State Killing on Gateway Failure
-
Behavior seems a little unexpected.
- Establish SSH connection via LAN
- Release wan address (status interfaces)
- SSH app continues working fine with no noticeable interruption. Manually refreshing webgui works fine.
My guess/hope is that the connections are being automatically re-established by the apps. Rather than states not being cleared at this step.
Here's where the real unexpected behavior is.
4) Renew wan address (status interfaces)
5) SSH app loses connection. Manually refreshing (F5) webgui times out once, then is fine after that.Without state killing enabled all is as expected. No lost connection or webgui refresh timeout.
Same behavior on 2.3.2.
Is there a bug here?
If not a bug could someone enlighten me about the behavior please?
-
I don't know, but is it reloading the firewall before opening the WAN interface to traffic?
-
If due to reloading firewall wouldn't that happen also with state killing is disabled?
-
When you release the address, you add no new security exposure. But renewing the address would give you exposure. Like I said, it's just a guess. I'm relatively new to pfSense (though I've been in IT infrastructure since 1987… :) )
-
IIRC State Killing kills all the states, not just the ones of the gateway going down.
I suggested a workaround for not getting kicked out of management but it got rejected.
https://redmine.pfsense.org/issues/3429 -
IIRC State Killing kills all the states, not just the ones of the gateway going down.
I suggested a workaround for not getting kicked out of management but it got rejected.
https://redmine.pfsense.org/issues/3429And this is why I have a Raspberry Pi sitting right next to my SG-1000 so I can do all the console work from the serial port. You can't beat an out-of-band console for robust administration. Of course that won't help if you're administering the system from the WAN side of things… But it's better than nothing...