Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
00071491
Contributor

Increase VPN Re-authentication Timeout

Hello, how can I increase the VPN re-authentication timeout period on R80.20 using the Endpoint Security Client (E81.40) on Windows 10 v1909?  My settings are attached as screenshots of Global Properties.  It appears to be stuck at 8 hours, which I have to do every day about 30 minutes before I clock out.  Is there another setting I am missing?

 

 

0 Kudos
8 Replies
PhoneBoy
Admin
Admin

As in the GUI is not allowing you to go past 720 minutes?
Pretty sure 8 hours is an IPsec key renegitation time also.
0 Kudos
00071491
Contributor

Hi, thank you for the reply. From the settings I changed in the GUI, the previous values were 480 minutes, or 8 hours. I've increased those settings to 720 minutes/12 hours, but the change doesn't appear to be the correct ones for Client Re-auth period as it pops up asking users to authenticate again at the 7h 55m mark.

Where can I find the IPSec key renegotiation setting you mentioned?
0 Kudos
PhoneBoy
Admin
Admin

What about this setting?

Screen Shot 2020-04-28 at 4.12.10 PM.png

0 Kudos
JozkoMrkvicka
Leader
Leader

Global settings -> Remote Access -> Endpoint Connect -> Change re-authenticate after 480 minutes to more -> Push policy

Do not forget to update your VPN site to get new settings from gateway.

Kind regards,
Jozko Mrkvicka
0 Kudos
00071491
Contributor

Thank you, both, for your engagement on this.  We had a vendor set all of this up for me so I'm not too familiar with the overall process of applying the changes.

PhoneBoy, from global settings, mine look the same as the screenshot you provided.  Are there any changes I should be making?

 

JozkoMrkvicka, I had previously updated those settings you had directed me towards.  It's set to 720 minutes (12 hours).  How do I update my VPN Site to get new settings from gateway?

 

 

 

 

0 Kudos
PhoneBoy
Admin
Admin

I believe if you disconnect/reconnect it should update, but you can also delete and re-add the site to be sure.
0 Kudos
00071491
Contributor

Hi All,

 

The timeout period appears to be working as expected now.  I hadn't made any changes for the last couple of days, but noticed that I was not prompted to re-authenticate yesterday.  Maybe it's too quick to confirm, but I was happily surprised.  I'm not certain why it took 2-3 days before the settings kicked in, but regardless, it's working.

Thanks for your help.

Howard_Gyton
Contributor

"Do not forget to update your VPN site to get new settings from gateway."

We've recently started to look at this, wanting to extended from 480 to 720, as we find our clients just get forcibly disconnected after 8 hours, even in while the connection is in use, such as an RDP session.

What did you mean by update the VPN site?  Do you mean the site configured at the client side?  I assume that a disconnect/reconnect would pick up the new timeout settings once the policy has been pushed.

 

EDIT:  Never mind, I just saw the reply from PhoneBoy. 😉

0 Kudos