Hello all,
i have recently updated to 23.1.r2 and i noticed that the option "Dynamic state reset" is no more available.
I have multiwan setup and the primary wan is a pppoe dynamic ip connection and a pbx with multiple voip providers.
Today i had a disconnection of the pppoe connection and the voip stopped working. (Previous versions with dynamic state reset after disconnect everything worked correctly).
Is there any similar option i need to enable?
Thank you
Hi keropiko,
Can you tell more about your setup? Especially WAN sides and IPv6 settings (if VOIP also goes over IPv6).
Dynamic state reset is a brute force approach, which does break multi-WAN cases quite considerably.
Commit in question: https://github.com/opnsense/core/commit/bb9abf86a4f95b2
Cheers,
Franco
Hi franco, thank you for the reply.
I have IPV6 disabled, don't use IPV6 for now.
I have a pppoe dynamic ip (though vdsl modem) as the main WAN connection, a WWAN connection through usb stick and a second slow wan connection through ethernet cable with static ip.
I have different priorities on every gateway (WAN 200, WWAN 201, WAN2 202) (for the default gateway to choose in case a gateway fails) and three gateway groups (with gateway down option for failover).
The pbx, has as gateway W1failoverW2, which means WAN ->WWAN-> WAN2.
until now, when a gateway disconnected or failed, after some seconds the voip started again to work (of course as you said, this option does break multi-WAN cases since after a gateway failed, some voip providers took longer to connect and mainly all the wan connections for every gateway and local network device i have, disconnected for some seconds, even the ones that had as gateway a different one from tha main.)
The important thing is that the voip continued to work after a while.
Also i think i have noticed that whatever gateway used to fail, apart dynamic ip or not, i always lose connectivity for a while once a gateway goes down.
Today with the new version, i had to manually reset the states of the pbx in order to recover telephony, even after hours of the disconnection of the main wan.
the firewall states are set to normal, not to conservative since i neved had any kind of problems.
(in the past, before the "reset states" option i used to have a script to the firewall that checked the external ip and if changed reloaded asterisk, but as solution it used to create me some problems and many times the pbx hanged,)
Couldn't this option be enabled for specific IPs only? like on ip change flush states of a specific client/IP
thank you
I have a similar issue. I have a IPv4 client which establishes a wireguard connection on his own to a remote server.
Whenever I reboot Opnsense the wireguard connection is stale forever. With 22.7 I mitigated this by enabling 'Dynamic state reset' which has been removed in 23.1. I now have to manually reset the state table to ensure after a reboot that everything works.
Quote from: schmuessla on January 26, 2023, 09:57:36 PM
I have a similar issue. I have a IPv4 client which establishes a wireguard connection on his own to a remote server.
Whenever I reboot Opnsense the wireguard connection is stale forever. With 22.7 I mitigated this by enabling 'Dynamic state reset' which has been removed in 23.1. I now have to manually reset the state table to ensure after a reboot that everything works.
Have you enabled the Cron job for restarting stale WG tunnels?
The wireguard client is not running on opnsense itself, so from opnsense perspective it's just a ordinary UDP connection. The cronjob I can see is for the IP change problem if the far endpoint changes its IP, but that shouldn't matter here.
Quote from: keropiko on January 20, 2023, 04:28:56 PM
Couldn't this option be enabled for specific IPs only? like on ip change flush states of a specific client/IP
thank you
I had this problem in the past and also wanted to do something like that.
Now, since my "dynamic" IP have not changed for a long time I didn't experienced disconnections again, but I'd also like some option like flushing some states based on wan address change or, better, an alias change.
Same here, please see https://github.com/opnsense/core/issues/4652