Major VPN bug in Android 4.4 leaves enterprise users with packet loss, connection errors


Uh-oh — it looks like Google could be in hot water with the many people using VPN for corporate connections. A bug has been discovered in Android 4.4 that could result in high amounts of packet loss, unusually high CPU load on host machines, and more. Cisco identified and submitted the bug to Google, offering up the following explanation:


Due to a bug in Android 4.4 (KitKat) reported to Google under Issue #61948, AnyConnect users will experience High Packet Loss over their VPN connection (users will experience timeouts when attempting to access certain network resources). In the ASA logs, a syslog message will appear with text similar to “Transmitting large packet 1420 (threshold 1405).”

Some are saying that this bug can also affect more than those who use Cisco AnyConnect. The apparent problem is that the Android 4.4 TCP protocol shows an incorrect “maximum segment size” for VPN packet transfers, making way for all the aforementioned issues. The end-result could be corrupted pieces of data, and disconnection from the network.

How to fix it

Thankfully Cisco does have a solid workaround while waiting for Google to catch wind of the situation:

Until Google produces a fix for Android 4.4, VPN administrators may temporarily reduce the maximum segment size for TCP connections on the ASA with the configuration command “sysopt connection tcpmss <mss size>”. The default for this parameter is 1380 bytes. Reduce this value by the difference between the values seen in the ASA logs. In the above example, the difference is 15 bytes; the value should thus be no more than 1365.

It sounds a bit messy, so we hope Google can get around to providing an actual fix sooner rather than later. We’ll be hitting them up to see if they’re aware of this bug, and we’ll be sharing anything we hear back. Be sure to comment and star the issue over at the issue tracker if you want to help speed things along.

[via XDA]

Quentyn Kennemer
The "Google Phone" sounded too awesome to pass up, so I bought a G1. The rest is history. And yes, I know my name isn't Wilson.

Nissan “3E” teased as Google Glass-like hardware [VIDEO]

Previous article

NVIDIA / EVGA Tegra Note 7 goes up for pre-order for $199; launches Nov 19th at Newegg

Next article

You may also like


  1. Pretty embarressing…

    1. Troll much ?

      1. troll troll, troll ya boat… gently down the stream!

        1. ._.

        2. merrily merrily merrily a patch is coming faster than it seems.

          1. nicely finished that song there buddy. You rock.

          2. I would’ve added another ‘merrily’ but yeah :)

    2. *Embarrassing

      1. Don’t be THAT guy Cesar…

        1. Grammar Nazi? ._.

          1. Spelling Nazi. There’s a difference but not by much. :D

          2. mein Führer.

        2. Will you fix your typo faster than Google will fix KitKat?

  2. Another issue I’ve noticed in KitKat on my Nexus 5 is with the updated stock email client. It acts like it’s downloading attached pictures, but it never puts them in the gallery.

    Then the AttachmentDownloadService service just keeps running infinitely, unless I force stop it. The ironic thing is, if I go back to my Galaxy Nexus running Android 4.3, it works flawlessly. So, it can’t be a mail server issue. I hope Google fixes this in Android 4.4.1.

    1. I experience the same issue with my HTC Rezound running 4.0.3

      1. That stinks. I actually had an EVO 3D (Android 4.0.3) prior to my G’Nex (and N5) and the stock HTC email app worked fine for attachments.

        I might give K-9 Email a shot, if Google doesn’t fix this. I get a lot of emails with attachments, so it would be nice if it actually worked.

        1. I don’t even use the stock app (except for work), I use the gmail app itself

  3. The only Closest Cisco Device we have in our company is only a Linksys Wireless G Router.. Which is only been used as a Switch atm. Way better than a T-link mini switch we have.

  4. Did anyone try the Foxfi on Nexus 5 yet? I am on T Mobile

    1. Cause of the problem is because in kitkat, the APN is directed to pcweb.tmobile.com. Which verifies if you have a mobile hotspot plan. the fix is simple if you’re rooted. Only took less than 5 minutes. http://forum.xda-developers.com/showpost.php?p=47203432&postcount=70

      1. Thanks Kam. I have about 2.5 GB on the hotspot, if am running out of data every month then I will try the XDA method

  5. I’ve never understood the fascination of being first to get new versions that Nexus owners tout as an advantage. There will always be bugs like this and app incompatibilities. I’m quite happy being on the n-1 release while the Nexus people beta test for me.

    1. Haha. But Google is a lot better with their software than Apple who releases patch after parch.. you would think Apple was making a quilt with all of their patches

      1. That’s silly

    2. Non-nexus devices have their own bugs added by the manufacturer’s custom skin.

  6. Seriously, I doubt there are THAT many N5 users howling about this. If 4.4 was already on the Nexus tablets, Google Play editions (S4/HTC) then I might buy it. This seems like a case of Chicken Little … 4.4.1 or .2 will fix this before it affects 99.7% of Android users. :/

    1. It’s still a major issue that needs to be fixed. It’s part of AOSP and needs fixed before vendors start building OEM ROMs for their devices.

      If you were a Nexus 5 user and could not get work done via mobile, you would be pissed. I know if my Moto X upgraded to KK with this bug, I would be pissed. You obviously are not a corporate user that relies on a VPN to do business.

      1. It’s hardly the end of the world. Just use TSG and/or web portals such as sharepoint for your users.
        End-user VPN connections are not something that you need in 2013.

  7. This is why I only use Blackberry!!!!!!

  8. You can’t beat the security of a BlackBerry

    1. Android has the same level of security as BB10. SELinux, runtime scanning, e.t.c make it almost impossible to hack. same as iOS.

  9. I hope Google packs in a few more bug fixes and add some small features when they release Android 4.4.1

Leave a reply

Your email address will not be published. Required fields are marked *

More in Misc