SSL VPN users with OTP disconnecting about the same time each day.

Question

Just recently I enabled OTP for some VPN users. Today I was informed by 3 people they loose connection to the VPN about the same time. When looking at the logs there's a slew of entries about TLS keys out of sync. What makes it odd is my VPN has never disconnected and I'm using OTP as well. There's also 2 others that haven't mentioned any issues. 
 Doing a search for the past 7 days one user is showing the same issue on 4/23. Then another it started yesterday and the last one started today. 
 It has to be related to OTP since the 20+ others on the VPN haven't experienced this problem.

apijnappels · Accepted Answer

Most likely it's caused by the key lifetime which default to 8 hours (28800 seconds). Whenever the connection is up for this time, the encryption key needs to be renegotiated but by that time the OTP is not valid anymore and the VPN is disconnected. 
 You could increase this number by a little bit so the problem is less likely to come up. However note that by increasing this time, you also increase the time hackers get to capture packets and try to gain access. Therefore you need to think if you want to increase and if so, just increase it as little as possible. You could increase it to 36000 seconds (10 hours). It's not a too big increase in time and it will most likely be long enough that most users don't notice it anymore (unless they need to be connected even longer). 
 You can find the setting at Remote Access -> SSL -> Advanced -> Key lifetime.