WSS Agent UI > Support > Diagnostics Log shows Connection to WSS lost (ec:26 - A timeout has occurred) with closing dead tunnel message. 

[06-28-2023 00:22:07 (UTC+3:00)]: Server has not sent a packet to Tunnel#14(non-interactive-user) for 32 secs (last seen at 2023-06-28T00:21:35Z). Closing dead tunnel.
[06-28-2023 00:22:07 (UTC+3:00)]: Connection to WSS lost (ec:26 - A timeout has occurred) - reconnecting

Cloud SWG
WSS Agent

The "Closing dead tunnel" message is a standard notification in OpenVPN's dead peer detection (DPD) mechanism.

Every 8 seconds, a "ping" is sent to check the status of the tunnel. If there are four consecutive missed "pings" (a total of 32 seconds, which cannot be changed), the tunnel is no longer responsive, and a new tunnel is established to replace the dead one. This situation usually occurs when something disrupts the connection, often within the Internet Service Provider (ISP) network, between the router and the ISP, or between the ISP and the Internet.

DPD is necessary because UDP (the protocol used by OpenVPN) is not connection-oriented like TCP, so there is no TCP-RST (reset) signal that automatically informs about a connection being terminated or interrupted. Therefore, DPD helps detect and handle dead tunnels proactively.

The issue could also occur due to a corruption of the routing table, so a reboot might help fix the condition. If it happens frequently, capture a Symdiag while it is in that state (to capture the dead peer event) and support can analyze further.

Collect SymDiag data from WSS Agent