On Tue, Sep 29, 2020 at 08:44:18AM -0400, Gene Heskett wrote:
This is likely quite true Michael, but it also is only a hint as to how to fix it for the OP.
It was already fixed, serveraliveinterval/clientaliveinterval is the right answer. I guess I can review: these options simply have the client & server exchange an encrypted "are you here" message every N seconds to prevent the firewall from timing out the connection. tcpkeepalives won't do that, as the firewall can see that there is no actual data being transferred and may still timeout idle connections.
All that aside, it's important to be precise about what functionality is related to NAT and what functionality is related to firewalling. Imprecision about these concepts leads to all sorts of (wrong) ideas like "you need NAT to be secure".