TCP connection timeout problems
-
Hi,
We've been working with the 2.1 beta and have been experiencing some problems with long lived TCP sessions timing out. It seems to be the case that both inbound and outbound TCP sessions seem to go away after 15 minutes has passed on the next :00 :15 :30 and :45 and then on every :00 :15 :30 :45.A major problem with that for us is that inbound OpenVPN sessions (running in TCP mode) are killed every 15 minutes as well as large file downloads that get killed after 15 minutes. Obviously these sessions should not be timing out as they are carrying active traffic.
One, perhaps strange, consideration in our setup is that we have both IPv4 and IPv6 (native, not tunneled) but the IPv4 traffic has to leave on a different interface than the IPv6 traffic. More specifically IPv4 traffic is exiting on em1 and IPv6 traffic is exiting on em0_vlan301.
Any suggestions? Thanks!
-
Check your system logs, on the main system tab as well as the Gateways tab.
It sounds like the states are getting cleared because a gateway is shown as down, or something similar to that.
-
Good hunch, our IPv4 gateway is shown as down even though it is not. I'm assuming the gateway checks are done via ping? That is blocked on this upstream gateway and unfortunately I am not the admin for that system and am unable to get ICMP echos enabled on it.
Thanks!
-
Yep, you can either disable gateway monitoring, or disable the state killing option under System > Advanced on the Misc tab
-
Good hunch, our IPv4 gateway is shown as down even though it is not. I'm assuming the gateway checks are done via ping? That is blocked on this upstream gateway and unfortunately I am not the admin for that system and am unable to get ICMP echos enabled on it.
Thanks!
You might like to try one of these for monitoring: 8.8.8.8 or 8.8.4.4 or 4.2.2.1,2,3 (look them up!) They are all very reliable and reasonably local to "anywhere".
Cheers
Jon -
I found the setting for disabling state killing and that took care of it.
Thanks!
-Ben