Jump to content
Not connected, Your IP: 3.214.184.196
Snowplow

IOS12 and beyond -- OpenVPN battery drain

Recommended Posts

Ever since I updated to IOS 12, and the issue continues in IOS 13, my connections to Air via OpenVPN Connect have consumed excessive battery when the phone is idle.  It works great while I maintain a persistent external connection, like streaming music.

Today I looked at a log in the OpenVPN Connect app, and it seems to be perpetually waking the phone back up to connect.  Again, this didn't seem to be an issue in IOS 11.

I am wondering if there are any options I can configure in my OPVN files generated (as of now they're unmodified) that alters the behavior?

I have the following selected:
Reconnect On Wakeup=ON
Seamless Tunnel=ON
VPN Protocol=Adaptive
IPv6 = IPV4-ONLY Tunnel
Connection Timeout=30 sec
Allow Compression=NO
Minimum TLS version=Default
DNS Fallback=ON
Connect Via=Any Network
Layer 2 Reachability=ON

Share this post


Link to post

2019-10-01 00:00:56 Connecting to [199.249.230.44]:80 (199.249.230.44) via UDPv4
2019-10-01 00:00:56 EVENT: CONNECTING
2019-10-01 00:00:56 Tunnel Options:V4,dev-type tun,link-mtu 1602,tun-mtu 1500,proto UDPv4,comp-lzo,cipher AES-256-CBC,auth SHA512,keysize 256,key-method 2,tls-client
2019-10-01 00:00:56 Creds: UsernameEmpty/PasswordEmpty
2019-10-01 00:00:56 Peer Info:
IV_GUI_VER=net.openvpn.connect.ios 3.0.2-894
IV_VER=3.2
IV_PLAT=ios
IV_NCP=2
IV_TCPNL=1
IV_PROTO=2
IV_LZO_STUB=1
IV_COMP_STUB=1
IV_COMP_STUBv2=1
IV_AUTO_SESS=1
UV_IPV6=yes
IV_HWADDR=<redacted by Snowplow>

2019-10-01 00:00:56 VERIFY OK : depth=1
cert. version     : 3
serial number     : <redacted by Snowplow>
issuer name       : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
subject name      : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
issued  on        : 2014-04-11 10:15:45
expires on        : 2024-04-08 10:15:45
signed using      : RSA with SHA1
RSA key size      : 4096 bits
basic constraints : CA=true

2019-10-01 00:00:56 VERIFY OK : depth=0
cert. version     : 3
serial number     : 16
issuer name       : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=airvpn.org CA, emailAddress=info@airvpn.org
subject name      : C=IT, ST=IT, L=Perugia, O=airvpn.org, CN=Chamaeleon, emailAddress=info@airvpn.org
issued  on        : 2016-12-02 16:46:10
expires on        : 2026-11-30 16:46:10
signed using      : RSA with SHA-512
RSA key size      : 4096 bits
basic constraints : CA=false
cert. type        : SSL Server
key usage         : Digital Signature, Key Encipherment
ext key usage     : TLS Web Server Authentication

2019-10-01 00:00:57 OS Event: SLEEP
2019-10-01 00:00:57 EVENT: PAUSE
2019-10-01 00:00:58 OS Event: WAKEUP
2019-10-01 00:01:01 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2019-10-01 00:01:01 STANDARD RESUME
2019-10-01 00:01:01 EVENT: RESUME
2019-10-01 00:01:01 EVENT: RECONNECTING
2019-10-01 00:01:01 Contacting [199.249.230.44]:80/UDP via UDP
2019-10-01 00:01:01 EVENT: WAIT
2019-10-01 00:01:01 OS Event: SLEEP
2019-10-01 00:01:01 Connecting to [199.249.230.44]:80 (199.249.230.44) via UDPv4
2019-10-01 00:01:01 EVENT: PAUSE
2019-10-01 00:01:04 OS Event: WAKEUP
2019-10-01 00:01:07 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2019-10-01 00:01:07 STANDARD RESUME
2019-10-01 00:01:07 EVENT: RESUME
2019-10-01 00:01:07 EVENT: RECONNECTING
2019-10-01 00:01:07 Contacting [199.249.230.44]:80/UDP via UDP
2019-10-01 00:01:07 EVENT: WAIT
2019-10-01 00:01:07 OS Event: SLEEP
2019-10-01 00:01:07 Connecting to [199.249.230.44]:80 (199.249.230.44) via UDPv4
2019-10-01 00:01:07 EVENT: PAUSE
2019-10-01 00:01:07 OS Event: WAKEUP
2019-10-01 00:01:10 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2019-10-01 00:01:10 STANDARD RESUME
2019-10-01 00:01:10 EVENT: RESUME
2019-10-01 00:01:10 EVENT: RECONNECTING
2019-10-01 00:01:10 Contacting [199.249.230.44]:80/UDP via UDP
2019-10-01 00:01:10 EVENT: WAIT
2019-10-01 00:01:10 Connecting to [199.249.230.44]:80 (199.249.230.44) via UDPv4
2019-10-01 00:01:10 OS Event: SLEEP
2019-10-01 00:01:10 EVENT: PAUSE
2019-10-01 00:01:12 OS Event: WAKEUP
2019-10-01 00:01:15 RESUME TEST: Internet:ReachableViaWiFi/-R t------
2019-10-01 00:01:15 STANDARD RESUME
2019-10-01 00:01:15 EVENT: RESUME
2019-10-01 00:01:15 EVENT: RECONNECTING
2019-10-01 00:01:15 Contacting [199.249.230.44]:80/UDP via UDP
2019-10-01 00:01:15 EVENT: WAIT
2019-10-01 00:01:15 OS Event: SLEEP
2019-10-01 00:01:15 Connecting to [199.249.230.44]:80 (199.249.230.44) via UDPv4
2019-10-01 00:01:15 EVENT: PAUSE
2019-10-01 00:01:17 OS Event: WAKEUP

Share this post


Link to post

From the log above, you can see that every few seconds it repeats this cycle while the phone is locked and hypothetically doing very little.

Back to my original question, is there something on the user-side that I can do?  Is there a server-side configuration that needs to change?  Does it look like a bug in OpenVPN Connect?  (I will gladly open a bug report with them, but first wanted to find out if it's something that I/we can fix first).

 

Share this post


Link to post

I have the same battery drain when using the personal hotspot. I nailed it down to frequent keepalive packets keeping the phone perpetually active. It's not a bug, it really seems to be a feature. And with that in mind the iPhone isn't really that durable as people believe, it's just effective energy saving. :)


Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
20 hours ago, giganerd said:

I have the same battery drain when using the personal hotspot. I nailed it down to frequent keepalive packets keeping the phone perpetually active. It's not a bug, it really seems to be a feature. And with that in mind the iPhone isn't really that durable as people believe, it's just effective energy saving. :)


Thank you for your reply and information.  Do you know from where the 'keepalive' packets originate...phone, network, app, etc.?

Back on iOS11 I had great battery performance with OpenVPN always on.  It clearly got worse when I moved to iOS 12.

Share this post


Link to post
1 hour ago, Snowplow said:

Do you know from where the 'keepalive' packets originate...phone, network, app, etc.?


The keepalives are not the problem. The devices are.
Keepalives are actually very important. They are sent to verify that the other side of the link is still active and therefore ensure that the connection is still okay. Especially important for home users with their routers which use Network Address Translation (NAT), as NAT devices usually kill inactive connections pretty fast.

Mobile devices utilize some form of energy management to dynamically enable and disable modules as they're needed. And a disabled module doesn't require any energy, therefore it reduces energy consumption. This is especially true for the CPU. On Android for example the CPU can be clocked down into a deep sleep state where the CPU is not active at all, therefore it doesn't consume power. I think it's similar on iOS.

Now, the CPU is the heart of any computer. To make a device do anything it must be woken up from that deep sleep everytime. The optimization of the CPU clock to find the right balance between doing something and not consuming energy is at the heart of energy optimization. Those keepalives have a certain predictability because they're timer-based, mostly bound to some widely-used standard, therefore standard time windows. A connection is only reset once a timer runs out. So you can plan ahead a bit and leave the CPU in peace for longer periods of time and send out any keepalives and other packets in one shot when you do wake up the CPU.

If you have the hotspot opened, you need to send out beacon packets so that your hotspot is visible. You have to listen to connections, and once someone connects you will need to be up at all times to forward packets to the GSM network (which is 2/3/4/5G). This keeps the CPU online at all times. You can clock it down to the slowest clock rate but it will inevitably be active all the time. That's my battery drain.

iOS is not optimized for VPN connections. You can optimize a bit, but you will need to send more packets which are, above all, encrypted and decrypted with a high difficulty AES-256 encryption algorithm which was not made for embedded devices, but for security. It doesn't just keep the CPU alive, it also stresses it more, causing it to sometimes clock a bit faster to keep up. And whatever CPU clocks faster consumes more power. I believe that's your battery drain.

On the iOS 11 -> 12 problem I can only assume that Apple changed something somewhere in the OS which makes life difficult from an optimization point of view. No way to say for sure as that platform is closed source, so closed it actually violates open source licenses in the app store.

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post

I use openVPN on ios 12 and now 13 and I haven't seen such issues. Yes of course it uses battery, but it's 5-7% per day.

I create and manage profiles from the openvpn app, but tend to turn vpn on and off from the settings menu. Would that make a difference?

Share this post


Link to post

Thank you both for your replies.  On the side I opened a ticket with OpenVPN.  Their analysis as of now is there's an issue with my device (which means 2 devices, really) and they do not see the same behavior on their test devices.

My battery drain issue is variable.  I have times where the log shows a connection with no subsequent activity for long periods of time, such as 30-60 minutes.  At those times, I can periodically use the phone and only consume 1% battery in 1 hr.  I also have times where the log shows OS wakeup events every 3 seconds, followed by a reconnect.  In those scenarios, to put it in perspective I lost 3% battery in 1hr of the phone just sitting on a desk unused.

This suggests that sometimes the device is connecting and keeping the connection active, and other times it's allowing the connection to drop then reconnecting.  The frequent wakeup->reconnect events correlate to higher power draw.

For now I am stopping my VPN-on-demand usage and manually enabling it at times I am more keen to prevent network operator snooping.  However I did not have this issue previously and I have little trust in my network operator, so I am very interested in finding a solution to return to full VPN-on-demand functionality.

Since OpenVPN suggests my devices are the issue, and one of them being quite new, I will probably do a test of restoring one of them but not loading from my iTunes backup.  Perhaps something in my iTunes backup is causing the issue?  I originally noticed this issue immediately after updating to iOS 12 on my older device.  Quite literally I would see times that the phone would chew through 7% battery in 3 minutes (and get hot) and give me very poor network performance.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...