Determining webvpn cookie lifetime?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I'm writing a script which will periodically connect to several different 
AnyConnect VPNs, and I'm finding that the webvpn cookies for some of them 
become invalid much sooner than others... so I'm trying to figure out 
intelligently how often they have to be used to remain valid.

Is it possible for OpenConnect to determine the lifetime during which the 
webvpn cookie obtained in the authentication process will remain valid?

- Using the --dump-http-traffic and --cookieonly flags doesn't seem to
  provide any information about the lifetime of the webvpn cookie.

- After the VPN is actually setup with CONNECT, the --dump-http-traffic 
  headers appear to show some lifetime-related settings, e.g.:

    Got CONNECT response: HTTP/1.1 200 OK
    ...
    X-CSTP-Lease-Duration: 259200
    X-CSTP-Session-Timeout: 259200
    X-CSTP-Idle-Timeout: 1800
    X-CSTP-Disconnected-Timeout: 1800
    X-CSTP-Keep: true
    X-CSTP-DPD: 30
    X-CSTP-Keepalive: 20
    X-DTLS-Keepalive: 20
    X-DTLS-DPD: 30
    X-CSTP-TCP-Keepalive: true
    ...
    CSTP connected. DPD 30, Keepalive 20

Does one of these indicate how long the cookie will remain valid? My guess:

- CSTP-Session-Timeout indicates the time after which the session 
  will end no matter what (3 days here)
- CSTP-Idle-Timeout indicates the time after which the session will 
  end, with no traffic (30 minutes here)
- CSTP-Disconnected-Timeout indicates the time after which the cookie will
  become invalid, after disconnection (30 minutes here)

However, my testing appears to show that the server starts to reject the 
cookie (openconnect -C COOKIE) much sooner than any of these timeouts would 
indicate, a few minutes.

Thanks,
Dan




[Index of Archives]     [Linux Samsung SoC]     [Linux Rockchip SoC]     [Linux Actions SoC]     [Linux for Synopsys ARC Processors]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]


  Powered by Linux