TCP Sessions get disconnected at 6, 9 hours
Daniel Lenski
dlenski at gmail.com
Tue Feb 27 16:31:04 PST 2024
On Tue, Feb 27, 2024 at 3:58 PM Larry Ploetz <lploetz at gmail.com> wrote:
>
> On 2024-02-25 11:03, Larry Ploetz wrote:
> >> Are the users of the official PAN GP clients keeping SSH sessions open
> >> for 6+ hours like you are?
> >
> >
> > Yes, I believe so. I'll verify.
>
> Yes, ssh as well as other TCP connections are staying open for more than
> 6 hours.
>
>
> > I'll get back with more information.
>
>
> No indication of any packets in openconnect's stderr, only routing
> changes being made (add host/add net), and those are on startup - the
> timestamps on the redirected stdout/stderr files are when openconnect
> was started + 11 seconds.
You say you're collecting logs with maximum debugging verbosity
(`--vvv --dump-http-traffic --timestamp`)… but you see *nothing at
all* in the logs around 6 hours? 🤷🏻♂️
That makes no sense.
With either the ESP tunnel
(https://gitlab.com/openconnect/openconnect/blob/master/esp.c#L217-432)
or with the TLS tunnel
(https://gitlab.com/openconnect/openconnect/blob/master/gpst.c#L1224-1364)
you should be getting a log message with every single packet sent or
received over the tunnel, including keepalive/DPD packets.
Your initial command line included `--syslog`, so the logs are
certainly *not going to stderr* after the connection is established.
https://www.infradead.org/openconnect/manual.html#opt-syslog
Are you sure you're looking at the right logs, in the right place?
More information about the openconnect-devel
mailing list