Tcp keepalive gegen Firewall Timeouts

From Bitbull Wiki
Revision as of 16:38, 16 September 2017 by Chris (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

wer hie und da via vpn arbeitet ärgert sich bestimmt auch, dass die ssh verbindungen abreissen, soblad man mal 2 minuten nichts tut.

hier hab ich per zufal diese lustigen kernelparameter gefunden, diese prüfen von zeit zu zeit, ob eine tcp verbindung noch taugt, wenn nicht wird sie gekübelt. diese traffic generierung eignet sich hervorragend um verbindungstimeouts jeder art zu vermeiden.

/etc/sysctl.conf 

net.ipv4.tcp_keepalive_time = 30
net.ipv4.tcp_keepalive_intvl = 25

sysctl -p
dies lädt die parameter in den kernel
beim booten wird dies jeweils im rc.sysinit automatisch ausgeführt

für neugierige (man 7 tcp) 

      tcp_keepalive_intvl
             The number of seconds between TCP keep-alive probes.  The default value is 75 seconds.

      tcp_keepalive_probes
             The maximum number of TCP keep-alive probes to send before giving up and killing the connection if
             no response is obtained from the other end.  The default value is 9.

      tcp_keepalive_time
             The  number  of  seconds  a  connection  needs to be idle before TCP begins sending out keep-alive
             probes.  Keep-alives are only sent when the SO_KEEPALIVE socket option is  enabled.   The  default
             value  is  7200  seconds (2 hours).  An idle connection is terminated after approximately an addi-
             tional 11 minutes (9 probes an interval of 75 seconds apart) when keep-alive is enabled.

             Note that underlying connection tracking mechanisms and application timeouts may be much  shorter.
Retrieved from "http://www.bitbull.ch/wiki/index.php?title=Tcp_keepalive_gegen_Firewall_Timeouts&oldid=3614"