SSH session disconnect, fragmenteg packets blocked.

Reply to SSH session disconnect, fragmenteg packets blocked. on Fri, 22 Jul 2011 13:15:42 GMT

MrKoen — Fri, 22 Jul 2011 13:15:42 GMT

Thanks for these incredible pointers guys! I've been experiencing MANY problems with this in the past months. Never was able to figure it out. It actually only occurred for all IPv6 traffic between two VLANs on my network being connected via pfSense. Since IPv6 traffic is prioritized over IPv4 traffic, when connecting using DNS or NETBIOS names instead of an explicit IPv4 address, it would always cause trouble. It wasn't just one protocol, it was with every protocol and every type of traffic (i.e. RDP, filesharing over NETBIOS, streaming audo, SSH sessions). Very irritating. Strange that it didn't occur with IPv4 traffic though. Switching the setting at System -> Advanced -> Firewall/NAT -> Firewall Optimization Options to conservative solved it all. And increased memory usage? Its still at 5% of the 4GB of RAM the machine is equipped with, just like it was before :)

Thanks!!

Reply to SSH session disconnect, fragmenteg packets blocked. on Fri, 01 Apr 2011 20:17:45 GMT

d_mito — Fri, 01 Apr 2011 20:17:45 GMT

My opinion is that SSH should work without troubles and in default configuration.

It works everywhere, it's standard I think, so why not here?
I was ready to switch to another solution for routing and firewalling….......
But because I'm curios and like pfsence delay for 3-4 days is nothing. 8)

Reply to SSH session disconnect, fragmenteg packets blocked. on Fri, 01 Apr 2011 20:04:28 GMT

clarknova — Fri, 01 Apr 2011 20:04:28 GMT

I'm not familiar with the specifics behind the firewall optimization options, or why normal works for some and others have to use conservative. Perhaps it has to do with the way your ssh client or server is configured.

Personally I use conservative optimization because I have no shortage of RAM, and as a voip user I don't want to risk having the firewall drop any calls (or games, etc).

Reply to SSH session disconnect, fragmenteg packets blocked. on Fri, 01 Apr 2011 20:01:24 GMT

d_mito — Fri, 01 Apr 2011 20:01:24 GMT

HAH :)

It's working now!
Thanks a lot for your help…

Only strange why it's doing this in normal behavior??? And only to routed packets
SSH to any interface of pfsense is working well.

Anyway thank you!

Reply to SSH session disconnect, fragmenteg packets blocked. on Fri, 01 Apr 2011 19:38:01 GMT

clarknova — Fri, 01 Apr 2011 19:38:01 GMT

Try Conservative optimization, and maybe turn on the first option on that page.

Reply to SSH session disconnect, fragmenteg packets blocked. on Fri, 01 Apr 2011 18:53:40 GMT

d_mito — Fri, 01 Apr 2011 18:53:40 GMT

Already changed this values:

Disable Firewall Scrub
Hardware Checksum Offloading
Hardware TCP Segmentation Offloading

But it doesn't help. Sometimes instead TCP:PA, blocked TCP:R
and the same result, I can login do something and my session is broken.

Anything else that can help????

Reply to SSH session disconnect, fragmenteg packets blocked. on Fri, 01 Apr 2011 17:44:48 GMT

clarknova — Fri, 01 Apr 2011 17:44:48 GMT

If it were me I would try changing some of the options on the System: Advanced: Firewall and NAT page.