-I <idle_timeout> (0 is never, default 0, in seconds)

Salatiel Filho salatiel.filho at gmail.com
Tue Sep 29 23:27:01 AWST 2015 

Hi Matt, i think it is better try to explain my scenario

I have to routers , "Home Router" and "Remote Router" running openwrt.

Home router has a very stable cable connection with static ip, and
remote router has a DSL connection that fails over to a 3G data
connection in case of the DSL connection drops for more than 5
minutes, so i can check whats hapenning.
The problem is that the 3g connection has all incoming ports closed by
the ISP, so i have setup autossh on the remote router so it would
create an reverse SSH tunnel to my home router, so i could bypass the
blocked ports.  At first the setup is working correctly, right after
the 3g connection is established on remote router, i will get a remote
connection to my local router which setups the reverse tunnel, so i
can ssh back to the remote router.

The problem is , since the 3g connection is very unstable, after the
first connection drop, when the remote router tries to reconnect and
create the reverse tunnel again, it will get a address already in use
from my home router. I can see that the dropbear server handling the
dropped connection is still running and it will be for almost one
hour. (I think that it is respecting the tcp_established_timeout from
kernel).

Well,  i changed the dropbear server to use -I 60 , and the client to
use -K 30. This apparently fixes the problem, but if i try to use
openssh client to connect to the server, i now always get disconnected
after 60 seconds of idle.

Any sugestions ?


One question, if the server has no -I and no -K parameter, but the
client starts with -K 30 -I 60, will the server honour the parameters
the client is sending for that connection ? (It appears not to work
this way)

Thanks !

[]'s
Salatiel


On Tue, Sep 29, 2015 at 11:42 AM, Matt Johnston <matt at ucc.asn.au> wrote:
> Hi Salatiel,
>
> The -I timeout only recognises data traffic in
> shells/commands/TCP forwards. Would the Dropbear server's -K
> option work instead for you?
>
> Cheers,
> Matt
>
> On Sun, Sep 27, 2015 at 08:57:56PM -0300, Salatiel Filho wrote:
>> Hi, shouldn't an openssh -o ServerAliveInterval=30 be enough to avoid
>> the connection drop when the dropbear server uses -I 60 ?
>>
>> Thanks!
>>
>>  []'s
>> Salatiel

More information about the Dropbear mailing list