session / connection reset after apply settings (firewall or ipsec settings)



  • Hello,

    PFSense keeps resetting/clossing session each time I do a save action, especially on saving firewal rules / confirm quick rule, or saving ipsec changes.

    Besides the fact that I have to refresh the page, it also disconnect several services connected to the internet on other stations. .

    log says:
    nginx: 2019/01/25 13:13:02 [crit] 75924#100102: *36424 SSL_write() failed (SSL:) (13: Permission denied) while processing HTTP/2 connection, client: 192.168.xxx.xxx, server: 0.0.0.0:443
    ...

    pls help :)



  • Hi,

    Without even looking up the error (Google knows about it, I know) I do see "... write() failed ....". Interfaces stay up, right ? (just checking)

    If you had the default lock out rule activated :
    0_1548418660216_558c7a3a-7d18-40e8-9e38-1cc71eec98fe-image.png
    things will be easier on you.

    Btw : redoing rules means deleting them, and injecting new ones in the firewall (your talking LAN interface here, right ?) so, it's quiet normal states == session will go down.
    It's like repairing your car while driving. Strange things might happen.



  • that rule is activated already.

    Thing is that it kills for example skype connections that are already running. People have calls and they are being disconnected.

    Also .. I observed another thing: i have ntop service running, and after a "connection reset", that service is also going down. Pretty frustrating :).



  • @smokers said in session / connection reset after apply settings (firewall or ipsec settings):

    Thing is that it kills for example skype connections that are already running. People have calls and they are being disconnected.

    Yeah, like the old famous PABX : pulling the plug will get people disconnected.
    Stopping editing firewall rules should help, though.



  • observed that kills also active ssh connection. Also resets connection even when uninstalling a deactivated package . not only firewall related things. ... I'm gonna reset the thing an reset from scratch, because the unit did not acted like that.



  • True.
    I can edit my one and only LAN rule and save. That won't break my SSH connection at that moment.



  • I've reset the SG. Connection kills are gone. No longer nginx reports in system log.
    Is there another log that might help dig deeper? because just that error in system log didn't helped identifying the problem.


Log in to reply