Skip to content

Orbstack's network stack drops active, long-lived TCP connections after exactly 24 hours (86400s) #2378

Open
Open
Orbstack's network stack drops active, long-lived TCP connections after exactly 24 hours (86400s)#2378
Labels
t/bugSomething isn't working
@nulledy

Description

@nulledy
nulledy
opened on Mar 29, 2026

Describe the bug

I am experiencing an issue where OrbStack's network stack forcefully severs long-lived, active TCP connections after exactly 24 hours, regardless of connection activity or keep-alives.

I'm developing a containerized security camera NVR (Network Video Recorder) software.

This NVR utilizes an RTSP streaming server (go2rtc) inside a Docker container. Exactly 24 hours after go2rtc establishes a connection to my test cameras via TCP, the connection to every camera drops with an i/o timeout and has to reconnect.

Since the NVR is continuously recording footage from the RTSP streams this timeout and reconnect results in missing footage and other significant issues while performing long-running tests during my development of this NVR software.

Steps Taken to Isolate this as an Orbstack issue:

Not a camera issue: Running the identical Docker setup on an x86-64 native Linux machine results in zero drops. The connection stays open indefinitely.

Not a macOS pf idle timeout: I temporarily changed the macOS native packet filter (pf.conf) tcp.established timeout from 86400 to 600 (10 minutes). The stream survived during a 30 minute test, proving that the TCP keep-alive packets are successfully flowing and the issue is not an idle timeout state dropping.

Not an application bug: Running the native macOS ARM64 binary of go2rtc completely outside of OrbStack results in an unbroken stream that survives past the 24-hour mark.

Because the native macOS app works perfectly, and a native Linux Docker host works perfectly, the 86,400-second (24 hr) kill switch is isolated to the OrbStack network virtualization boundary. It appears the user-mode proxy or NAT implementation has a hard-coded absolute Maximum TTL for proxied TCP sockets that ignores active traffic/keep-alives.

To Reproduce

  1. Use the alexxit/go2rtc container
  2. Configure the container to consume the RTSP streams from at least 1 camera
  3. Open the stream in go2rtc and leave it open so that go2rtc maintains an RTSP connection to the camera(s) (or use go2rtc's preload option)
  4. After 24 hours go2rtc will log an i/o timeout on the RTSP stream from the camera, forcing a reconnect

Expected behavior

Long-lived active TCP connections should NOT be forcibly closed by Orbstack after 24 hours.

Diagnostic report (REQUIRED)

OrbStack info:
Version: 2.0.5
Commit: cfe47627f138ffd822c958553b0a93eaf2692c71 (v2.0.5)

System info:
macOS: 26.3.1 (25D2128)
CPU: arm64, 10 cores
CPU model: Apple M4
Model: Mac16,10
Memory: 16 GiB

Full report: https://orbstack.dev/_admin/diag/orbstack-diagreport_2026-03-29T17-05-58.639437Z.zip

Screenshots and additional context (optional)

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    t/bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions