Skip to content

TCP Keep Alive

Support for TCP connection Keep Alive

The Keep Alive support was there and is available since 5.1.6.5 but it Is hardcoded and requires proper testing as this feature is not available to many for configuration.

TCP Keep Alive Overview

In order to understand what TCP keepalive (which we will just call keepalive) does, you need do nothing more than read the name: keep TCP alive. This means that you will be able to check your connected socket (also known as TCP sockets), and determine whether the connection is still up and running or if it has broken.

The keepalive concept is very simple: when you set up a TCP connection, you associate a set of timers. Some of these timers deal with the keepalive procedure. When the keepalive timer reaches zero, you send your peer a keepalive probe packet with no data in it and the ACK flag turned on. You can do this because of the TCP/IP specifications, as a sort of duplicate ACK, and the remote endpoint will have no arguments, as TCP is a stream-oriented protocol. On the other hand, you will receive a reply from the remote host (which doesn't need to support keepalive at all, just TCP/IP), with no data and the ACK set. If you receive a reply to your keepalive probe, you can assert that the connection is still up and running without worrying about the user-level implementation. In fact, TCP permits you to handle a stream, not packets, and so a zero-length data packet is not dangerous for the user program.

This procedure is useful because if the other peers lose their connection (for example by rebooting) you will notice that the connection is broken, even if you don't have traffic on it. If the keepalive probes are not replied to by your peer, you can assert that the connection cannot be considered valid and then take the correct action.

Workflow

To know more about KEEP ALIVE for TCP Connection please refer

Ref: Keep Alive

When a connection is created to Gateway from HySecure Client an additional attribute are used and set in the connection.

  • Keep Alive and
  • Keep Alive intervals.

The Keep Alive is set by HySecure Client for each connection that Is made to the gateway. Now in the version 5.1.8.5 Version the feature is provided to configure and control these Keep Alive values from the gateway.

Configuration

To configure following version info tag are used: 

VPN_TCP_KEEP_ALIVE_INTERVAL
VPN_TCP_KEEP_ALIVE_TIME

Specify the interval and Keep Alive time in miliseconds.

e.g.

VPN_TCP_KEEP_ALIVE_INTERVAL=6000
VPN_TCP_KEEP_ALIVE_TIME=60000

FAQ

*Default values* Default values if not provided Keep Alive == 60000 (Milisec, ie 1 minute) and Interval 6000 (milisec, ie 6 seconds)

How can I turn off Keep Alive

Set 

VPN_TCP_KEEP_ALIVE_INTERVAL=0
VPN_TCP_KEEP_ALIVE_TIME=0

What is the difference between Keep Alive interval and Keep Alive time

Keep Alive time is the interval between last data packet that is sent. Once the connection is marked for Keep Alive this value cannot be changed.

Keep Alive interval is the subsequent Keep Alive probes to send before considering the connection as dead connections.

I do not see the connection Keep Alive packets after the given Keep Alive time?

The connection is not idle and is not yet been marked for Keep Alive

Supported Version

Version 5.1.8.5