VPN Tunnel is moved to Disconnected state after 5 mins in Reasserting state when no network

Issue Description:

I have an iOS VPN application. When VPN tunnel is in connected state and network goes off, it’s designed to stay in reasserting state until network is back. But with iOS 17 and later tunnel is moved to disconnected state after 5 mins in reasserting state when no network.

Logs on iOS 16 and Below:

Upto iOS 16 and below, When tunnel is in connected state and network goes off, VPN state is moved to reasserting state and it stays in this state until network is back. We can see below device console logs:

Entering state NESMVPNSessionStateReasserting
status changed to reasserting

Logs on iOS 17 and Later:

But from iOS 17 and later, When tunnel is in connected state and network goes off, VPN state is moved to reasserting state and it stays in this state for 5 mins and later moved to disconnected state when no network. We can see below device console logs:

Entering state NESMVPNSessionStateReasserting, timeout 300 seconds
status changed to reasserting

We can see a timeout of 300 secs added from iOS 17 and later. Because of this new change in iOS 17 and later, end users using my application have to connect back to VPN when network is back(Since tunnel is in disconnected state).

Steps to reproduce:

  1. Connect to VPN when network is reachable
  2. Turn off network (WiFi, Mobile data)
  3. Application is moved to reasserting state. It will be in reasserting state for 5 mins
  4. Later application is moved to disconnected state.

Queries: From the above observation my queries are,

  1. Is there a way to keep VPN tunnel in reasserting state even after 5 mins when no network from iOS 17 and later ? (To get the same behaviour as iOS 16 and below)
  2. Why is the timeout of 300 secs added from iOS 17 and later ? What benefit this is giving ?
  3. Is there any document related to this timeout change added from iOS 17 and later ?

I am not sure about the "why" here but you are correct there is a 5 minute reasserting timeout. But I don't understand the issue here if the user is not interacting their device and there is not an available network? When there is an available network and the user is interacting with their device doesn't the VPN become active again?

Hi Matt,

Thanks for your reply.

To answer to your question:

When there is an available network and the user is interacting with their device doesn't the VPN become active again?

VPN will be automatically triggered and connected[Based on configuration] only in case of VOD(VPN On Demand) when network is available.

Our application also supports Manual VPN connection(User has to manually connect to VPN). In case of manual VPN connection, since VPN is moved to disconnected state after being in reasserting state for 5 mins when no network, end user has to connect back to VPN manually when network is back(Only from iOS 17 and later). This requires extra effort from end users to connect to VPN again. This is going against our application feature.

So,

  1. Is there a way to keep VPN tunnel in reasserting state even after 5 mins when no network from iOS 17 and later ? (To get the same behaviour as iOS 16 and below)
  2. Is there any document related to this timeout change added from iOS 17 and later ?

Hi Team,

Any update on this?

VPN Tunnel is moved to Disconnected state after 5 mins in Reasserting state when no network
 
 
Q