4

A client connects to a server using ssl (openssl) over a tcp socket.

If there is no ongoing communication, 2 hours later (plus a couple of minutes), the client complains "Socket error. Connection reset by peer".

I've tested this over several days by having the client open a new connection upon getting this warning, and the pattern repeats every two hours. I've looked at cron jobs on both the client and server, and can not see any which might be doing this.

Note that the socket server (reactphp) is unaware that the socket has ever been closed.

What might cause the connection to be reset every two hours? Is there kernel configuration settings which might be doing so?

user1032531
  • 1,877
  • 6
  • 29
  • 35
  • 1
    Many firewalls and some other 'for your own good' middleboxes love to kill connections they decide are idle too long, although IME they _usually_ RST _both_ endpoints. – dave_thompson_085 Jul 09 '17 at 05:29

1 Answers1

5

TCP keepalive. Rips down connections if they're unused, after 2 hours. Can be easily changed. See http://tldp.org/HOWTO/TCP-Keepalive-HOWTO/usingkeepalive.html

In a nutshell, kernel tunable "tcp_keepalive_time" which is exposed via /proc/sys/net/ipv4/tcp_keepalive_time can be changed from the default 7200 as required.

steve
  • 21,582
  • 5
  • 48
  • 75
  • Thank you Steve! Not sure if it is a good idea, but is indefinite time possible? I expect I should keep it as 2 hours, but make the client send a heartbeat ever 1 hour. – user1032531 Jul 08 '17 at 21:26
  • My server does not appear to be running keepalive. What is the service called? Tried keepalive, keepalived, tcp_keepalive, but no. But I do have /proc/sys/net/ipv4/tcp_keepalive_time as well as interval and probes. – user1032531 Jul 08 '17 at 23:43
  • 1
    TCP keepalive does not kill a connection; it tries to send dummy traffic, and _if that fails_ (nominally only if the peer or network died) the connection dies because because of the error in exactly the same way it would if you had tried to send real data. – dave_thompson_085 Jul 09 '17 at 05:27