three could be dropped. I apologise if I'm missing something obvious! I can't be the only person experiencing this though, and it's a pain (or, for some people, a risk) to find that a phone falls back to non-VPN without the user knowing. This happens several times a day for me -- it would be great to find a way to solve this! Stuart. Quote Share this post Link to post
Keksjdjdke 35 Posted ... Many thanks for all the helpful suggestions -- and sorry for the delay in replying. I'm already using TCP mode, as I mentioned. However @zhang888: I'm slightly confused as to why the grace period wouldn't be possible -- let me explain... At the moment, my device is presumably making several connections in a row, as it tries to cope with the handover from wifi to GSM. As its IP address changes unexpectedly, it has to establish a new connection each time, without being able to disconnect the old VPN connection. The problem is that the handover from GSM to wifi typically seems to create more than 3 connection attempts, so I get a fatal 'auth failed' error and my phone drops back into non-VPN mode without me knowing. Despite this, when I log into my account as soon as I notice this, I see see no current connections -- so I guess after a short delay the stale connections drop out due to inactivity (which can be more reliably identified with TCP, as you say). My suggestion was to allow >3 simultaneous connections from an account for a grace period of, say, a minute (or however long it takes for stale connections to be dropped). After that time, the stale connections would hopefully drop out (no longer responding at that location), and only the latest connection would survive. If more than 3 connections were ongoing at that point, then all but the latest three could be dropped. I apologise if I'm missing something obvious! I can't be the only person experiencing this though, and it's a pain (or, for some people, a risk) to find that a phone falls back to non-VPN without the user knowing. This happens several times a day for me -- it would be great to find a way to solve this! Stuart.i wonder if it would help if you set up your device so that the vpn is connected when your device starts up. here is a link explaining the steps http://simonguest.com/2013/03/22/on-demand-vpn-using-openvpn-for-ios/ Quote Share this post Link to post
Not connected, Your IP: 18.223.158.132
Online: 25325 users - 292399 Mbit/s total BW