diff --git a/tests/gold_tests/timeout/case1.sh b/tests/gold_tests/timeout/case1.sh
new file mode 100755
index 00000000000..126b5931b8b
--- /dev/null
+++ b/tests/gold_tests/timeout/case1.sh
@@ -0,0 +1,23 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+# This is funky delaying and backgrounding the client request, but I just
+# could not get the command executing in the network space to go to background
+# without blocking the autest.
+
+(sleep 1; curl -i http://127.0.0.1:${1}/not-blocked ) &
+
+sudo ip netns exec testserver nc -4 -l $2 -c "sh ./delay-server.sh"
diff --git a/tests/gold_tests/timeout/conn_timeout.test.py b/tests/gold_tests/timeout/conn_timeout.test.py
new file mode 100644
index 00000000000..6d840fac578
--- /dev/null
+++ b/tests/gold_tests/timeout/conn_timeout.test.py
@@ -0,0 +1,71 @@
+'''
+'''
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+Test.Summary = 'Testing ATS TCP handshake timeout'
+
+# Skipping this in the normal CI because it requires privilege.
+# Comment out to run in your privileged environment
+Test.SkipIf(Condition.true("Test requires privilege"))
+
+ts = Test.MakeATSProcess("ts")
+
+Test.ContinueOnFail = True
+Test.GetTcpPort("blocked_upstream_port")
+Test.GetTcpPort("upstream_port")
+
+ts.Disk.records_config.update({
+    'proxy.config.url_remap.remap_required': 1,
+    'proxy.config.http.connect_attempts_timeout': 2,
+    'proxy.config.http.connect_attempts_max_retries': 0,
+    'proxy.config.http.transaction_no_activity_timeout_out': 5,
+    'proxy.config.diags.debug.enabled': 0,
+    'proxy.config.diags.debug.tags': 'http',
+})
+
+ts.Disk.remap_config.AddLine('map /blocked http://10.1.1.1:{0}'.format(Test.Variables.blocked_upstream_port))
+ts.Disk.remap_config.AddLine('map /not-blocked http://10.1.1.1:{0}'.format(Test.Variables.upstream_port))
+
+# Set up the network name space.  Requires privilege
+tr = Test.AddTestRun("tr-ns-setup")
+tr.Processes.Default.StartBefore(ts, ready=When.PortOpen(ts.Variables.port))
+tr.Processes.Default.TimeOut = 2
+tr.Setup.Copy('setupnetns.sh')
+tr.Processes.Default.Command = 'echo start; sudo sh -x ./setupnetns.sh {0} {1}'.format(Test.Variables.blocked_upstream_port, Test.Variables.upstream_port)
+
+# Request to the port that is blocked in the network ns.  The SYN should never be responded to
+# and the connect timeout should trigger with a 50x return.  If the SYN handshake occurs, the
+# no activity timeout would trigger, but not before the test timeout expires
+tr = Test.AddTestRun("tr-blocking")
+tr.Processes.Default.Command = 'curl -i http://127.0.0.1:{0}/blocked {0}'.format(ts.Variables.port)
+tr.Processes.Default.TimeOut = 4
+tr.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/1.1 502 internal error - server connection terminated", "Connect failed")
+
+#  Should not catch the connect timeout.  Even though the first bytes are not sent until after the 2 second connect timeout
+#  But before the no-activity timeout
+tr = Test.AddTestRun("tr-delayed")
+tr.Setup.Copy('delay-server.sh')
+tr.Setup.Copy('case1.sh')
+tr.Processes.Default.Command = 'sh ./case1.sh {0} {1}'.format(ts.Variables.port, ts.Variables.upstream_port)
+tr.Processes.Default.TimeOut = 7
+tr.Processes.Default.Streams.All = Testers.ContainsExpression("HTTP/1.1 200", "Connect succeeded")
+
+
+# cleanup the network namespace and virtual network
+tr = Test.AddTestRun("tr-cleanup")
+tr.Processes.Default.Command = 'sudo ip netns del testserver; sudo ip link del veth0 type veth peer name veth1'
+tr.Processes.Default.TimeOut = 4
diff --git a/tests/gold_tests/timeout/delay-server.sh b/tests/gold_tests/timeout/delay-server.sh
new file mode 100644
index 00000000000..335df64cd18
--- /dev/null
+++ b/tests/gold_tests/timeout/delay-server.sh
@@ -0,0 +1,20 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+sleep 3
+printf "HTTP/1.1 200\r\nTransfer-encoding: chunked\r\n\r\n"
+printf "F\r\n1234567890"
+printf "12345\r\n0\r\n\r\n"
diff --git a/tests/gold_tests/timeout/setupnetns.sh b/tests/gold_tests/timeout/setupnetns.sh
new file mode 100644
index 00000000000..1ce948251e9
--- /dev/null
+++ b/tests/gold_tests/timeout/setupnetns.sh
@@ -0,0 +1,30 @@
+#  Licensed to the Apache Software Foundation (ASF) under one
+#  or more contributor license agreements.  See the NOTICE file
+#  distributed with this work for additional information
+#  regarding copyright ownership.  The ASF licenses this file
+#  to you under the Apache License, Version 2.0 (the
+#  "License"); you may not use this file except in compliance
+#  with the License.  You may obtain a copy of the License at
+#
+#      http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS,
+#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#  See the License for the specific language governing permissions and
+#  limitations under the License.
+
+ip netns del testserver
+ip link del veth0 type veth peer name veth1
+ip netns add testserver
+ip link add veth0 type veth peer name veth1
+ip addr add 10.1.1.2/24 dev veth0
+ip link set up dev veth0
+ip link set veth1 netns testserver
+ip netns exec testserver ip addr add 10.1.1.1/24 dev veth1
+ip netns exec testserver ip link set up  dev veth1
+ip netns exec testserver iptables -t filter -A INPUT -p tcp --dport $1 -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m comment --comment v4-new-connections -j DROP
+ip netns exec testserver iptables -t filter -A INPUT -p tcp --dport $2 -j ACCEPT
+ip netns exec testserver iptables -t filter -A OUTPUT -p tcp  -j ACCEPT
+# Depending on your iptables policy, you may need to adjust to allow traffic to pass over the veth0 virtual connection
+
diff --git a/tests/gold_tests/timeout/timeout.gold b/tests/gold_tests/timeout/timeout.gold
deleted file mode 100644
index 8f268083075..00000000000
--- a/tests/gold_tests/timeout/timeout.gold
+++ /dev/null
@@ -1,3 +0,0 @@
-``
-HTTP/1.1 200 OK
-``
diff --git a/tests/gold_tests/timeout/timeout.test.py b/tests/gold_tests/timeout/timeout.test.py
deleted file mode 100644
index 29094d73f85..00000000000
--- a/tests/gold_tests/timeout/timeout.test.py
+++ /dev/null
@@ -1,42 +0,0 @@
-'''
-'''
-#  Licensed to the Apache Software Foundation (ASF) under one
-#  or more contributor license agreements.  See the NOTICE file
-#  distributed with this work for additional information
-#  regarding copyright ownership.  The ASF licenses this file
-#  to you under the Apache License, Version 2.0 (the
-#  "License"); you may not use this file except in compliance
-#  with the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-
-Test.Summary = 'Testing ATS TCP handshake timeout'
-
-ts = Test.MakeATSProcess("ts")
-server = Test.MakeOriginServer("server", delay=15)
-dns = Test.MakeDNServer("dns", ip='127.0.0.1', default=['127.0.0.1'])
-
-request_header = {"headers": "GET /file HTTP/1.1\r\nHost: *\r\n\r\n", "timestamp": "5678", "body": ""}
-response_header = {"headers": "HTTP/1.1 200 OK\r\nConnection: close\r\n\r\n", "timestamp": "5678", "body": ""}
-
-server.addResponse("sessionfile.log", request_header, response_header)
-
-ts.Disk.records_config.update({
-    'proxy.config.dns.nameservers': '127.0.0.1:{0}'.format(dns.Variables.Port),
-    'proxy.config.dns.resolv_conf': 'NULL',
-    'proxy.config.url_remap.remap_required': 0,
-    'proxy.config.http.connect_attempts_timeout': 5
-})
-
-tr = Test.AddTestRun("tr")
-tr.Processes.Default.StartBefore(server)
-tr.Processes.Default.StartBefore(ts, ready=When.PortOpen(ts.Variables.port))
-tr.Processes.Default.StartBefore(dns)
-tr.Processes.Default.Command = 'curl -i -x http://127.0.0.1:{0} http://127.0.0.1:{1}/file'.format(ts.Variables.port, server.Variables.Port)
-tr.Processes.Default.Streams.stdout = "timeout.gold"