On Tue, Oct 7, 2014 at 3:02 PM, Niels Peen <niels at peen.ch> wrote: > After 20+ hours, there seem to be no negative effects. > > I did notice something else, possibly related. A worker that's not shut > down after the DPD timeout has long passed: Thanks for testing. > Oct 7 17:43:15 yocimuvu ocserv[5087]: sec-mod: received request from pid 3079 and uid 65534 > Oct 7 18:51:01 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (199 secs, DPD is 90) > Oct 7 18:55:06 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (181 secs, DPD is 90) There is certainly a typo there :) > Oct 7 20:49:21 yocimuvu ocserv[3079]: worker: XXXX:1066 worker-vpn.c:984: have not received UDP any message or DPD for long (248 secs, DPD is 90) ocserv will allow 3 DPD attempts meaning that with DPD = 90 secs it would 270 seconds to close the UDP port. Note also that a UDP DPD failure will result in the UDP port being disabled rather than the connection being tear down. Only if the TCP (main channel) DPD fails the connection will be closed and the worker will be terminated. regards, Nikos