Messages

Saarbremer,

I really wish you had been right.  This evening I changed the LAGG from LACP to FAILOVER.  The idea being if I were to limit traffic to a single port and the problem goes away then there is 100% something going on with the LACP communication between the two device.  Sadly, the problem continues to persist even in FAILOVER mode so I don't think LACP is the issue.

After I bit more digging I did stumble across this gem - https://www.reddit.com/r/OPNsenseFirewall/comments/mcj800/tcp_connections_randomly_drop_every_30_seconds_or/.  Once I moved the pass rule to the floating rules section and set the state to sloppy I was able to keep an SSH connection active for 5 minutes.  I still need to do some more testing / investigating, cause if this has fixed it then it appears I have an asymmetric routing issue.

Thanks again for the help

Saarbremer - Thank you for your response.  Just to clarify the issue is with traffic that is internal ONLY.  Anything routing to the internet is not impacted.  As to your other questions VL10 and VL20 are both using LACP.  I've also included a screen shot of the LACP configuration from the switch below.  Lastly, in your previous post you requested firewall settings.  Is there something specific that you'd like to see?  The only reason I ask is there are several pages of settings (General, Logging, Miscellaneous, Tuneables, Administration, etc...) and if I knew what you wanted to see I could get you exactly what you are looking for.

Pass Rule:


VL20 Configuration:


VL10 Configuration:


LAGG Configuration:


Bonding on Switch:


Thanks again for the assist and let me know if there is any other information you'd like to see

[VERY]

I am running Opnsense 24.1.7 however this has been an issue for several years and I'm just now getting to the point where I'm admitting that I can't figure it out and looking for some assistance.  What is happening is a TCP connection from VLAN20 is making an SSH connection to a device in VLAN10.  The connection is established and everything works fine for about 30ish seconds and then the firewall starts blocking the connection.  This isn't unique to SSH.  I've see the same behavior with HTTP and HTTPS connections, however the issue is more easily reproducible using SSH so that is what I'll be focusing on.

Logs showing traffic being allowed both in an out on the respective VLANS and then denied after about 30ish seconds


Log Details:




Details of Block:


What I suspect is happening is happening is for some reason the firewall is VERY aggressively killing the tcp sessions.  A while back I found a setting in the Opnsense settings (don't remember what it was called) but it made the connection last longer (from 30ish seconds to around 10 minutes if I remember correctly).  Obviously is more of a band aide than a fix, so I'm wondering if anyone else has experienced issues like this or might have a clue about what's going on with my firewall?