1
23.1 Production Series / Facebook owned sites blocked when syncookies are used.
« on: May 28, 2023, 02:58:18 pm »
Facebook owned sites, including whatsapp.com, are effectively blocked when setting:
No other site seems to be affected.
Using Wireshark on the WAN connection from my Opnsense box to my modem shows that, with syncookies enabled, no response is obtained from facebook owned sites for the transmitted Opnsense reconstructed SYN.
I do not know whether facebook et al object to the constant tcp sequence number of 64240 as reported here: https://forum.opnsense.org/index.php?topic=34236.0 or because tcp options are removed from the SYN by the syncookie mechanism.
The problem is resolved by setting
Edited: Version is OPNsense 23.1.8-amd64
Code: [Select]
Firewall->Settings->Advanced->Enable syncookies = always
No other site seems to be affected.
Using Wireshark on the WAN connection from my Opnsense box to my modem shows that, with syncookies enabled, no response is obtained from facebook owned sites for the transmitted Opnsense reconstructed SYN.
I do not know whether facebook et al object to the constant tcp sequence number of 64240 as reported here: https://forum.opnsense.org/index.php?topic=34236.0 or because tcp options are removed from the SYN by the syncookie mechanism.
The problem is resolved by setting
Code: [Select]
Firewall->Settings->Advanced->Enable syncookies = none
Edited: Version is OPNsense 23.1.8-amd64