Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 9862 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Edit ssl vpn server config file - remove server side disconnect timeout

ErikFranzén

Trying to find ways to not automatically disconnect SSL VPN after a certain inactivity.

Have modified client ssl vpn config file and inserted:

ping 10
ping-exit 30

According to the log, the tunnel is disconnected by the UTM due to inactivity, and I am curious to read the server side config file and see if it possible to modify.

Or is it possible to do this in another way?



This thread was automatically locked due to age.
  • 0

    Erik, is this a question about Remote Access or Site-to-Site?

    Are you looking for /var/chroot-openvpn/etc/openvpn/openvpn.conf-default?

    Once you solve this, please post the tricks back here.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    Remote Access.

    Here is the content from /var/chroot-openvpn/etc/openvpn/openvpn.conf-default

    dev tun
tun-ipv6

[<LISTEN>]
mark 4458

daemon
multihome
topology subnet
server [<SERVER_POOL>]
[<SERVER6_POOL>]

[<OPTIONS>]
cipher [<CIPHER>]
auth [<AUTH>]
comp-lzo [<DISABLE_COMP>]

persist-key
persist-tun
reneg-sec [<RENEG_SEC>]
keepalive 10 120
verb [<DEBUG_LEVEL>]
down-pre
username-as-common-name

capath /etc/openvpn/ca.d
cert /etc/openvpn/server.crt
key /etc/openvpn/server.key
dh /etc/openvpn/[<DH_FILE>]

client-config-dir /etc/openvpn/conf.d
status /var/run/openvpn-status.log
ifconfig-pool-persist /var/run/ipp.txt

management /var/run/openvpn_mgmt unix
management-client-user root
management-client-group root

plugin /usr/lib/openvpn/plugins/openvpn-plugin-utm.so

    As I understand OpenVPN Keepalive 10 120 is the same as

    ping 10
ping-exit  120

    In order to change anything here, I believe I must either restart SSL VPN by doing a configuration change, like selecting another certificate or by reboot?

  • 0 in reply to ErikFranzén

    I'm not sure what you want to change to what now, Erik.  I thought you made changes to the SSL VPN Config File for the client.  To make that change in the default, that's a different location.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson

    I want to achieve that the SSL remote access client do not disconnect during inactivity and I am curious about the server side configuration.

    Last time it happened according to the log was a server side disconnect.

Unfiltered HTML