Connections/states DROP when changing web configurator COLOR!!
-
@stephenw10 Did some more fiddling since this made no sense at all.
Went back to 24.11, via boot environments reloaded the newer configuration, and then migrated again to 25.07rcThe problem went away. Almost impossible to reproduce again, strange as it is.
However, going back to 24.11 i saw that sticky connections did work.
Migrating to latest 25.07 rc, sticky connections are gone. -
Like in a load-balanced gateway group?
-
@stephenw10 Exactly on that.
-
Hmm, I'm not aware of that. How are you testing? What are you seeing?
-
@stephenw10
I have two 1Gbit ftth lines(with 500Mbits upload)
One is dhcp, the other is pppoe
I have a gateway group called Loadb with the two gateways as Tier1 and another backup tier
as tier3 via 5g
On the lan side, I have a typical rule that sends the traffic there
This works fine. With stickiness enabled I get this
Which is expected, and doing a speedtest utilizes randomly one of the two lines
This is with stickiness enabled
Unchecking "use sticky connections", the source tracking tab disappears (as expected)
and a speedtest (multi connection by default) gets the aggregate as it should
Upgrading to 25.07 rc has no entries in the source tracking states and speedtests are always get the aggregate traffic.
This is a problem when visiting https sites , especially web banking and other session sensitive, since you get disconnected due to different source ip. It can be mitigated by excluding https traffic with policy routing, but then the issue persists on non standard ports.This is with the new kernel mode pppoe driver but I have tried disabling it with no difference too.
-
Hmm, OK yup I'm seeing that. Digging....
Edit: Looks like this: https://redmine.pfsense.org/issues/16282
-
@stephenw10 Yes, this is exactly the case.
And while we are there, it would be nice to have stickiness being enabled per interface and not on as a whole. Even better if it could be done at the source ip level too. -
Ok, that is fixed in 25.07 and will be in the next 2.8.1-beta.
The stickiness is per source IP. So each internal client will be stuck to a gateway/WAN.
-
@stephenw10 You mean 25.07 release? Since we are on rc.
Yes, I know that stickiness is per source ip, but there is no control over it.
its either all of them or none. -
Mmm, so prevent source tracking for specific IPs or subnets?
I did wonder if sticky connections could be per gateway group. That seems like it should be possible. You could then use rules to route specific clients or subnets to a non-sticky group.
