Keep alive a socket connection over port 402 possible?

[Hoober]

I'm not very network configuration aware at all, so I wanted to ask some experts. I have an application that creates a socket connection between two servers through a firewall over port 402. I've been working with the network engineers and we have the firewall configured to allow the initial connection, and things are working great.

However, there's a global configuration that drops the connection after 3 hours of inactivity. The application doesn't communicate over the socket connection unless a specific call is made, and it's possible that no activity will take place for days at a time. The firewall drops the connection, but only notifies one of the ends that the socket's been disconnected.

The application will not reinitiate the connection unless the sender is notified that the socket has been dropped. Unfortunately, the firewall drops the receiver's connection without notifying the sender. TCPView shows the sender socket still 'open.'

Is there some sort of keepalive script that I can run as a service maybe that will keep alive this connection?

 

[spidey07]

Use TCP keepalives, that will...you know keep the socket alive.

 

[Hoober]

Originally posted by: spidey07
Use TCP keepalives, that will...you know keep the socket alive.

Can you elaborate, please? I don't have a clue how to use TCP keepalives.

 

[spidey07]

I'm not a programmer, but there is a feature of TCP that uses a keepalive to maintain socket state. It's totally normal for a firewall to drop an idle connection, especially after 3 hours...otherwise it's state tables would be astronomically big.

I would imagine it would be in your program to make a call to the stack.

Alternatively you could configure the firewall to send a TCP RST to the sender and receiver, that would be on the rule that allowed the traffic.

 

[Hoober]

Is it possible to configure something outside of the application? Current version does not include a TCP keepalive.

 

[QuixoticOne]

Well if it is a TCP connection between application A and application B, no other application can easily directly send traffic over that specific TCP connection socket once it has been made DIRECTLY between application A and remote application B

The easiest thing would be to modify either the time-out or the detection / handling of the time-out, or the application on one end or the other so that it sends periodic traffic to preserve and monitor the link's integrity.

Another option is to create a tunnel between application A on the local PC and application B on the remote PC using a third application C on the local PC and possibly also a remote application D on the remote PC. Basically like sending the TCP port 402 connection through a VPN or some other kind of tunnel. That way you can have your other processes/applications/configurations responsible for keeping the tunnel/VPN open and maintained / monitored and then the applications A/B do not need special modification (other than what address / port they're talking to / receiving from) to have a reliably monitored / maintained connection.

Something like openvpn, stunnel, et. al. can be used to make such a tunneled connection.

Application A TCP ---> Local Tunnel application address X /port Y ---> tunnel over internet -->
Remote Tunnel application address V / port W ----> remote Application B TCP/402

so that would be your basic setup assuming you use a tunnel protocol / application that has components on both ends of the connection like STUNNEL or OpenVPN or whatever.

You'd just change Application A to talk to address X / port Y which would be local, then remote Application B instead of getting a direct connect from Application A would get an incoming connection on its port 402 from the remote tunnel endpoint application instead of directly from Application A.

 

[QuixoticOne]

http://stunnel.mirt.net/

http://openvpn.net/
http://openvpn.se/