Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange tcp state timeouts over openvpn

    Scheduled Pinned Locked Moved NAT
    1 Posts 1 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      bobwondernut
      last edited by

      Howdy:

      I recently upgraded from 2.0-RC3 to 2.0-RELEASE on a box that receives a lot of UDP traffic from thousands of sources, as a public stratum 0 timeserver lives behind this firewall.

      There's also a number of OpenVPN instances running on the same firewall.  I've noticed that since upgrading to -RELEASE, idle ssh sessions seem to timeout after 60m or so.  I've had the firewall optimization rule set to conservative in both releases, and even went so far as to see if a custom firewall rule on the openvpn interface for ssh with a very large tcp timeout value would fix the issue.  Neither has.  If I leave an ssh session up running top or something with periodic data transfer there's no timeout.

      I've tested with both a pfsense 2.0 site to site openvpn connection and via openvpn "dialup" clients including linux commandline and viscosity.  They all exhibit the problem.

      It's happening on multiple hosts/instances inside the firewall, but just to be sure the host wasn't the problem I placed one outside the firewall on a public IP and left a session open and idle for 24h.  It was still valid the next day.

      Any ideas?  Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.