Connection time-out 900s - State violatie rule

Started by Mwason, April 12, 2024, 01:56:46 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 12, 2024, 01:56:46 PM
Hello,

I have a setup with multiple VLAN's.
They all can connect to the 'main'vlan by a floating rule.

Connections can be made but after 900s (since Firewall mode conservative active, in normal-mode much earlier!) the connections time-out and are blocked by 'Default deny/state violation rule'.
But are rebuild directly after accepted by the 'floating rule'.
(see attachment)

How can I prevent the connection to time-out and/or being blocked.

Looking forward at your suggestions...

Mwason
April 12, 2024, 02:05:11 PM #1
What type of connections? Can you enable some sort of keepalive? E.g. in SSH?
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
April 12, 2024, 03:51:36 PM #2
Via TCP they connect to a adress at port 30300.
There is only temporarely traffic but the connection should stay open...
April 12, 2024, 04:28:27 PM #3
OPNsense will timeout any connection if there is no packet flow. Either implement keepalive on the application side or disable state tracking for these rules. IIRC that means you need a reverse rule for the packets to flow in both directions. Never needed this so far.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
Print
Go Up Pages1
User actions