Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    State Killing on Gateway Failure

    2.4 Development Snapshots
    3
    6
    1079
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      NOYB last edited by

      Behavior seems a little unexpected.

      1. Establish SSH connection via LAN
      2. Release wan address (status interfaces)
      3. SSH app continues working fine with no noticeable interruption.  Manually refreshing webgui works fine.

      My guess/hope is that the connections are being automatically re-established by the apps.  Rather than states not being cleared at this step.

      Here's where the real unexpected behavior is.
      4) Renew wan address  (status interfaces)
      5) SSH app loses connection.  Manually refreshing (F5) webgui times out once, then is fine after that.

      Without state killing enabled all is as expected.  No lost connection or webgui refresh timeout.

      Same behavior on 2.3.2.

      Is there a bug here?

      If not a bug could someone enlighten me about the behavior please?

      1 Reply Last reply Reply Quote 0
      • P
        Phil.Scarr last edited by

        I don't know, but is it reloading the firewall before opening the WAN interface to traffic?

        1 Reply Last reply Reply Quote 0
        • N
          NOYB last edited by

          If due to reloading firewall wouldn't that happen also with state killing is disabled?

          1 Reply Last reply Reply Quote 0
          • P
            Phil.Scarr last edited by

            When you release the address, you add no new security exposure.  But renewing the address would give you exposure.  Like I said, it's just a guess.  I'm relatively new to pfSense (though I've been in IT infrastructure since 1987…  :) )

            1 Reply Last reply Reply Quote 0
            • A
              athurdent last edited by

              IIRC State Killing kills all the states, not just the ones of the gateway going down.
              I suggested a workaround for not getting kicked out of management but it got rejected.
              https://redmine.pfsense.org/issues/3429

              1 Reply Last reply Reply Quote 0
              • P
                Phil.Scarr last edited by

                @athurdent:

                IIRC State Killing kills all the states, not just the ones of the gateway going down.
                I suggested a workaround for not getting kicked out of management but it got rejected.
                https://redmine.pfsense.org/issues/3429

                And this is why I have a Raspberry Pi sitting right next to my SG-1000 so I can do all the console work from the serial port.  You can't beat an out-of-band console for robust administration.  Of course that won't help if you're administering the system from the WAN side of things… But it's better than nothing...

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post