OPNsense Forum

English Forums => General Discussion => Topic started by: raspberryswirl2 on February 27, 2018, 07:43:22 am

Title: same subnet / strange connection loss ssh
Post by: raspberryswirl2 on February 27, 2018, 07:43:22 am

Hi!

I am new to opnsense, it is a great product.
I recently noticed, that running ssh on the same subnet brings me to connection interruption with ssh -
I changed allready Firewall Optimization to conservative, in FW -> Settings -> Advanced
regarding to this post
https://servernetworktech.com/2013/05/pfsense-vlans-and-ssh-disconnects/
and it is better working!
Today also in Settings -> Normalization
 IP Do-Not-Fragment   
and now testing again)

Does anybody has another hint, to improove this issue?
thank you
rasp

Title: Re: same subnet / strange connection loss ssh
Post by: franco on February 28, 2018, 08:53:43 am

You have a loophole in your network. Some SSH traffic hits the firewall, while the other traffic goes directly to the server. This creates a problem for state tracking: it can't be done because packets are missing and the connection is terminated by the firewall for security reasons.

A switch plugged to your LAN port should fix this so that no internal LAN traffic reaches the firewall.


Cheers,
Franco

Title: Re: same subnet / strange connection loss ssh
Post by: raspberryswirl2 on February 28, 2018, 07:49:37 pm

Hi Franco!

thank you! i thought about that. And as you explained, I did this - there is still a switch between the FW and the rest - BUT: I am using a virtual IP as the default GW in the same network. could that be the problem? Or a bridge i put over the WAN?

best regards
jonathan

Title: Re: same subnet / strange connection loss ssh
Post by: franco on March 01, 2018, 09:52:58 am

Hi Jonathan,

Could be the bridge, but can't say for sure. Maybe traffic is appearing twice and that confuses the state tracking.


Cheers,
Franco