Corporate and business VPN users running Google’s latest and greatest version of Android face a raft of problems due to a major bug in the software.
Cisco has reported that anybody who uses the company’s AnyConnect VPN service on a device running version 4.4 of Android is likely to suffer some serious disruption.
The problems stem from major packet loss, which leads to a plethora of network services timing out. Furthermore, the bug causes vastly excessive CPU activity, adding to the frustration of Cisco VPN users.
All VPN users at risk from Google Android bug
While the bug in the so-called KitKat version of the Android operating system is known to be affecting users of the Cisco AnyConnect VPN client, it is quite possible that users of other VPN services may be in the firing line, too, due to the generic nature of the bug.
The flaw relates to the way KitKat handles the TCP protocol: The maximum size of segment for packet transfers over a VPN is not correct as defined by the Android operating system, so that errors occur when the size of data packets exceeds that maximum.
No fix yet from Google but Cisco offers a workaround
So far, Google – the developer of the KitKat OS – has been slow to acknowledge the issue, let alone fix it. The good news, however, is that Cisco has offered a workaround that will enable some hard-hit VPN users to dodge the problem.
This workaround requires AnyConnect users with administrator rights to tweak the value for the maximum segment size for TCP transfers. This is found under the option “sysopt connection tcpmss <mss size>”, where the default value is 1380 bytes. This should be altered to a figure less than the value found in entries in the ASA logs.
While the above workaround will be easy as pie to implement for tech savvy persons with VPN admin rights, everyday users will have to stew in their own juice until such time as Google’s programmers stir themselves to roll out a patch for the tech giant’s much vaunted KitKat version of Android.