[SOLVED] SSH Port Forwarding unstable since update to 25.1.1

Started by davrot, February 24, 2025, 02:21:26 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 24, 2025, 02:21:26 AM Last Edit: February 24, 2025, 04:32:30 PM by davrot Reason: Problem was outside of the OpnSense realm.
I had a happy setup with a one firewall where I have ports forwarded to three ssh gateways. Everything worked fine. The users could work for hours over these connections.

Today I did an update to 25.1.1. Now these ssh connections are unstable with random lifetimes. The duration for how long the ssh connects are alive is between sub-seconds(I just see a "Last login: Mon Feb 24 01:26:46 2025 from X.X.X.X" and then dead) and a few minutes. Then I get a "client_loop: send disconnect: Broken pipe".

Also I went to system_advanced_firewall.php and tried Firewall Optimization with conservative, which makes not difference.   

The ssh gateways are happily doing their jobs. I have a second way into the network via a cisco anyconnect that skips the firewall. These ssh connections to the ssh gateways are stable.

I don't see anything in the Opnsense log files that even resembles an error. The firewall log also shows nothing special at all.

I am a bit out of ideas. Help? :-)   
February 24, 2025, 09:50:37 AM #1
This looks like a case of split routes.

Firewall: Advanced: Disable Reply-To ?


Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
February 24, 2025, 10:59:28 AM #2
Smells like an MTU issue to me, but I don't know why that would suddenly appear after an upgrade.
February 24, 2025, 04:31:01 PM #3
It looks like that they (the uni infrastructure) fucked up something upstream that confused the poor little OpnSense firewall. They rebooted their cisco equipment and now the ssh port forwarding is stable again.

Sorry! I haven't expected this kind of problem. Especially that it occurred at the same time...   
Print
Go Up Pages1
User actions