Solved: Re: VPN disconnects when turning off the screen on...

kamilazat

Hi everyone.

We have an issue with connectivity consistence ONLY on iPads. I will try to explain it in steps.

==Mobile Access is not enabled on the gateway, so VPN connection occurs over SSL==

1. User opens and connects using Capsule Connect. Everything works properly.

2. User turns off the screen and goes away for 10 minutes. We tested for 10 minutes because tunnel doesn't drop in, say, 4 minutes.

3. Capsule Connect logging seems to be stopped during these 10 minutes.

4. When the user comes back and turns on the screen, VPN indicator is visible on the notification bar, but there is no traffic (verified by tcpdump on the gateway).

5. The moment user goes to the Capsule Connect application, the VPN timer seems to reset and starts from 00:00.

6. The traffic seems to ONLY start flowing when the user goes back to some other applications that communicate with internal resources. This is again confirmed by tcpdump.

We already have updated to the latest iPadOS 18.3.2, and on the gateway we have R81.10 JHF Take 172. We can see that for the time the screen is off on iPad, Capsule Connect stopped logging (no logs with the relevant timestamps during that 10 minutes). And, sadly due to log rotation (yes, we missed that part), we lost the relevant vpnd logs on the gateway.

Before organizing everyone again to conduct debug, changing the number of vpnd.elg files in a maintenance window and run another lap, I wanted to ask if anyone has dealt with a similar behavior. This doesn't happen on Android, but happens on all different versions on iPads. We need to understand if this is a Check Point issue or an iPad issue.

Cheers!

PhoneBoy

Based on a quick Internet search, this looks like the result of a long-standing iOS limitation unrelated to Check Point.

View solution in original post

the_rock

I could have sworn I saw someone had this issue before and they posted about it on community and it turned out to be some setting on Ipad that was causing it, just cant remember what : - (

Andy

kamilazat

I've been searching for that post for days already. Failed epically 🙂

Before I open a TAC ticket and waste their timely resources for such a topic, would you think it's an iOS or iPadOS issue if the debug logging stops completely the moment screen gets turned off? How would you even prove it? iOS doesn't allow me to see system logs. I love android 🙂

the_rock

I think people could argue for days on end which OS is better, but lets not go there lol. Anyway, let me see if I can find recent post where someone modified trac ttm file to resolve ipad issues.

Andy

Chris_Atkinson

Have you checked if the app is restricted from running in the background and if it's excluded from power savings constraints etc?

Are you in a position to test the device whilst it is on charge?

CCSM R77/R80/ELITE

kamilazat

Yes. That was the first thing we checked since the application logging seems to stop when the screen turns off. Nothing...

the_rock

For what is worth, here is Copilot answer:)

Andy

***********************

This issue can occur due to various reasons, such as power-saving settings on the iPad, VPN client settings, or network configurations. Here are some steps you can take to troubleshoot and resolve the issue:

Troubleshooting Steps

Check Power-Saving Settings:
- Ensure that the iPad's power-saving settings are not set to disconnect the network when the screen is turned off. You can check this in the iPad's settings underSettings > Battery > Low Power Mode.
VPN Client Settings:
- Make sure that the VPN client settings are configured to maintain the connection even when the device is idle or the screen is off. For Check Point Capsule Connect, you can enable the "Auto Reconnect" feature:
  - Go toSettings > VPN > Capsule Connectand enable "Auto Reconnect".
Network Configuration:
- Ensure that the network configuration on the VPN server is set to allow persistent connections. Check the session timeout settings and increase them if necessary.
Update VPN Client:
- Ensure that you are using the latest version of the Check Point Capsule Connect application. You can download the latest version from the Apple App Store.
Re-authentication Settings:
- For iOS clients, the session timeout comes from Global Properties > Remote Access > SecureClient Mobile > Re-authenticate user every X. Ensure that this setting is configured appropriately.

Additional Resources

For more detailed information on configuring the VPN client and troubleshooting, refer to the Capsule Connect and Capsule VPN Clients Administration Guide.

If the issue persists after following these steps, you may need to contact Check Point Support for further assistance. You can open a ticket at the Check Point Support Center.

BE AWARE

Important - To prevent negative impact on your production environment, double-check the provided information in the Administration Guide for the involved product.

Learn more:

PhoneBoy

Based on a quick Internet search, this looks like the result of a long-standing iOS limitation unrelated to Check Point.

the_rock

Based on what Phoneboy said, seems its a limitation not tied to CP side.

Andy

G_W_Albrecht

I can read that in his post already...

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist

Are you a member of CheckMates?

VPN disconnects when turning off the screen on iPad

Troubleshooting Steps

Additional Resources