Problems with Firewall & SYN_SENT states
I've been using pfSense for the past year for connecting 2 sites with an Openvpn tunnel using PKI security. Everything works fine 99.95% of the time; except on some occassions I have a TCP application at the remote site that connects to W2K3 server driven application. Whenever the server service is restated it would drop the client connection and even though the client is set to auto re-connect this is often a huge problem.
On investigating in pfSense I have notice states on both routers listed as SYN_SENT. after resetting both state tables a couple of times the client is finally able to re-connect but the real problem is that manual intervention is required for this. I have tried using the different states options on my default lan rule "Any - Any Pass" but with no luck. Also tried UDP and TCP type tunnels with no success.
Remote Site …
LAN = 172.21.20.14/24
WAN = 10.10.10.2/24
OVPN Int =IP 192.168.20.2 (192.168.20.0/24)
Host Site ....
LAN = 172.21.10.14/24
WAN = 10.10.10.1/24
OVPN Int = 192.168.20.1 (192.168.20.0/24)
Custom options = push "redirect-gateway local def1"
Let me know if any other info is required. Can send config file if required.