OnDemand VPN required for iOS app, randomly disconnects

Question

I am working on an app that requires access to a resource behind a VPN.

We have on-demand VPN setup using Cisco AnyConnect but we keep running into an issue that in the middle of using the app, the VPN will close.

Sometimes the user will try to log-in, the vpn will establish, user will be logged in, then the VPN will immediately drop.

Is there something I can (or should) do to the NSURLSession that will keep it alive?

I checked my request headers and I have "connection: keep-alive set", but the server is responding "connection: close" is this correct?

Answer 1

Those are two entirely orthogonal things. Keep-alive tells the server that your app is willing to reuse the TCP connection to make multiple HTTP requests instead of creating a separate connection for each request. It has nothing to do with the VPN connection. And the server on the other end is free to refuse keep-alive requests if it doesn't support them (or is configured to refuse them). So that's perfectly reasonable.

The VPN connection dropping is probably caused either by hitting a URL that has been specifically configured to cause the VPN to disconnect or by the VPN crashing, but it could also be caused by too short a timeout in the VPN configuration.

Either way, it is a problem with the VPN or its configuration, and I doubt there's anything you can do about it as the author of an app that is just trying to send data through it. Probably the best you can do is to use reachability to determine whether a request will cause the VPN to connect, and make a note to more aggressively retry requests that fail if you see that flag....

Answer 2

Usually Random disconnection problem in VPNs, is about bad MTU settings on your interfaces. I wrote a complete answer here about how to set MTU in linux, for vpn.

You usually have to has a 1400 MTU for your inte.net connection interface, and 1300 MTU for your VPN connection.

I don't know how to set it in IOS, but at least you can check your MTU settings to be sure if it's about MTU or not, if you had MTU 1500 then it means your VPN is disconnecting because of it.