TCP - FR3 client/server connection timeout
Edelberto Franco
esilva at midiacom.uff.br
Fri Jul 21 14:28:40 CEST 2017
Em 20-Jul-17 6:23 PM, Alan DeKok escreveu:
> On Jul 20, 2017, at 5:19 PM, Edelberto Franco <esilva at midiacom.uff.br> wrote:
>> With TCP/TLS I have a curious comportment
>> Imagine this scenario:
>>
>> # server : port
>> case (1) FR3:33001 -> radsecproxy:2083
>> case (2) radsecproxy: 44001 -> FR3:2083
>>
>> For case (1) FR3 is the client, and radsecproxy is the server. Case (2) shows FR3 as a server of radsecproxy for TCP/TLS connections.
>>
>> In case (1) FR3 TCP connection always keeps ESTABLISHED with radsecproxy, but in case (2) FR3 closes its connection with radsecproxy (client) after less than 1 minute (sending a FIN, normal...).
>>
>> So, is it possible to set FR3 to don't send FIN and close the TCP connection with radsecproxy client?
> Read the "tls" virtual server, and look for "idle_timeout".
We were changed "idle_timeout" and other parameters in 'limit block' to
'tls' virtual server to high numbers (and infinite too), but TCP
connection in case (2) keeps to be finalized
--E
> This is documented.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list