• McMaster
  • McMaster A-Z Index
• Academics
  • Undergraduate Studies/Programs
  • Graduate Studies/Programs
  • Part-Time Studies & Continuing Education
  • Departments & Faculties
• Alumni
  • About the Alumni Association
  • Alumni Events
  • Services & Benefits
  • Programs for Alumni
  • Alumni Networking
  • Keep in Touch
  • Homecoming
  • Alumni Weekend
  • Students & Young Alumni
  • Giving to McMaster
• Discover McMaster
  • About the Campus
  • Fast Facts
  • Governance
  • History of McMaster
  • How to Get to McMaster
  • Policies, Procedures & Guidelines
  • President's Message
  • Provost & Vice-President (Academic)
  • Strategic Plan
  • Teaching and Learning at McMaster
• Future Students
  • Undergraduate
  • Graduate Studies
  • MBA Program
  • Continuing Education
  • Parents
  • Student Services
  • Virtual Tour
• Library
  • About the Libraries
  • Contact Us
  • Course Reserves
  • Library Catalogue
  • Library Services
  • My Account / Book Renewal
• Research
  • Canada Research Chairs
  • Endowed & Industrial Chairs
  • Ethics in Human Research
  • McMaster Innovation Park
  • Office of International Affairs
  • Partnership Opportunities
  • Research Centres & Institutes
  • Research Policies & Procedures
  • Science in the City
• Current Students
  • Student Affairs
  • Student Resources
    • Chaplaincy
    • Human Rights & Equity
    • Information Technology
    • Office of Academic Integrity
    • Ombuds
    • Parking & Transit
    • Registrar
    • Safety & Security
    • Student Financial Aid & Scholarships
    • Student Accounts
  • Student Government
    • Graduate Students
    • Part-time Students
    • McMaster Students Union
  • Campus Life
    • Clubs
    • Events

University Technology Services

• McMaster's Virtual Private Network (VPN) Service
• VPN Home
• When to Use VPN
• Authorization to use VPN
• Recommended Client Software
• VPN Frequently Asked Questions (FAQ)
• UTS Home

General

• Which wireless standard does McMaster use?
• Will the VPN interface work with my normal network connection?
• Why is the VPN server required to use MacConnect networking?
• What the VPN server does not replace.
• Split Tunnel
• VPN session timeouts
• Do I have to use the Cisco client software?
• Is there a charge for the Cisco client software?
• Do I require an account to use the MacConnect network?
• Wireless seems slower than my desktop connection. Why?
• Where can I connect to the MacConnect system?
• Home Firewall Issues
• Wireless Palm, PocketPC, PDA Access (Limited Support)
• How do I connect to shared Windows directories from off-campus?

Windows-Specific

• Using both Windows networking protocol and your regular wired or wireless Internet connection (TCP/IP networking protocol) with the VPN server
• Using software-based firewalls with the VPN server
• AntiVirus Software Conflicts
• Windows XP & Multiple User Logon
• XP Firewall - connection dropping after a few minutes

AnyConnect Specific

• What level of rights is required for the AnyConnect client?
• Is a reboot required after AnyConnect is installed/upgraded
• What platforms is Datagram Transport Layer Security (DTLS) supported on?
• Does DTLS support both 32-bit and 64-bit platforms?
• What is the difference between the SSL-Tunnel and DTLS-Tunnel? What type of traffic goes through each?
• Does AnyConnect standalone mode require the system to have Internet Explorer (IE) installed?
• Where are the Windows AnyConnect installation logs stored?
• Where are the Linux AnyConnect installation logs stored?
• What is the AnyConnect Reconnect Behavior?
• Does AnyConnect 2.x support both x86 (32-bit) and x64 (64-bit) Vista?

Troubleshooting

• Screen savers, hibernation/sleep mode, and the VPN software
• I'm not getting prompted for the password. Why not?
• I've got a wireless machine and an account. I've followed all the client installation steps, but I can't seem to connect. Now what?
• I've also followed all the steps, but I've got a wired machine. What do I do?
• I can connect, and the VPN works for a while, but then it stops working. What do I do?

---

General

Which wireless standard does McMaster Wireless use?

To be compatible with the McMaster MacConnect wireless network, your wireless card must use the 802.11 (B or G) "standard. We recommend the 802.11g cards to provide the highest possible connection speed. In addition, we "strongly encourage you to select a Wi-Fi certified card in order to guarantee that the manufacturer is following "the 802.11b standard closely.

At this time, only 802.11b or 802.11g wireless cards will work with our MacConnect wireless service.

Will the VPN interface work with my normal network connection?

The VPN client is active only when you choose to start it. If the program is not running, then it will not affect your connection.

Why is the VPN server required to use MacConnect networking?

Wireless networking is inherently less secure than wired networking. Even with a modern switched wired network, information traveling through a network cable can be intercepted ... eavesdropping requires less effort and special tools than it used to. With a wireless network, information travels through a broad, unrestricted area and can be intercepted from the air by anyone sharing the same access point. Since no encryption is inherently applied to wireless transmissions, and since the WEP (wireless encryption protocol) standard is known to be insecure, McMaster has decided to implement and require the use of a VPN server in order to protect important University and user information, such as user names and passwords, from being intercepted.

What the VPN server does not replace

The VPN server provides secure ways for you to connect to campus and Internet resources. However, it is not a total security solution. The information is encrypted between the server and your machine; however, when the server relays your request to the campus or Internet resources, it is unencrypted.

Once the connection leaves the VPN server, it behaves just as a wired connection originating on the McMaster campus would behave. This means that encryption may or may not be provided, depending on the resources you access and the method you use to access them. MUSS & Univmail access is encrypted between source and destination if you use the SSL connection (URL begins with https://). Other methods of email access are not automatically encrypted.

In order for the VPN service to behave as if you were located on campus, traffic does not go through the campus firewall, bypassing any protective rules operating there. This could be a problem if your home machine were infected with code which attacked other machines. Whereas the firewall may have prevented this, using the VPN service you may infect McMaster machines to which you connect. Hence, it is particularly important to ensure that the machine you use as a VPN client is up to date with the latest security patches, and runs current antivirus software.

Split Tunnel

McMaster's distribution of the Cisco VPN client is configured in a split tunnel mode of operation. This means that traffic to a McMaster address (130.113.x.y) is encrypted and sent to the VPN. Traffic to non McMaster destinations is sent via your ISP as it normally would and unaffected by the VPN. This makes the VPN connection more efficient by only encrypting what is necessary and reduces bandwidth waste.

VPN Session Time-outs

VPN sessions from an MacConnect network connection (wired and wireless) will time out after 30 minutes of inactivity, or 3 hours of continuous use. VPN sessions from off campus will time out after 30 minutes of inactivity or 24 hours of continuous use. If the VPN times out and your IPSec connection is terminated, click OK and bring up the VPN Dialer again. Important: Power management modes differ from OS to OS, and from laptop to laptop. When your computer goes into sleep mode, the Network Interface Card (NIC) may lose power and drop your Internet connection without warning. You must stop and restart the VPN client in order to reconnect.

Do I have to use the Cisco client software?

For Windows and Apple OS X systems, the Cisco client is the recommended client supported by UTS, since it is one of the better clients using the IPSec protocol, and since it is licensed for use with Cisco VPN 3030 Concentrator. For Unix (Linux or Solaris) systems, the Cisco client is also recommended, although UTS cannot provide full support. As an alternative for Windows or older Macintosh systems, PPTP (Microsoft Point to Point Tunneling Protocol) can be used. It's not as secure, but could be useful if a particular application didn't work with the Cisco client.

Is there a charge for the Cisco client software?

The Cisco client is freely available to McMaster community users of the VPN server. See VPN pages for a link to Download and Install Cisco VPN client software for more details.

Do I require an account to use the MacConnect network?

Yes -- your userid and password is the same one you may already use to access the modem pool, web proxy or student labs. An explanation of accounts can be found at UTS Accounts for access to Network Services .

Wireless seems slower than my desktop connection. Why?

There are at least three possible reasons for this:

1. You are sharing (at best) 11 Mbps with all the other people who are using the same access point. Therefore, you have less bandwith than your desktop computer.
2. Depending on where you are located relative to the access point and the strength of the signal you are receiving, you may have as little as 1 Mbps of bandwith available to your wireless device.
3. Data encryption and decryption requires computational time from the processor. Thus, the VPN may slow the system somewhat, particularly if your machine is older.

Where can I connect to MacConnect networking?

The Wireless@McMaster pages contain a link to Locations which lists areas that are currently connected to McMaster Wireless through the VPN server. This list will grow as more areas find funding for the access points required to provide additional connections and a more widespread service.

The MacConnect system pages contain a link to locations of public area wired data jacks on campus.

Home Firewall Issues

Most home routers from manufacturers such as SMC, NetGear, Linksys, D-Link and Microsoft work with the VPN without modification. However, some firewall software such as that found in the Linux operating system may need to be modified. If you are running a firewall or a router for a home network, you must allow the following types of traffic to pass through: UDP port 500 (ISAKMP), IP protocol 50 (ESP), and UDP port 4500 (for use with NAT-T, for users utilizing NAT). For PPTP, you must allow the following types of traffic to pass through your firewall, TCP/1723, TCP/139UDP/Netbios-NS, UDP/Netbios-DGM, IP/47 GRE

Wireless Palm, PocketPC, PDA Access (limited support)

Due to the wide variety of vendor customisations of products, UTS cannot support all versions of Pocket PCs and PDAs with our wireless canopy.

Note: "PDA" is short for Personal Digital Assistant. PDAs are also called palmtops, hand-held computers and pocket computers.

Palm Pilots and Pocket PC clients appear to work well, using PPTP as the selected "VPN Type". This service has only been introduced recently (September 2005), as we have previously experienced compatibilty problems with earlier VPN device software. Currently, Movian IPSec clients may work for PDAs and PocketPCs; however, the Movian client no longer appears to be widely available, nor does our VPN Concentrator vendor guarantee compatibility with this product.

Windows CE ("Pocket PC") (Instructions)

PPTP for Palm Handheld Devices (Instructions)

Connecting to shared Windows directories

Shared Windows directories are sometimes referred to as SMB or CIFS shares.
SMB - Server Message Block, CIFS - Common Internet File System

Many customers at McMaster currently connect to shares on the UTS Office Servers. You must install and use the Cisco VPN Client in order to access these shared directories from home. Once you have established a VPN connection, you may follow these instructions in order to connect to Office Server shares:

Windows 2000/XP: Linking to Office Server Shares (Instructions)

For Mac OS X, or various versions of linux and unix, you can use the smbclient command: For example, to link to the "Q" or "common" departmental drive, where "X" is 1,2, or 3, and "DEPT" is the abbreviation for your department (discuss this with your UTS Client Services representative if you have any questions about this), use: smbclient //osX/DEPTcommon$ -U AP1/your_MAC_ID

---

Using both Windows networking protocol and your regular wired or wireless Internet connection (TCP/IP networking protocol) with the VPN server

The instructions given in the VPN pages link to Download and Install Cisco VPN client software focus on using the VPN server with Internet networking protocols (TCP/IP).

If you need to access networked resources through Windows Networking (e.g. files stored on Windows servers or printers attached to Windows servers), it is possible to do so through the VPN client if that Windows server is configured to allow your access. You will not be able to browse for the server using the Network Neighborhood, but will need to link to the server explicitly. (You will not be able to 'log in' to your departmental server in the way you may do with your desktop machine, since departmental servers that UTS administers are configured to only accept connections from designated desktop clients.)

If you do access networked resources through the Windows Networking:

1. First, make sure that your VPN client is already correctly handling TCP/IP-based communications. If you cannot connect to the VPN server or cannot connect to any off-campus Web pages while it is running, you should resolve those issues before configuring the VPN client for Windows Networking.
2. After the VPN client is working for that function, connect to the Windows server using the normal 'Tools' / 'Map network drive' dialogue.

Using software-based firewalls with the VPN server

Cisco's VPN client includes a stateful firewall. This firewall is always enabled when connected to the McMaster VPN server. It can also be configured to be always on meaning it is enabled even when the client is not connected.

Note: If you plan to use both the Cisco VPN client and the MS-PPTP client, the Cisco firewall must be disabled for the PPTP sofware to connect (disabled by default with the McMaster-configured software distribution). If you have changed this, uncheck the Always On configuration option under Options, Stateful Firewall (Always on), to disable it again.

AntiVirus Software Conflicts

It is recommended that you disable all AntiVirus software during the installation of either the IPSec or PPTP client software as some conflicts may occur.

In particular, there is a Windows XP Installation glitch with Cisco VPN client 4.0.x if McAfee is running. To fix, disable scanning before install; even after reboot when McAfee comes back up, it complains 'Winsock file changed - some network apps may not work - reboot again' ... fix: second reboot allows VPN client to work.

Windows XP & Multiple User Logon

If there are other users logged in to a Windows XP machine (even if not running a program), Cisco VPN client stalls during authentication & never completes the connection. Fix: log off other users (it is suspected that the Cisco client establishes the VPN tunnel for the whole machine, not just a particular user's session).

XP Firewall - connection dropping after a few minutes

Those using the Cisco VPN Client, on a system running Windows XP, with the Firewall feature enabled, may experience timeout problems (your session may disconnect within 5 minutes) if the following type of traffic is not allowed to pass through the firewall: UDP port 500

Any customers using a home router or "NAT" (Network Address Translation) box* should not experience any problems whatsoever.

* Devices that are used to share Internet connections within the home - connecting to Cablemodem services (e.g. Cogeco) or High-Speed DSL services (e.g. Sympatico) - from manufacturers such as SMC, NetGear, Linksys, D-Link and Microsoft.

Changes required to avoid timeout issues:

1. Start->Control Panel->Windows Firewall Under the "General" Options Tab, ensure that the "Don't allow exceptions" is NOT checked). That is, you DO want to allow exceptions ...
2. Next, select the Exceptions Tab ...
3. Select "Add Port"
4. Specify a Name for this exception, in the "Name:" field (call it anything you like. Example: UDP500)
5. Specify 500 as your Port number.
6. Select UDP.
7. Select OK.
8. Select OK again, to close the Windows Firewall window.

---

AnyConnect Specific

What level of rights is required for the AnyConnect client?
For the first installation, you need administrative privileges. However, subsequent upgrades do not require the admin level privilege.

Is a reboot required after AnyConnect is installed/upgraded

No. Unlike the IPsec VPN Client, a reboot is not required after the AnyConnect installation/upgrade.

What platforms is Datagram Transport Layer Security (DTLS) supported on?

DTLS is supported on WIN2K/XP/Vista/Mac OS and Linux.

Does DTLS support both 32-bit and 64-bit platforms?

Yes.

What is the difference between the SSL-Tunnel and DTLS-Tunnel? What type of traffic goes through each?

The SSL-Tunnel is the TCP tunnel that is first created to the ASA. When it is fully established, the client will then try to negotiate a UDP DTLS-Tunnel. While the DTLS-Tunnel is being established, data can pass over the SSL-Tunnel. When the DTLS-Tunnel is fully established, all data now moves to the DTLS-tunnel and the SSL-tunnel is only used for occasional control channel traffic. If something should happen to UDP, the DTLS-Tunnel will be torn down and all data will pass through the SSL-Tunnel again.

The decision of how to send the data is very dynamic. As each network bound data packet is processed there is a point in the code where the decision is made to use either the SSL connection or the DTLS connection. If the DTLS connection is heathly at that moment, the packet is sent via the DTLS connection. Otherwise it is sent via the SSL connection.

The SSL connection is established first and data is passed over this connection while attempting to establish a DTLS connection. Once the DTLS connection has been established, the decision point in the code described above just starts sending the packets via the DTLS connection instead of the SSL connection. Control packets, on the other hand, always go over the SSL connection.

The key point is if the connection is considered healthy. If DTLS, an unreliable protocol, is in use and the DTLS connection has gone bad for whatever reason, the client does not know this until Dead Peer Detection (DPD) occurs. Therefore, data will be lost over the DTLS connection during that short period of time because the connection is still considered healthy. Once DPD occurs, data will immediately be set via the SSL connection and a DTLS reconnect will happen.

The ASA will send data over the last connection it received data on. Therefore, if the client has determined that the DTLS connection is not healthy, and starts sending data over the SSL connection, the ASA will reply on the SSL connection. The ASA will resume use of the DTLS connection when data is received on the DTLS connection.

Does AnyConnect standalone mode require the system to have Internet Explorer (IE) installed?
In brief testing, AnyConnect standalone mode appears to operate properly even after IE is removed from the system.

Where are the Windows AnyConnect installation logs stored?

There are two possible locations for the install logs on Windows:

• If this is a fresh install, then it will be in the USER's temp directory. This directory can be found by entering %TEMP% from the Start->run menu in Windows XP or 2K (and the search window on Vista) and then clicking ok / enter.
• If this is an upgrade, then this file will be located in the SYSTEM's temp directory which is typically %SYSTEMDRIVE%\temp or %SYSTEMROOT%\temp, but might be located elsewhere.
  
  The file has a format of WinSetup-Release-2.0install-21333219012007.log, for example.

Where are the Linux AnyConnect installation logs stored?

These logs are stored in /opt/cisco/vpn.

What is the AnyConnect Reconnect Behavior?

AnyConnect will attempt to reconnect if the connection is disrupted. This is not configurable, but automatic. As long as the session on the ASA is still valid, if AnyConnect can re-establish the physical connection, the session will be resumed.

Does AnyConnect 2.x support both x86 (32-bit) and x64 (64-bit) Vista?

Yes.

---

Troubleshooting

Screen savers, hibernation/sleep mode, and the VPN software

On several operating systems, the Cisco VPN client will have problems when the system engages a screen saver, goes into hibernation, or goes into sleep mode. This is because the VPN client expects to have constant communication with the server. When the system goes into a state of lower activity, some hardware devices can also be put into standby, including wireless and Ethernet cards. If this is done, it interrupts the network connection the VPN client is using to communicate with the server.

On Windows, some network cards are put into standby when a screen saver engages or hibernation starts. While there have not been reports of Windows machines freezing, the VPN client often becomes unable to communicate with the server even after the screen saver or hibernation is ended and normal network card activity resumes. Stopping and restarting the client will not solve the problem; you will need to reboot the system in order to be able to connect correctly again. You should always log out of the VPN client software and exit it before letting your system go into screen saver or hibernation mode.

This has not been reported as an issue for Unix or Mac OS X users.

I'm not getting prompted for the password. Why not?

It is possible that you don't have an appropriate DHCP-assigned IP address. To check your DHCP configuration and IP address, see steps 6 and 7 of the wireless troubleshooting list below.

I've got a wireless machine, and an account. I've followed all the client installation steps, but I can't seem to connect. Now what?

1. Is your wireless card correctly installed?

   Make sure that your card is fully inserted, and that your hardware and software both recognize the card's presence. See your card software's help instructions for self-test procedures.

2. Have you configured it for use on McMaster Wireless?

   The SSID (used to identify which wireless network your're accessing) should be set to 'broadcast' and WEP should be turned off (see the setup link on the Wireless@McMaster pages.

3. If your card has an activity light, does the light flash the correct color to indicate successful activity?

   Many cards flash a green light to indicate that activity is possible. Again, check your card's instructions for product-specific details.

4. Does your wireless software report that it is associated with an access point?

   If not, move to an area closer to one of the access points (listed in the Locations link on the Wireless@McMaster pages.

5. Once your wireless software reports association with an access point, does the access point's address start with a McMaster IP (prefix 130.113...)?

   You can check this using the utility software supplied by the vendor of your wireless NIC. If not, the access point you're using is not one associated with the University network. Again, move closer to one of the listed access points.

6. Is your machine configured to use DHCP?

   DHCP (Dynamic Host Configuration Protocol) allows servers to assign temporary network IP addresses to computers that contact them and ask for an identity. On a Windows system, this is usually described with the "Obtain an IP address automatically" option. On a Macintosh this is described with the "Configure using DHCP server" option, available in the TCP/IP properties of the network adapter. In order to access the wireless network at McMaster with the VPN server, your machine will need to be configured to use DHCP.

   On a Windows machine:

   Go to Start -> Programs -> Accessories -> Communications -> Dialup Networking (or Network and Dialup Connections), then selecting the connection you want to examine. Right-click on the connection you use and choose Properties. In the Properties dialogue box, select the TCP/IP item and click Properties.

   One of the DNS options listed should be Obtain an IP address automatically (or wording to that effect). You want to obtain an IP address from the DHCP servers, so make sure that option is selected. Then click OK until you've returned to the desktop. (You may need to reboot your machine.)

   On a Macintosh OS X machine:

   Go to the Apple menu, then System Preferences, then click the Network button, then the TCP/IP tab.

   Depending on your machine's configuration, you may need an administrative password (or someone who knows it) to tell the machine to get its IP address from a DHCP server. Once you've accomplished this, click OK until you've returned to the desktop. (You may need to reboot your machine.)

7. Once you're close enough to an access point to connect, your machine is configured to use DHCP, and you've established a connection through the VPN client, did your machine receive an IP address in the range assigned by the VPN?

   To check this, bring up the VPN client utility (by clicking on the padlock in your system tray), select the 'Statistics' tab, and verify that the client has a McMaster IP address (prefix 130.113...). On another machine that is connected to the network, do an nslookup on the client IP address reported, and you should see an associated domain name of the form VPN-xx-nnn.IPReg.McMaster.ca, where xx and nnn are assigned values.

   If you did not receive an IP address in this range, there are three possibilities:

   • The network card isn't working.
   • You aren't properly associated with an access point (see steps 4 and 5 above).
   • The DHCP server and your machine are not communicating.

   If you've established that you are correctly associated with an access point that belongs to the McMaster domain, try rebooting your system. If you still can't connect, contact the Technology Service Desk at ext. 24357.

8. Can you ping the VPN?

   Try pinging macvpn.mcmaster.ca (if connecting from off-campus, or openport.mcmaster.ca if coming from on-campus). If this does not work, contact the Technology Service Desk at ext 24357. There may be an installation and configuration problem with your VPN client, or there may be network trouble.

9. Are you receiving any specific error messages from your software?

   If so, check the documentation for that software for further assistance. (If the error message is about an incorrect password, check with the Service Desk at ext.24357 about whether you remember your password correctly or should change it.)

10. If none of the above steps have helped:

    For further assistance, contact the Technology Service Desk at ext. 24357.

I've also followed all the steps, but I've got a wired machine. What do I do?

1. Can you connect without the VPN to your usual Internet Service Provider?

   If you can't connect to your ISP even when you're not trying to use the VPN, the problem is related to the ISP rather than the VPN system specifically. Contact your ISP's technical support department for assistance.

2. For cable modem and DSL users only:

   There are several factors that may affect users who connect via cable modem or DSL that dialup users may not experience.

   One common device that many cable modem users have attached to their home network is a cable modem router. Most cable modem routers act as firewalls and Network Address Translation (NAT) devices. Both the firewall rules and the NAT may affect their ability to connect via VPN. The Cisco client is designed to work with NAT transparency.

3. Once you've connected to your ISP, can you ping macvpn.mcmaster.ca (if connecting from off-campus, or openport.mcmaster.ca if coming from on-campus). If you can ping campus IP addresses through your connection, there is probably an installation or configuration problem with your VPN client software. For further assistance, contact the Service Desk at ext. 24357.

   If you cannot ping campus IP addresses through your ISP connection, there is probably a network problem between your network connection and the VPN concentrator. UTS recommends you try again after a while. If the problem remains, please report it to the Service Desk at uts@mcmaster.ca, along with date, time, and details of your problem.

4. Are you certain the VPN is distributing a different (McMaster-based) IP address for you?

   To test this, use the VPN software to connect to the VPN server, and using a web browser link to http://netman.mcmaster.ca/cgi-bin/my-ip-address.cgi . This should display an address and associated domain name of the form: VPN-xx-nnn.IPReg.McMaster.ca where xx and nnn are assigned numeric values.

   If not, you are not receiving a DHCP-assigned IP address from the VPN server. For further assistance, contact the Technology Service Desk at ext. 24357.

5. Are you receiving any specific error messages from your software?

   If so, check the documentation for that software for further assistance. (If the error message is about an incorrect password, check with the Service Desk at extension 24357 or email Service Desk about whether you remember your password correctly or should change it.)

6. If none of the above steps have helped:

   For further assistance, contact the Service Desk at extension 24357 or email the Service Desk.

I can connect, and the VPN works for a while, but then it stops working. What do I do?

There are three common problems that can make the VPN connection stop working:

1. Your computer goes into screen saver/hibernation/standby mode, or powers down the network card to save energy. This is further explained in the hibernation item above.
2. Your computer loses its connection to the VPN server briefly. This can happen when the signal strength of a wireless access point fluctuates or when the wired network connection you are using is too busy to permit the VPN client to maintain its connection with the VPN server.
3. Your connection has timed out. McMaster's VPN server is configured to time out sessions after a period of inactivity, as well as total session length. See VPN session timeouts for details. If this happens, you will need to re-connect.