bSecure GlobalProtect VPN: SSH Hangs When When Idle

A knowledge base article about bSecure GlobalProtect VPN: SSH Hangs When When Idle provided by the UC Berkeley IT Service Hub - Knowledge Portal

Users of GlobalProtect may notice ssh connection hang, or become unresponsive, after a period of time. This happens when the connection is left unattended for an hour or more and the session in the remote access system times out. To keep the session alive ssh has the ability to send very small amounts of data even while unattended. The feature is called keep alive and keeps the session active in the remote access system.

In many distributions of ssh this is not the default setting and must be enabled.  The following are the steps to turn this feature on for three distributions, please reference the documentation of any others for how to use keep alive.

SSH/OpenSSH on the Command Line - Linux, Mac OS X

  1. Create the directory .ssh (dot-s-s-h) in your home directory if it does not yet exist
    • mkdir ~/.ssh
  2. In your preferred text editor edit, or create if it does not exist, the config file
    • vim ~/.ssh/config
  3. Add to, or create a entry "Host *" without the quotes
  4. Add the commands "ServerAliveInterval 300" and "ServerAliveCountMax 2" on separate lines, also without the quotes
  5. Save and exit the file

Example:

Host *
    ServerAliveInterval 300
    ServerAliveCountMax 2

Putty for Windows

  1. In the session properties, go to Connection
  2. Find Sending of null packets to keep sessions alive
  3. Set Seconds between keepalives (0 to turn off) to 300.

 

SecureCRT for Windows, Mac OS X, and Linux

This will need to be done for each connection in your connections window that you will use over GlobalProtect, alternativly you can follow the next set of directions and change it for everything at once.

  1. Open the Session Options window of the Options menu
  2. Browse to Terminal in the left hand Category list
  3. In the Anti-idle section select Send protocol NO-OP
  4. Enter 300 for the seconds entry
  5. Click Ok
  6. Select Save Settings Now from the Options menu

You can put the setting in the new connection template, this will ensure it is active on any new connections created. You also have the option to update all other connections.

  1. Open the Global Options window of the Options menu
  2. Browse to Terminal and then Default Session in the left hand Category list
  3. Select Edit Default Settings...
  4. Browse to Terminal in the left hand Category list
  5. In the Anti-idle section select Send protocol NO-OP
  6. Enter 300 for the seconds entry
  7. Click Ok to close the template
  8. You will be prompted to only update the template or update all sessions
  9. Click Ok to close global options
  10. Select Save Settings Now from the Options menu