1. Home
  2. pfSense® Software
  3. NAT
  4. Strange tcp state timeouts over openvpn

Strange tcp state timeouts over openvpn

  • B

    Howdy:

    I recently upgraded from 2.0-RC3 to 2.0-RELEASE on a box that receives a lot of UDP traffic from thousands of sources, as a public stratum 0 timeserver lives behind this firewall.

    There's also a number of OpenVPN instances running on the same firewall.  I've noticed that since upgrading to -RELEASE, idle ssh sessions seem to timeout after 60m or so.  I've had the firewall optimization rule set to conservative in both releases, and even went so far as to see if a custom firewall rule on the openvpn interface for ssh with a very large tcp timeout value would fix the issue.  Neither has.  If I leave an ssh session up running top or something with periodic data transfer there's no timeout.

    I've tested with both a pfsense 2.0 site to site openvpn connection and via openvpn "dialup" clients including linux commandline and viscosity.  They all exhibit the problem.

    It's happening on multiple hosts/instances inside the firewall, but just to be sure the host wasn't the problem I placed one outside the firewall on a public IP and left a session open and idle for 24h.  It was still valid the next day.

    Any ideas?  Thanks in advance.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy