Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SSH connection lag/drop

    General pfSense Questions
    1
    2
    313
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      ki3den
      last edited by

      I just set up my 1100G and I have two cisco switches that connect to each other. I'll try to explain the setup:

      ATT Gateway > 1100G > 1st Cisco Switch > 2nd Cisco Switch

      The first is in the garage with the gateway, the 2nd is in my office.

      Before I had the 1100G configured, I had IPs on my switches on the same network as my host machine (lets say 192.168.1.0/24). They were on VLAN 30, my "wired" network.

      I was able to ssh into those switches just fine, no issues.

      Now, I have VLAN 20 setup as my management network. IP range is 10.0.0.0/24. VLAN 30 is now 172.16.30.0/24.

      In pfsense, I created the vlans in the interface assignment screen as well as the switch interface screen. Networking seems to be working just fine across VLANs. I currently allow all traffic from both the Management interface and the Wired interface.

      However, now when I ssh into the Cisco switches (across pfsense) from 172.16 to 10.0 nets, the connection establishes, I am able to login, but a few (maybe like 20?) seconds after I enable in the switch, the connection lags out for about 10 seconds and then drops.

      I was connecting thru puTTY at first, which didn't really give me any feedback as to why the drop was happening. I have since edited my ssh config on my windows laptop to include the supported Cisco diffie-helman exchange and the rsa-cbc crypto that the cisco switches support; and now I'm able to log in directly from windows. So, the error message I get is this: client_loop: send disconnect: Connection reset

      If I re-add the IPs to VLAN 30 (in the correct address space) on the switches, I am again able to log in to the switches via ssh just fine, with no drop in connection.

      I am not sure where to look to fix this.

      K 1 Reply Last reply Reply Quote 0
      • K
        ki3den @ki3den
        last edited by ki3den

        @ki3den

        I figured it out :) well, with some help from r/Networking, a mod there explained a bit about asymmetrical routing that I had forgot about - the switch is aware that the client device is directly connected, so it sends packets direct to the other device (?) I suppose. So that's why I was getting login/feedback from the switch in my session. But, this caused the state in the firewall to drop/timeout.

        The underlying issue was... that I forgot the dang default gateway on the switches lmao 😲

        edit: and, I still had both IPs on the switches.

        1 Reply Last reply Reply Quote 0
        • S SteveITS referenced this topic on
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.