cancel
Showing results for 
Search instead for 
Did you mean: 

Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

SOLVED
Highlighted
Occasional Contributor

Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

I reported this issue in an [url=https://forums.pulsesecure.net/topic/pulse-connect-secure/276654-junos-pulse-windows-phone-81-vpn-stops-passing-traffic-after-5-minutes-idle] earlier post [/url] that I cannot respond to now.

Basically, Junos Pulse just stops working after 5 minutes idle time on a Windows Phone. It is now clearer that this is because Windows Phone is brutal about culling background apps, to save power (far more brutal that Android or iOS). There is really no concept of allowing an app to run in the background or a background service. In order to provide any sort of background service, an app can have one (and only one) background agent.

You can see from Battery Saver that Junos Pulse does not have a background agent (as it doesn't have the 'allowed' tag in Battery Saver). Therefore it cannot run in the background. So as Junos Pulse goes into the background and idles, Windows Phone kills it in a brutal fashion.

This is why the phone shows the connection is still up and the server still has a connection - but no traffic flows. The app has been killed in a brutal way and cannot 'tidy up'. It is why having power to the phone means this is less likely to happen. It is why it happens on the phone but not on full Windows (or Android or iOS, as they are less brutal with background tasks). It is why stopping and starting the connection restores it.

And it is why sometimes the phone locks up and reboots after the connection fails - because of the brutality of Windows Phone killing the app. It sometimes kills it in a way that it is left in an unstable state.

Pulse works fine for short connections - but it is not fit for our purpose which is always on VPN on Windows Phone.

IKEv2 is an embedded part of the Windows (phone) operating system, so I'm pretty sure it won't suffer from the same problem. It comes with MS support and updates. So until Junos Pulse comes with a background agent, we will use MS IKEv2.
Tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Not applicable

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

We're experiencing similar disconnects after 5 minutes with IKEv2. You mentioned above:
>IKEv2 is an embedded part of the Windows (phone) operating system,
>so I'm pretty sure it won't suffer from the same problem.
>It comes with MS support and updates. So until Junos Pulse comes with a background agent,
>we will use MS IKEv2.

Did you try out IKEv2? Did it work for you? Thanks!

View solution in original post

8 REPLIES 8
Highlighted
Community Manager

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

Hello bb193,

Thank you for the information. Do you have a case opened for this issue? I will discuss this internally with our developers to see what we can do moving forward.
Highlighted
Community Manager

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

Hello BB193,

Are you running Update 2 on your Windows Phone 8.1? I spoke to engineering last night and they stated that Microsoft had made a change in Update 2 to allow the VPN app to run in the background.
Highlighted
Occasional Contributor

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

Dear Kita

Many thanks for your replies. Yes, I'm running this on a Microsoft 640 LTE, running Windows Phone 8.1 update 2 (OS version 8.10.15148.160).

Some apps (eg Internet Explorer, Weather, Calendar, News, HERE Drive+, Microsoft Health etc) with a background agent have a slider in Battery Saver that allow these background agents to run in the background. Junos Pulse does not have a background agent, so there is no slider, so the application is killed after 5 minutes of idle time. Sorry Smiley Sad

Eric
Highlighted
Occasional Contributor

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

On reflection, I wonder if you mean the ability to set VPN 'Always On' in GDR2?

It sounds like it ought to help - but regrettably it does something entirely different and would make things even worse.

There was a weakness in GDR1, when corporate organisations could require users to use a VPN, but the user could turn the VPN off, or sneak some traffic directly out to the internet. So MS added a facility where organisations could set a technical policy which meant that users could not turn the VPN off (the On/Off slider is greyed out) and all network traffic has to go over the VPN.

But the problem is not that the user (me) is turning the VPN off. The VPN is on and all traffic goes over it. It is just that after 5 minutes of idle time, the OS sees the Junos Pulse app and kills it, as there is no background app (https://www.windowsphone.com/en-gb/how-to/wp8/phones-and-hardware/battery-making-it-last).

The only way I can reinstate the VPN is to stop the connection and restart it. So setting the 'always on' policy would stop me doing that. I'd be totally scuppered!

Many thanks for your replies and help. It is very much appreciated.
Highlighted
Occasional Contributor

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

Dear Kita

Many thanks for your replies. I've tried other vpn clients, and so far none of them seem to be as good at connecting as the Pulse client. It would be really great if we could use Pulse as our default client - the only problem being the five minute disconnect that makes it unusable on a Windows Phone?

I just wondered if you had heard anything from your developers/support?

Can they see the same behaviour that I have described on a Windows phone?Do they have any thoughts about how to remedy the situation? Or should I accept that the Pulse client won't work with a Windows phone?
Highlighted
Occasional Contributor

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

I thought I'd confirm that this 5 minute disconnect is still happening and does seem to be entirely related to power saving.

I had the Pulse client connected and had the power cable connected and charging the phone overnight. In the morning, Pulse was still connected and emails synching.

Disconnecting the power cable had the emails still synching. However, after 5 minutes of idle (with no power), the synch failed.

So the current Pulse client for Windows Phone isn't useable (unless the phone is plugged into a power socket!). I wondered if PulseSecure had replicated this in their test labs? Do they recognise it is an issue?
Highlighted
Not applicable

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

We're experiencing similar disconnects after 5 minutes with IKEv2. You mentioned above:
>IKEv2 is an embedded part of the Windows (phone) operating system,
>so I'm pretty sure it won't suffer from the same problem.
>It comes with MS support and updates. So until Junos Pulse comes with a background agent,
>we will use MS IKEv2.

Did you try out IKEv2? Did it work for you? Thanks!

View solution in original post

Highlighted
Occasional Contributor

Re: Junos Pulse and Windows Phone - disconnects after 5 minutes idle time

Sorry - I'm trying to reply to blazer and having all sorts of difficulties with this forum!

We are still trying to get IKEv2 working with certificates. I'm sorry to hear you are getting 5 minute timeouts.

We haven't even got that far. When we tried IKEv2, it failed and we got no logs saying why. So we configured an MS RRAS server and we got better logs that said there was no certificate (although we could see it!). We thought it was related to the certificate being in the Personal store not the Machine store, so we have battled to get the certificate installed via NDES - only to get the same message.

How did you manage to get IKEV2 working? Did you use machine certificates?

I'm wondering about trying the Windows 10 pre-release. And maybe trying SSTP to the RRAS server. I seem to be getting further and further away from success.

To think this would have all been unnecessary, if only the Pulse client didn't fail after 5 minutes of idle time :-(