1
24.1 Production Series / Re: TCP resets randomly Opnsense 24.1.4
« on: Today at 07:39:50 pm »
Interesting. I saw something very similar today.
In my case tcp connections were being initiated by Unbound within OPNsense towards port 853 of Quad9 (9.9.9.9) so:
* SYN from OPNsense to port 853 of Quad9
*SYN+ACK from Quad9 to OPNsense
*RST+ACK from OPNsense to Quad9.
To help track down the cause I activated a series of firewall traces including one on the last encounterd rule (pass) on the outgoing WAN interface. The PF logs showed that the outgoing connection was passed.
At the time I was restructuring my firewall rules making use of firewall groups and tags. I didn't have to time to track down the problem so I backed up the borked OPNsense config and restored a previously working configuration. I'll have another go when I have some free time.
I find it very odd that the PF logs show the connection as PASSed and yet the RST+ACK was being sent by Unbound/OPNsense. Very odd.
By the way, in my case all connections to Quad9 were impacted not just random.
I use OPNsense v 24.4.
In my case tcp connections were being initiated by Unbound within OPNsense towards port 853 of Quad9 (9.9.9.9) so:
* SYN from OPNsense to port 853 of Quad9
*SYN+ACK from Quad9 to OPNsense
*RST+ACK from OPNsense to Quad9.
To help track down the cause I activated a series of firewall traces including one on the last encounterd rule (pass) on the outgoing WAN interface. The PF logs showed that the outgoing connection was passed.
At the time I was restructuring my firewall rules making use of firewall groups and tags. I didn't have to time to track down the problem so I backed up the borked OPNsense config and restored a previously working configuration. I'll have another go when I have some free time.
I find it very odd that the PF logs show the connection as PASSed and yet the RST+ACK was being sent by Unbound/OPNsense. Very odd.
By the way, in my case all connections to Quad9 were impacted not just random.
I use OPNsense v 24.4.