From 77b3f227f7f49a02d9660107624e1f907a7e75ee Mon Sep 17 00:00:00 2001
From: Nikos Mavrogiannopoulos <nmav@redhat.com>
Date: Tue, 15 Nov 2016 14:57:30 +0100
Subject: [PATCH] ocserv.conf: include switch-to-tcp-timeout

---
 ocserv.conf | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ocserv.conf b/ocserv.conf
index 53c626e..96082b7 100644
--- a/ocserv.conf
+++ b/ocserv.conf
@@ -155,6 +155,14 @@ dpd = 90
 # 'X-AnyConnect-Identifier-DeviceType'.
 mobile-dpd = 1800
 
+# If using DTLS, and no UDP traffic is received for this
+# many seconds, attempt to send future traffic over the TCP
+# connection instead, in an attempt to wake up the client
+# in the case that there is a NAT and the UDP translation
+# was deleted. If this is unset, do not attempt to use this
+# recovery mechanism.
+switch-to-tcp-timeout = 25
+
 # MTU discovery (DPD must be enabled)
 try-mtu-discovery = false