Show Posts
1
19.1 Legacy Series / Disable sshlockout ?
« on: April 16, 2019, 11:32:01 pm »
Greetings,
I've been trying to find a solution to this, and haven't, so I wanted to inquire. Since the 19.x upgrade, one of my VPN tunnels has been HORRIBLY unstable. To bandaid things, I created a basic script to check if the tunnel is up. If it's not, it ssh's to the opnsense box, and restarts strongswan and unbound.
The issue, is that my workstation that runs the strongswan check script keeps getting added to this sshlockout table, and therefore my bandaid fails.
To my understanding there are automated rules to make sure the LAN side is not locked out, however that doesn't seem to work across VLAN's. My default LAN is not on re1 or re0, it's on a VLAN of re0. It appears the "Anti-Lockout Rule" can't be bound to a VLAN?
Ideally, I'd like to stabilize Strongswan on my box, however nothing changed on the other side of the tunnel. The instability arrived after the 19.x upgrade, so I am led to believe the instability is on my end.
I'm not familiar with how to file a bug report for the strongswan thing, if we can, so I figured I'd start in the forums and see where it leads
I've been trying to find a solution to this, and haven't, so I wanted to inquire. Since the 19.x upgrade, one of my VPN tunnels has been HORRIBLY unstable. To bandaid things, I created a basic script to check if the tunnel is up. If it's not, it ssh's to the opnsense box, and restarts strongswan and unbound.
The issue, is that my workstation that runs the strongswan check script keeps getting added to this sshlockout table, and therefore my bandaid fails.
To my understanding there are automated rules to make sure the LAN side is not locked out, however that doesn't seem to work across VLAN's. My default LAN is not on re1 or re0, it's on a VLAN of re0. It appears the "Anti-Lockout Rule" can't be bound to a VLAN?
Ideally, I'd like to stabilize Strongswan on my box, however nothing changed on the other side of the tunnel. The instability arrived after the 19.x upgrade, so I am led to believe the instability is on my end.
I'm not familiar with how to file a bug report for the strongswan thing, if we can, so I figured I'd start in the forums and see where it leads