On Wed, 2012-06-27 at 17:07 -0500, Jack Miller wrote: > I've appended the relevant sections of the log and redacted some of the > network topology stuff - better safe than sorry. It appears that it's just > configured that way (DTLS-Rekey-Time = 3600). As I mentioned before, I can't > comment on the validity of the setup =). Hm, we do reconnect the CSTP connection for a DTLS rekey; I'm not sure we need to. I knocked up a quick patch to "fix" that, but then noticed that your server is actually asking for a CSTP rekey every 3600 seconds *too*. So yeah, your server is configured to request that, and I don't think there's a lot we can do about it. Perhaps we could optimise for it, and do it asynchronously rather than blocking data traffic while we reconnect the TCP connection. But mostly I'm inclined to suggest that it is a silly configuration on the part of your server, and not worry about it... unless you care enough to submit a patch :) (CSTP is the TCP/HTTPS control connection, while DTLS is UDP and is what we use for the actual network traffic wherever possible.) -- dwmw2 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6171 bytes Desc: not available URL: <http://lists.infradead.org/pipermail/openconnect-devel/attachments/20120627/2e0d3441/attachment.bin>
