Automatic reconnecting not working in mobile networks (working in Wifi networks)

Question

Automatic reconnecting not working in mobile networks (working in Wifi networks)

BenLender opened this issue 6 months ago · 2 comments

BenLender commented 6 months ago

Checklist

I read the README
I read the Important notes
I followed instructions to configure VPN clients
I checked IKEv1 troubleshooting, IKEv2 troubleshooting and VPN status
I searched existing Issues
This bug is about the VPN setup scripts, and not IPsec VPN itself

Describe the issue
VPN on demand does not work on mobile networks anymore.

To Reproduce

Setup ikev2 vpn on raspberry pi according to guide: https://github.com/hwdsl2/setup-ipsec-vpn/
Setup mobile clients using .mobileconfig files
Activate VPN on demand option in iOS GUI

Expected behavior
When the VPN connection is lost, the mobile device reconnects no matter the network it is in.
Actual behavior: the mobile device reconntects flawlessly in wifi networks. The mobile device does not connect when not in a wifi network. While in a mobile network, as soon as "vpn on demand" is deactivated manually activing the vpn connecting becomes possible.

Logs
Check logs and VPN status, and add error logs to help explain the problem, if applicable.

Server (please complete the following information)

OS: Debian 10
Hosting provider: not applicable

Client (please complete the following information)

Device: iPhone SE 2nd gen
OS: iOS 17.1.2
VPN mode: IKEv2

Additional context
not applicable

Answer 1 · 2023-12-18T18:52:36.000Z

@BenLender Hello! The default VPN On Demand configuration in this project disconnects the VPN while on mobile networks, so this is normal. In the most common use case, people expect the VPN to connect on Wi-Fi networks but not mobile networks.

To change this behavior for your use case:

Edit /opt/src/ikev2.sh on your VPN server. Find this section:

       <dict>
         <key>InterfaceTypeMatch</key>
         <string>Cellular</string>
         <key>Action</key>
         <string>Disconnect</string>
       </dict>

and replace "Disconnect" with "Connect", i.e.

       <dict>
         <key>InterfaceTypeMatch</key>
         <string>Cellular</string>
         <key>Action</key>
         <string>Connect</string>
       </dict>

Save the file, then run sudo ikev2.sh to export updated client configuration files for your iPhone.
Remove the previously imported VPN profile from your iPhone, then import the new .mobileconfig file from step 2.

Answer 2 · 2023-12-19T10:05:05.000Z

@hwdsl2 Thank you very much!