Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange hangs/disconnects after upgrade from 23->24 on ssh/rdp

    Firewalling
    2
    4
    151
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • J
      j.koopmann
      last edited by j.koopmann

      Hi,

      after many months without problems I decided to upgrade to 24.03 a few days ago. At first I noticed ssh sessions dropping when using sshuttle but have not payed too much attention on it.

      However now I am seeing hanging/freezing RDP sessions every few seconds resulting in the RDP session dropping and being reinitialized which basically leaves me without a working setup.

      These sessions are going through an IPSEC tunnel. Wiresharking on my Mac shows that the moment the connection is freezing I am seeng TCP retransmissions in that RDP sessions then after a while a bit of data is flowing and the Client sending a TCP RST and a new session initialization. This happens on a Windows RDP client (running in my Parallels) as well.

      I have updated to 15.1 (from Mac 15.0) recently but cannot recall having problems until I updated pfsense. Is there anything known? I decreased the MTU on the IPSEC interface just in case to 1400 but am having the same problems. I am currently at a los.

      Pings in parallel are working great. The IPSEC tunnel appears to be very stable.

      I also reduced the MTU of my client to 1300 and am seeing the same problem.

      Any ideas?

      J 1 Reply Last reply Reply Quote 0
      • J
        j.koopmann @j.koopmann
        last edited by

        Just tried it from another PC (Windows). Exactly the same problem. This is for several IPSEC tunnels to different endpoints (OPNSense and Palo Alto). So the only common point is the pfsense and its update (assuming that the fibre behind that line is stable but I am not seeing any problems whatsoever in other connections, downloads etc. even not to the points behind the IPSEC tunnel).

        1 Reply Last reply Reply Quote 0
        • jimpJ
          jimp Rebel Alliance Developer Netgate
          last edited by

          If they are VTI tunnels, the most likely culprit is the change of default from floating to interface-bound states.

          Install the System Patches package and then apply all of the available patches for 24.03, then reboot.

          See also: https://redmine.pfsense.org/issues/15606

          Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

          Need help fast? Netgate Global Support!

          Do not Chat/PM for help!

          J 1 Reply Last reply Reply Quote 0
          • J
            j.koopmann @jimp
            last edited by

            @jimp Dude... You... are.... an... angel!!!!

            I totally missed this and would never have thought of looking for this. You nailed it.

            I just tried some scps just to see that uploading through the ipsec tunnel immediately failed and was suspecting my fibre provider etc. It was exactly as you suggested. Applying the patches and rebooting brought be back to a workable state and most likely will have solved my sshuttle problems as well.

            I honestly cannot thank you enough! Well done mate!

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.