TCP issue inside the tunnel
-
Hello
I got 1 tunnel between 2 sites.
Main Site A 10.0.200.0/24
Site B 10.9.96.0/24I have been trying to set up Rudder.io and Icinga on a server at 10.9.96.4 which needs to reach 10.0.200.0/24 with TCP.
other servers at 10.0.200.0/24 work just fine with Rudder and Icinga, so I know the issue is not an application issue.my log looks like critical/TcpSocket: Invalid socket:
There is any:any rules at both pfsense A and B,
UDP and Icmp works just fine. im 100% lost any idea´s?
-
Hey
Need to see what show
/diagnostics/ packet capture
Interface Lan
Host 10.9.96.4
Protocol tcp
Port tcp port incigaand we still need a file (download capture)
-
-
@monster4000
The that in sight
Is immediately reset the connection
This error often occurs when the TCP port is closed
There may be a firewall (10.9.96.4) that reject connectionsCapture Site B
Capture Site -A
-
Hello
That seems strange to me:
SiteB
SiteA
There is no firewall active on the linux servers.
-
There may be a firewall that drops connections (host 10.9.96.4)
This host (10.0.96.4) is configured to accept connections only from specific networks ?
-
Hello
i´ve have already check 10.9.96.4 for a firewall there is none.
also tested with a fresh ubuntu machine it´s the sameroot@pmg:~# iptables --list Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination
-
@monster4000
I meant that Icinga is configured to accept connections only from certain networks
-
Hello
never heard of that, it uses ssl to check, but Rudder is using the network and have added that to the list :(
-
@monster4000 said in
There is still such an idea
-
mss clamping (both sides)
VPN/IPsec/Advanced Settings
-
System/Advanced/Networking (both sides)
-
-
Hello
MSS seem to done the trick, what is MMS?
I already had the other change due to proxmox kvm
-
Hello
Just noticed it breaks large packets of UDP :( hopefully we will get fix soon.
https://redmine.pfsense.org/issues/7801