Several connection-related timer resolutions in openvpn

There are several timers in openvpn. These timers limit the maximum duration of some specific behaviors of openvpn. If they are not set properly, they may cause inexplicable disconnection problems, however, how to set these counters does not have a general solution. In certain cases, they cannot be too large or too small.
1. Ping

This timer defines the interval between sending ping packets (in case of upper case and lower case to distinguish it from ICMP ping). Sending ping packets is a retention mechanism, it is also used to refresh the Connection Tracing status of the firewall.
2. Ping-Restart

The timer defines how long it will take to reset the connection without receiving the ping packet from the other party. It has been normally received but suddenly did not receive the ping from the peer or it will not be sent because the peer end has died, either the ping packet is lost on the road, or the Ping-resatrt time is less than half of the RTT.
3. Hand-Window

This timer limits the maximum duration of a key negotiation. If the key negotiation fails during this period, the SSL connection will be reset, but it is not executed immediately, how long can I use a previously negotiated key? During this period indicated by the tran-window parameter, if the key negotiation is re-initiated and successful during this period, the SSL connection will not be reset.
4. Tran-Window

This timer limits how long a key can be used after the New Key Negotiation starts. If the key negotiation fails during this period, the old key is still available. In this way, the key re-negotiation can be performed simultaneously with the tunnel data transmission, because even when the key is negotiated, there is still an old key that can be used, in this way, the smooth transition of the key is achieved.
5. TLS-Timeout

This timer defines the interval at which packets in a control channel are resent when no ACK is received. If the definition is too large, packet loss occurs-including the loss of the original package and ACK, handshaking timeout and key negotiation timeout in hand-window may occur. if the definition is too small-obviously less than one RTT, frequent re-transmission will lead to butterfly effect-network congestion.
6. Ping-timer-Rem

This is not a timer. It only specifies the Ping-Restart action. That is to say, after this parameter is set, only when the peer end is actually connected, the restart operation will be performed after the Ping-Restart timer expires. This configuration parameter avoids the restart peer when both parties are deadlocked:
Client restart -------------------------- server is normal, no
Client reconnection -------------------------- server waits for client Ping
Client reconnection successful ------------------------ Server Ping-Restart expiration, restart
If Ping-timer-REM is set, the server will restart the client only when the client socket is not closed.
7. Summary

Data Channel
Among them, the 1 and 2 timers are guaranteed to be available at the same time by means of Data Channel maintenance. In addition, continuous Ping can also continuously activate the connection status of the firewall through refreshing so that it does not expire.
Control CHannel
Among them, the 3, 4 timer ensures the validity of the SSL control channel connection by limiting the key negotiation time and the smooth transition time of the key. In openvpn implementation, the tm_size session is defined in SSL. C for smooth Key Update and transfer.
Reliable Layer
Among them, the 5 timers affect the behavior of the reliable layer. If the pre-compiled macro exponential_backoff is defined, it even affects the reliable layer's backoff retransmission algorithm.