Strange tcp state timeouts over openvpn



  • Howdy:

    I recently upgraded from 2.0-RC3 to 2.0-RELEASE on a box that receives a lot of UDP traffic from thousands of sources, as a public stratum 0 timeserver lives behind this firewall.

    There's also a number of OpenVPN instances running on the same firewall.  I've noticed that since upgrading to -RELEASE, idle ssh sessions seem to timeout after 60m or so.  I've had the firewall optimization rule set to conservative in both releases, and even went so far as to see if a custom firewall rule on the openvpn interface for ssh with a very large tcp timeout value would fix the issue.  Neither has.  If I leave an ssh session up running top or something with periodic data transfer there's no timeout.

    I've tested with both a pfsense 2.0 site to site openvpn connection and via openvpn "dialup" clients including linux commandline and viscosity.  They all exhibit the problem.

    It's happening on multiple hosts/instances inside the firewall, but just to be sure the host wasn't the problem I placed one outside the firewall on a public IP and left a session open and idle for 24h.  It was still valid the next day.

    Any ideas?  Thanks in advance.


Locked