Avoid idle timeout of VPN session on endpoint remote access VPN client

XavierBens — Tue, 24 Aug 2021 13:13:00 GMT

Hi,

Is there any further required steps (than the configuration described below) to establish always-on VPN connection from an endpoint client when the Windows' user session is locked after a certain time?

Configuration:

Endpoint version: E84.40
Authentication by certificate
Global Properties - connect mode at Always connect
- which is confirmed on the client side: "always connected" is checked and greyed
save_cli_credentials_for_ATM at true
automatic_capi_reauthentication at true

Errors:

[ 7516 7624][23 Aug 22:29:51][TR_EVENTS] TR_EVENTS::Raise: No registered cbs for event 2153254

[ 7516 7624][23 Aug 22:29:52][IKE_SEC_ASSOC] IkeSecAssoc::Timeout:SA with cookies = 44e58930ccbccb4b 25f3509dd3ee99d0 is calling its SAExpiryHandler - needs to be killed

[ 7516 7624][23 Aug 22:29:52][IKE_SA_DB] Adding SA for cookies: 44e58930ccbccb4b 25f3509dd3ee99d0

[ 7516 7624][23 Aug 22:29:52][IKE_SA_DB] ClientSADB::remove : , removed from the ClientSADB

[ 7516 7624][23 Aug 22:29:52][IKE] IkeTunnel::IkeSAExpired: removed SA with Cookies = 44e58930ccbccb4b 25f3509dd3ee99d0

[ 7516 7624][23 Aug 22:29:52][rais] [DEBUG] [RaisMessages::CreateMessageSet(s)] message: (msg_obj

:format (1.0)

:id (ClipsMessagesAuthExpired)

:def_msg ("Authentication expired")

:arguments ()

)

…

7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthenticationManager::AbortAuthRequest: __start__ 22:29:53.280

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrCredKey::TrCredKey: creating credKey

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthCache::GetSiteAuthReq: entering - item (gw = <GW name>, authMethod=certificate, realmId=vpn_Personal_Certificate)

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TR_AUTH_MANAGER::TrAuthenticationManager::AbortAuthRequest: Failed to find request to abort, (gw = <GW name>, authMethod=certificate, realmId=vpn_Personal_Certificate)

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthenticationManager::AbortAuthRequest: __end__ 22:29:53.280. Total time - 0 milliseconds

[ 7516 7624][23 Aug 22:29:53][TR_FLOW_STEP] TR_FLOW_STEP::TrConnEngineConnectStep::Cancel: Sending disconnect to GW

[ 7516 7624][23 Aug 22:29:53][tunnel] IkeV1Tunnel::cancel_connect: started

[ 7516 7624][23 Aug 22:29:53][tunnel] IkeV1Tunnel::notifyGwSADeletion: started

topic Avoid idle timeout of VPN session on endpoint remote access VPN client in SASE and Remote Access

Avoid idle timeout of VPN session on endpoint remote access VPN client