First off, what is your `openconnect --version`? On Wed, Feb 21, 2024 at 11:24 AM Larry Ploetz <[email protected]> wrote: > On 2024-02-20 00:25, Daniel Lenski wrote: > > Do you have some reason to think that this has anything to do with > > OpenConnect per se, as opposed to being a limitation of the servers > > you're connecting to… or perhaps of some other middlebox on the > > network? > > All network connections through openconnect disconnect 6 and 9 hours after > openconnect is started, regardless of when those network connections began > relative to openconnect starting.
It looks like you're collecting very detailed logs from OpenConnect already (`--dump-http-traffic -vvv --timestamp`). What do those logs show around the 6- and 9-hour marks? Anything that's unusual? Anything *other than* the usual sent-a-packet/received-a-packet traffic? > The PAN VPN box is the only middlebox, and I suspect it a lot, but I haven't > heard of anyone here who are using Global Protect having this issue. Are the users of the official PAN GP clients keeping SSH sessions open for 6+ hours like you are? > > Other than your ssh sessions getting disconnected after 6/9 hours, > > does the VPN connection continue working normally after that? That is, > > can you continue opening *new* TCP connections over it? > > Yes, starting new connections works fine after the 6 hour disconnection. It > seems like there might be a minute or two while UDP connections to the DNSs > don't work, at the 6 and 9 hour marks. Okay, so there's nothing specific to SSH, or even TCP, here. Both TCP and UDP connections stop working around the 6/9 hour marks. _______________________________________________ openconnect-devel mailing list [email protected] http://lists.infradead.org/mailman/listinfo/openconnect-devel
