Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problems with TCP sessions terminating

    Routing and Multi WAN
    2
    4
    1.4k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • D
      drsmithy
      last edited by

      G'day folks,

      On my home network I have a 3-legged pfsense VM:

      WAN interface (to my ADSL router)
      LAN interface (most client machines are here)
      MGMT interface ("management" style interfaces are here.  Eg: VMware hosts, switch interfaces, ILOMs, etc)

      (These are separate VLANs all running on the same physical switch, a Netgear GS716T.)

      I am having a problem where any long-lived or data-intensive TCP sessions between the LAN and MGMT networks are being broken.  Some symptoms:

      • SSH sessions are terminated if left running (regardless of whether inactive at a prompt, or whether something like top is running).
      • vSphere client connections to hosts or vCentre terminate if left running.
      • vSphere console sessions often freeze and reconnect (noticable by the "X users are connected to this console message).
      • Trying to do an install on a VM by mapping an ISO from the local machine freeze as soon as the VM tries to boot from the ISO.
      • Browsing Samba shares is fine, but any attempt to copy a file causes a timeout and "cannot find server" error.

      None of these issues occur if the client and server machine are on the same VLAN - it's only when the traffic has to be routed and traverse the pfsense VM that they manifest.

      All the networks have simple pass any-any rules on them.

      Interestingly, I have NOT noticed any problems with traffic from either LAN or MGMT to the outside world (eg: large HTTP transfers), which also go through the same pfsense firewall (and are NATed).

      This behaviour has been present ever since I setup the pfsense VM, but it's never really annoyed me enough to try and figure out what's going on - it finally has, but I can't see anything obviously wrong (and it's been probably 10+ years since I did any serious routing/firewalling type work, so I'm struggling to remember what can be broken).

      Any ideas ?

      1 Reply Last reply Reply Quote 0
      • B
        biggsy
        last edited by

        Need some more info about your setup:

        • pfSense version

        • VMware version

        • NICs being used

        Latest firmware on the switch?

        1 Reply Last reply Reply Quote 0
        • D
          drsmithy
          last edited by

          pfsense version is 2.0.3-RELEASE

          Host is ESXi 5.1 build 914609

          Physical NIC is a LOM, intel 82574L chipset

          Virtual NICs are E1000

          Virtual HW version is vmx-09

          It does look like there is a more recent revision of the switch FW, but the Netgear website is playing up so I can't download it.  I will update it and test again as soon as I can.

          1 Reply Last reply Reply Quote 0
          • B
            biggsy
            last edited by

            Nothing obvious there - except I need to update my own ESXi  ::)

            Is the LOM the only NIC?  It's a bit unusual using that with anything but management.

            Do you happen to have both tagged and untagged VLANs on the same interface.

            Good luck with the Netgear site.  I've been there before.  Had to try three different browsers before I got one that worked.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.