On Tue, Feb 27, 2024 at 3:58 PM Larry Ploetz <lplo...@gmail.com> wrote: > > On 2024-02-25 11:03, Larry Ploetz wrote: > >> Are the users of the official PAN GP clients keeping SSH sessions open > >> for 6+ hours like you are? > > > > > > Yes, I believe so. I'll verify. > > Yes, ssh as well as other TCP connections are staying open for more than > 6 hours. > > > > I'll get back with more information. > > > No indication of any packets in openconnect's stderr, only routing > changes being made (add host/add net), and those are on startup - the > timestamps on the redirected stdout/stderr files are when openconnect > was started + 11 seconds.
You say you're collecting logs with maximum debugging verbosity (`--vvv --dump-http-traffic --timestamp`)… but you see *nothing at all* in the logs around 6 hours? 🤷🏻♂️ That makes no sense. With either the ESP tunnel (https://gitlab.com/openconnect/openconnect/blob/master/esp.c#L217-432) or with the TLS tunnel (https://gitlab.com/openconnect/openconnect/blob/master/gpst.c#L1224-1364) you should be getting a log message with every single packet sent or received over the tunnel, including keepalive/DPD packets. Your initial command line included `--syslog`, so the logs are certainly *not going to stderr* after the connection is established. https://www.infradead.org/openconnect/manual.html#opt-syslog Are you sure you're looking at the right logs, in the right place? _______________________________________________ openconnect-devel mailing list openconnect-devel@lists.infradead.org http://lists.infradead.org/mailman/listinfo/openconnect-devel
