4. Strange tcp state timeouts over openvpn

Strange tcp state timeouts over openvpn

  • B

    Howdy:

    I recently upgraded from 2.0-RC3 to 2.0-RELEASE on a box that receives a lot of UDP traffic from thousands of sources, as a public stratum 0 timeserver lives behind this firewall.

    There's also a number of OpenVPN instances running on the same firewall.  I've noticed that since upgrading to -RELEASE, idle ssh sessions seem to timeout after 60m or so.  I've had the firewall optimization rule set to conservative in both releases, and even went so far as to see if a custom firewall rule on the openvpn interface for ssh with a very large tcp timeout value would fix the issue.  Neither has.  If I leave an ssh session up running top or something with periodic data transfer there's no timeout.

    I've tested with both a pfsense 2.0 site to site openvpn connection and via openvpn "dialup" clients including linux commandline and viscosity.  They all exhibit the problem.

    It's happening on multiple hosts/instances inside the firewall, but just to be sure the host wasn't the problem I placed one outside the firewall on a public IP and left a session open and idle for 24h.  It was still valid the next day.

    Any ideas?  Thanks in advance.

    0
Log in to reply
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2019 Rubicon Communications, LLC | Privacy Policy