issue disconnect on remote files? about meshagent HOT 19 CLOSED

The change was pushed a while ago. The current agent will do an idle timeout ping on the tunnel sessions using the same timeout as the control channel. Are you still seeing this issue? The default idle timeout is 120 seconds. If you are seeing a disconnect after 30 seconds, try setting the following in your msh, to see if it helps, then restart the agent.

controlChannelIdleTimeout=25

This will set the idle timeout to 25 seconds.

from meshagent.

This only happens for you for 'files', not for 'Terminal' or 'Desktop'? What client OS is the target running?

from meshagent.

thanks for the reply, happens sometimes on desktop and terminal also but more frequent on files. The clients are windows

This is my NGINX file

#user www-data;
#pid /run/nginx.pid;
#include /etc/nginx/modules-enabled/*.conf;


worker_processes 1;
events {
worker_connections 1024;
}
http {
#disable version nginx
server_tokens off;
# MeshCentral uses long standing web socket connections, set long timeouts.
#proxy_send_timeout 999999s;
#proxy_read_timeout 999999s;
# HTTP server. In this example, we use a wildcard as server name.
server {
listen 80;
server_name remote.mydomain.com;
location / {
proxy_pass http://127.0.0.1:800/;
proxy_http_version 1.1;
# Inform MeshCentral about the real host, port and protocol
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# HTTPS server. In this example, we use a wildcard as server name.
server {
listen 443 ssl;
server_name remote.mydomain.com;
# We can use the MeshCentral generated certificate & key
ssl_certificate /etc/letsencrypt/live/remote.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/remote.mydomain.com/privkey.pem;
ssl_session_cache shared:WEBSSL:10m;
#ssl_session_timeout 999999s;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location ~ /.well-known {
        root /var/www/letsencrypt;
        allow all;
    }

location / {
proxy_pass http://127.0.0.1:4430/;
proxy_http_version 1.1;
#Allows websockets over HTTPS.
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
# Inform MeshCentral about the real host, port and protocol
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
#proxy timeouts
proxy_send_timeout 330s;
proxy_read_timeout 330s;
}
}
}

from meshagent.

Ok, I think I know what the issue is... On the control channel, I implemented an idle timeout, to send a ping as a websocket control packet (to keep it separate from the data stream). It defaults to a 2 minute idle timeout, so that it sends a ping after every 2 minutes of inactivity. (It's configurable).

However, I didn't implement this on the tunnel connections, which is what's used by desktop, terminal, and files. You probably aren't noticing it much on desktop and terminal, becuase you are probably always interacting with the connection, but the files one will probably idle most of the time.

Many proxy servers have a 2 minute idle timeout, where a connection is terminated after a predetermined amount of inactivity... I think that's what's going on here with your files connection...

I'll modify the meshcore.js to also send a websocket control ping after a predetermined amount of inactivity. (I can make it use the same value the agent was configured with, so that it can be configurable)

from meshagent.

Thanks for the reply, the modification will be though the update? or i can edit it manually?

Thank you

from meshagent.

Once i test the changes I'll push it to GitHub so that it'll get picked up for an update, but I can paste the diff here if you wanted to manually update your meshcore.js. it should only be like 5 lines of code.

from meshagent.

thank you so much sure i would like to edit manually before updating thank you again

from meshagent.

Just for clarity, I notice you don't have the keepalive_timeout directive set... According to the nginx docs, the default is:

keepalive_timeout 60s;

So that means, the tunnel connection was probably getting closed after 1 minute of inactivity, which should be easy to do with the files tab... Does that sound about right, or is it really closing after only a couple seconds?

from meshagent.

Thanks for the reply, good point going to put on the NGINX currently getting the tunnel connection closed exactly in 30.51 seconds
quick question which part i should put in the NGINX file the
keepalive_timeout 60s;

from meshagent.

hi there i wanted to know if there's any update?

from meshagent.

So Ylian and I were doing a bunch of testing, and found that the keepalive_timeout thing was unrelated as it appeared to actually refer to the HTTP Keep-Alive header, which is different...

But anyways, we found the default configuration you were using, which is the same as the one we setup, did the disconnect after 3 minutes, which happens to be exactly what the proxy_read_timeout was set to in the configuration...

So with that being said, I tested a modification to meshcore, where with basically just 3 lines of code, I added an idle timeout to send a websocket ping, which fixes this issue...

However, in your case, you are seeing a disconnect after 30 seconds... I think you may have a proxy somewhere between your agent and your server, that is enforcing a much shorter idle timeout. In any case, I will modify meshcore, to use the same idle timeout for the control channel for the tunnel... Right now the default is 2 minutes, but in your case, you'll want to modify the msh file, to specify a shorter timeout, such as 25 seconds, which should fix your issue. The other alternative, is to figure out what is enforcing a 30 second idle timeout on your network.

I'm working on a couple things in the meshcore, so we should have a new update for the core in the next day or two.

from meshagent.

Thank you so much appreciate all the work

from meshagent.

any updates?

from meshagent.

Thanks for the reply currently on version 0.4.3-g not sure on which version you put it?
Thank you

from meshagent.

Hi there so updated to 0.5.0m still getting really fast disconnection i saw that to add
controlChannelIdleTimeout=25

would i add it this in

/root/meshcentral-data/config.json

Thank you

from meshagent.

Greetings
controlChannelIdleTimeout is a configuration option used in /usr/local/mesh/meshagent.msh

from meshagent.

thanks for the reply, but dont have any .msh file in that location running ubuntu server 18

from meshagent.

I'm sorry, I should have mentioned this is a configuration file created in the machine where the agent is installed. I'm not sure if this is also present and where it should be on Windows clients.

Here is a list of what can be set in this file: https://github.com/Ylianst/MeshAgent/blob/master/meshcore/agentcore.h#L255

from meshagent.

what i noticed on version 0.6.48 havent got that issue anymore

from meshagent.