Marcel Kirsch wrote:

Is there any way to configure stunnel to keep the connection between the to servers alive even after an hour of zero traffic? I thought that TIMEOUTidle would be the answer to my problem, but it had no effect.

[cut]

2009.10.09 09:53:48 LOG3[31073:1091389776]: SSL_read: Connection reset by peer (104)

I'm pretty sure there is a network device (some kind of statefull firewall or NAT) between these machines. I think the timeout is caused by the TCP state expired rater than by stunnel.

I think enabling TCP keepalives could be an effective workaround:

socket = l:SO_KEEPALIVE=1 socket = r:SO_KEEPALIVE=1

The trick is to generate some traffic on an idle connection to convince the network device that this TCP connection is not dead.

An alternative solution would be to increase the TCP state timeout on the network device.

Best regards, Mike