When your computer enters sleep mode, all network interfaces are powered down to conserve energy. This includes both physical network adapters and virtual VPN interfaces. Most VPN clients (including Cisco AnyConnect) implement session timeouts that detect this network interruption and terminate the connection for security reasons.
The disconnection occurs because:
1. TCP keepalive packets stop being sent
2. VPN gateway heartbeat checks fail
3. Network stack buffers are cleared
4. TLS session tickets expireOption 1: Modify Power Settings
# PowerShell command to prevent network adapter sleep
powercfg /setacvalueindex SCHEME_CURRENT 19cbb8fa-5279-450e-9fac-8a3d5fedd0c1 12bbebe6-58d6-4636-95bb-3217ef867c1a 0Option 2: VPN Client Auto-Reconnect
// Example batch script for Cisco AnyConnect reconnect
:RECONNECT
vpncli.exe disconnect
vpncli.exe connect vpn.example.com
timeout /t 30
goto RECONNECTNetwork administrators can adjust these parameters in Cisco AnyConnect profiles:
<ClientInitialization>
<UseStartBeforeLogon>false</UseStartBeforeLogon>
<AutomaticVPNPolicy>ConnectOnResume</AutomaticVPNPolicy>
<SessionTimeout>86400</SessionTimeout>
</ClientInitialization>For applications requiring persistent connections, consider implementing:
// Python example using socket keepalive
import socket
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
sock.setsockopt(socket.SOL_SOCKET, socket.SO_KEEPALIVE, 1)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPIDLE, 60)
sock.setsockopt(socket.IPPROTO_TCP, socket.TCP_KEEPINTVL, 10)Windows, macOS, and Linux handle VPN sleep behavior differently due to their power management architectures. Windows tends to be most aggressive with network interface power savings, while Linux offers the most configuration flexibility through:
# Linux systemd config for persistent networking
[Network]
KeepConfiguration=yes
WakeOnLan=magicWhen your computer enters sleep mode, all active network connections are terminated at the hardware level - this includes VPN tunnels. The Cisco VPN client (and most enterprise VPN solutions) implement this behavior by design for security reasons. Here's what happens at the protocol level:
// Simplified state diagram of VPN connection
CONNECTED → [SLEEP EVENT] → DISCONNECTED → [WAKE EVENT] → RECONNECTING
Enterprise VPN solutions deliberately terminate connections during sleep to prevent:
- Session hijacking during inactive periods
- Unattended access to corporate networks
- Potential credential caching vulnerabilities
While you can't prevent the disconnection, you can automate reconnection. Here's a PowerShell script for Cisco AnyConnect:
# VPN Reconnection Script
$vpnClient = "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpncli.exe"
$profile = "corporate-vpn.example.com"
$group = "EmployeeAccess"
$user = Get-WmiObject -Class Win32_ComputerSystem | Select-Object -ExpandProperty UserName
# Check connection state every 60 seconds
while ($true) {
$status = & "$vpnClient" status | Select-String "state:"
if ($status -notmatch "Connected") {
$password = Read-Host -AsSecureString "Enter VPN Password"
$BSTR = [System.Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
$plainPassword = [System.Runtime.InteropServices.Marshal]::PtrToStringAuto($BSTR)
& "$vpnClient" -s <<EOF
connect $profile
$group
$user
$plainPassword
EOF
}
Start-Sleep -Seconds 60
}
Some VPN clients support connection persistence through keepalive packets. For OpenVPN, add these to your config:
keepalive 10 60
ping-timer-rem
persist-tun
persist-key
Corporate environments often enforce session timeouts through:
# Typical Cisco ASA VPN timeout settings
group-policy DfltGrpPolicy attributes
vpn-session-timeout 480
vpn-idle-timeout 30
These settings will override any client-side persistence attempts.