From owner-freebsd-questions@freebsd.org Tue May 28 11:44:22 2019 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id F144E15BF4A2 for ; Tue, 28 May 2019 11:44:21 +0000 (UTC) (envelope-from jjohnstone.nospamfreebsd@tridentusa.com) Received: from mail.tridentusa.com (mail.tridentusa.com [96.225.19.3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 9FC1475A30 for ; Tue, 28 May 2019 11:44:20 +0000 (UTC) (envelope-from jjohnstone.nospamfreebsd@tridentusa.com) Received: (qmail 38319 invoked from network); 28 May 2019 11:37:37 -0000 Received: from mail.tridentusa.com (172.16.0.32) de/crypted with TLSv1: DHE-RSA-AES256-SHA [256/256] DN=none by smtprelay.tridentusa.com with ESMTPS; 28 May 2019 11:37:37 -0000 Received: (qmail 39192 invoked from network); 28 May 2019 07:37:36 -0400 Received: from pool-108-53-192-121.nwrknj.fios.verizon.net (HELO ?192.168.1.156?) (jjohnstone@tridentusa.com@108.53.192.121) by mail.tridentusa.com with SMTP; 28 May 2019 07:37:36 -0400 From: John Johnstone Subject: Re: ssh timeout question To: freebsd-questions@freebsd.org References: Message-ID: <8daaed74-b18c-7b3d-12ff-baa76f894bfc@tridentusa.com> Date: Tue, 28 May 2019 07:37:36 -0400 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:60.0) Gecko/20100101 Thunderbird/60.7.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 9FC1475A30 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=pass (mx1.freebsd.org: domain of jjohnstone.nospamfreebsd@tridentusa.com designates 96.225.19.3 as permitted sender) smtp.mailfrom=jjohnstone.nospamfreebsd@tridentusa.com X-Spamd-Result: default: False [-0.15 / 15.00]; R_SPF_ALLOW(-0.20)[+mx]; TO_DN_NONE(0.00)[]; MX_GOOD(-0.01)[mail1.tridentusa.com,mail.tridentusa.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:701, ipnet:96.225.0.0/17, country:US]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_FIVE(0.00)[5]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-0.90)[-0.900,0]; MIME_GOOD(-0.10)[text/plain]; RCVD_TLS_LAST(0.00)[]; DMARC_NA(0.00)[tridentusa.com]; NEURAL_SPAM_MEDIUM(0.34)[0.338,0]; RCPT_COUNT_ONE(0.00)[1]; IP_SCORE(0.25)[asn: 701(1.29), country: US(-0.06)]; NEURAL_SPAM_SHORT(0.48)[0.481,0] X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 28 May 2019 11:44:22 -0000 On 5/27/19 1:23 PM, Doug Denault wrote: > I have broadband service from three different providers: Verizon (MD), > Spectrum > (FL) and Shentel (VA) so I can say with  certainty that this is a function > of the modem. ssh connections FreeBSD <---> FreeBSD do not time out. > > The timeouts appear to be a function of either NAT, DHCP or the number > of active > connections the router can maintain. My current question is with Verizon > FIOS > using the (latest??) modem AC1750 Wi-Fi (G1100). I have a home connection > (100 mbps) and a business connection (150 mbps) both have the same > characteristics. When I had a Verizon MI424WR I had trouble keeping ssh sessions active from a MacOS laptop to a FreeBSD server. On my laptop I created ~/.ssh/config with: ServerAliveInterval 30 and it solved the problem. TCP connection timeouts are a problem due to the timeout values for active states that the router maintains in its state table. Once your system at home completes the SYN, SYN/ACK, ACK handshake to the remote system, the router makes an IP address / port number entry for that connection in his state table. When either of the endpoints explicitly close the connection, the router detects this and deletes the corresponding state in the state table. The router also expires the state when the connection remains idle for longer than router's state timeout value. Any packets that are sent by the endpoints after that are just dropped or rejected since there is no longer any matching state in the state table. It's very common for HTTP connections between web browsers and servers to also go idle before they are explicitly closed. This results in the states being removed prematurely by the router. This isn't noticed by the user though since the browser just opens a new connection to the server. My guess would be that DHCP or number of active connections are not a factor in your case. I also now have a Verizon G1100. I still have my .ssh/config file with ServerAliveInterval set to 30 and I'm able to maintain ssh sessions for many hours as long as the laptop is not set to sleep. > On Verizon (biz) I currently have 24 active and inactive DHCP > connections. I do > not appear to be hitting any limit here. Connections do not time out > except on > any ssh connection running pine. The last time I checked pine it does > not make > any imap requests except when checking for new mail. I'm using the > default (150 > secs). The other providers modems timeout connections so when I could > not find a > keepalive setting that worked, I wrote a script to print a character > every so > often (300 secs works for me). Running a tcpdump session at both ends of your connections to monitor the activity and looking at the packet timestamps should be pretty conclusive to see exactly what is happening. > Verizon happily times out pine connections in 2-3 hours. My keepalive > script has > no effect. I am not sure of the minimum but around 3 hours seems to be > the max. > Verizon of course says the do not time out connections. Probably true > for their > network. Not for the modem IMO. Anyone with similar experience or know > workarounds? - John J.