Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
XBensemhoun
Employee
Employee

Avoid idle timeout of VPN session on endpoint remote access VPN client

Hi,

Is there any further required steps (than the configuration described below) to establish always-on VPN connection from an endpoint client when the Windows' user session is locked after a certain time?

Configuration:

  • Endpoint version: E84.40
  • Authentication by certificate
  • Global Properties - connect mode at Always connect
    • which is confirmed on the client side: "always connected" is checked and greyed
  • save_cli_credentials_for_ATM at true
  • automatic_capi_reauthentication at true

Errors:

[ 7516 7624][23 Aug 22:29:51][TR_EVENTS] TR_EVENTS::Raise: No registered cbs for event 2153254

[ 7516 7624][23 Aug 22:29:52][IKE_SEC_ASSOC] IkeSecAssoc::Timeout:SA with cookies = 44e58930ccbccb4b 25f3509dd3ee99d0 is calling its SAExpiryHandler - needs to be killed

[ 7516 7624][23 Aug 22:29:52][IKE_SA_DB] Adding SA for cookies:  44e58930ccbccb4b 25f3509dd3ee99d0

[ 7516 7624][23 Aug 22:29:52][IKE_SA_DB] ClientSADB::remove : , removed from the ClientSADB

[ 7516 7624][23 Aug 22:29:52][IKE] IkeTunnel::IkeSAExpired: removed SA with Cookies = 44e58930ccbccb4b 25f3509dd3ee99d0

[ 7516 7624][23 Aug 22:29:52][rais] [DEBUG] [RaisMessages::CreateMessageSet(s)] message: (msg_obj

                :format (1.0)

                :id (ClipsMessagesAuthExpired)

                :def_msg ("Authentication expired")

                :arguments ()

)

7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthenticationManager::AbortAuthRequest: __start__ 22:29:53.280

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrCredKey::TrCredKey: creating credKey

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthCache::GetSiteAuthReq: entering - item (gw = <GW name>, authMethod=certificate, realmId=vpn_Personal_Certificate)

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TR_AUTH_MANAGER::TrAuthenticationManager::AbortAuthRequest: Failed to find request to abort, (gw = <GW name>, authMethod=certificate, realmId=vpn_Personal_Certificate)

[ 7516 7624][23 Aug 22:29:53][TR_AUTH_MANAGER] TrAuthenticationManager::AbortAuthRequest: __end__ 22:29:53.280. Total time - 0 milliseconds

[ 7516 7624][23 Aug 22:29:53][TR_FLOW_STEP] TR_FLOW_STEP::TrConnEngineConnectStep::Cancel: Sending disconnect to GW

[ 7516 7624][23 Aug 22:29:53][tunnel] IkeV1Tunnel::cancel_connect: started

[ 7516 7624][23 Aug 22:29:53][tunnel] IkeV1Tunnel::notifyGwSADeletion: started

Information Security enthusiast, CISSP, CCSP
0 Kudos
0 Replies