Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PfSense kicking out of SSH session after 30-40 seconds

    HA/CARP/VIPs
    1
    3
    631
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      gabriiel last edited by

      Hi all,

      I am new to this forum, but am using pfSense in our work environment and have hardware as well as virtual machines running pfSense. Recently I started to upgrade all of them from 2.2.6 to 2.3.2_1, which went smooth apart from one machine, which I can't upgrade so far because of this issue. To be clear, this node is the secondary node in CARP ( I use master/slave pfSense configuration everywhere).

      When I log in to SSH session and run ping against default GW, it works fine for cca 40 ping replies, then the connection just dies and I receive a message "Write failed: Broken pipe". When I ping this slave pfSense node from master node, there is no outage, I receive all ping replies and it works fine.

      Whatever I do on this slave noe it doesn't matter. I have disabled GW monitoring to avoid killing the states, this didn't help. On Webconfigurator I don't get kicked out, but when I switched over from master to slave, everything apart of webconfigurator went sort of offline.

      I was trying to find something in the logs, but no success.

      Is there some option to enable debug messages or anything I should look for to narrow down the issue?

      Thanks in advance for your responses,
      Gabriel

      1 Reply Last reply Reply Quote 0
      • G
        gabriiel last edited by

        Ok I have narrowed down the problem to be only in this scenario:

        I am using OpenVPN to connect to the network behind these pfsense firewalls. So I connect with OpenVPN through pfsense1 and use a jumphost there to ssh to pfsense1 console. Then I use ping to pfsense2 just to see it's alive.
        This session works fine.

        If I ssh to pfsense2 console from the jumphost and ping to pfsense1, this connection dies in about 45 seconds everytime.

        If I don't use OpenVPN and connect directly to any of those two pfsense firewalls console via ssh, everything works fine.

        So there is something in the OpenVPN maybe? But it's strange only the pfsense2 is doing it, not both of the nodes…

        1 Reply Last reply Reply Quote 0
        • G
          gabriiel last edited by

          Fixed by properly NAT-ing the requests:
          pfsense active - IP x.x.x.2/24
          pfsense standby - IP x.x.x.3/24
          pfsense CARP - IP x.x.x.1/24

          Create NAT Outbound:

          • Interface LAN_MGMT
          • Source - my client LANs
          • Destination - pfsense IP from above (subnet x.x.x.x/30)
          • NAT Address - LAN_MGMT address

          Works like charm.

          1 Reply Last reply Reply Quote 0
          • First post
            Last post