4. HTTP - Server Timeouts

HTTP - Server Timeouts

  • A

    I've posted this previously in the Packages group, with no responses.  Thiought I'd try the general group, if this fails may stump for commercial support…..

    We have a pfSense 2.1 firewall, running Squid 2.6.18.1_07.  The unit has one lan, two load-balanced wan interfaces and a third enabled interface (bridged with LAN) that connects to an external VPN device.

    Occasionally http connections to certain servers on the VPN connection fail with server timeout messages from Squid.  We are able to ping the servers over the VPN, even though the we get HTTP time outs.  If we disable/enable the VPN connected interface http connectivity is restored to the sites.

    Has anyone come across this type of issue before or have any suggestions as to a possible solution.

    Andy

    0
  • C

    If restarting the VPN solves the problem then it's unlikely to be Squid related.  The problem is most likely network related, though without packet captures (at both ends) it'll be hard to say.

    0
  • A

    I would only be able to get a packet capture from one end of the connection (pfSense).

    What level of packet capture be useful?

    0
  • C

    The far end is the important bit.  What you do is to put a packet capture device on the far end, configured to log traffic to the web servers on HTTP.  When you get the timeouts you can check the capture and see if the packets made it through the VPN.

    If they did, your problem is at the far end.  If they didn't, the problem is before that point and you can repeat the process at the near side of the VPN link.

    0
  • A

    I see what you mean, unfortunately it's not possible to packet capture at the remote end.

    If I capure in pfSense, with a Count of 0, will it loop the logs at a certain point? Also, will these logs be any use to me for examination?

    Andy

    0
  • C

    Not sure about the packet capture in pfSense.  Captures from that end may help, they may not.  If it's all you can do then it's worth trying.

    0
  • A

    I run some network monitoring software  (Hobbit), that I should be able to perform some captures from.

    I'll have a check on Monday.

    0
  • C

    Umm, Hobbit (now Xymon) is for monitoring the health of systems, not performing packet captures.  Indeed, it has no packet capture facilities.

    0
  • A

    Sorry, I meant that I would run a capture from the system that's running Hobbit.

    PS - Didn't realise that Hobbit is now Xymon - I'll look at the new version :)

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy