Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Sticky Connections Broken
« previous
next »
Print
Pages: [
1
]
Author
Topic: Sticky Connections Broken (Read 4788 times)
joer
Newbie
Posts: 16
Karma: 1
Sticky Connections Broken
«
on:
September 27, 2016, 10:10:19 am »
Currently running 16.7.4 - prior to this sticky connections worked fine but now it seems to be broken - users logging in to websites keep getting logged out, which is the behaviour we experienced before turning on sticky connections. To try and get around I have a firewall rule for LAN set to route all 443 traffic through WAN1 which works for some websites but not others.
Logged
franco
Administrator
Hero Member
Posts: 17668
Karma: 1611
Re: Sticky Connections Broken
«
Reply #1 on:
September 29, 2016, 08:06:09 am »
Hi joer,
We need to know two things here:
(a) Narrow down "prior". Was it 16.7.3 or another version?
(b) Check if "sticky-address" is in the /tmp/rules.debug file -- if it is not the firmware disabled it due to a gateway condition.
Cheers,
Franco
Logged
joer
Newbie
Posts: 16
Karma: 1
Re: Sticky Connections Broken
«
Reply #2 on:
October 18, 2016, 05:27:58 pm »
Sorry for the late reply - turned out to be something else entirely.
We do seem to have some other weird problems with gateways though.
If a gateway's status is shown as 'Unknown' (like after first boot), I have to manually restart the apinger service to get a proper status to show (It's been an issue over several versions of opnsense and on several pieces of hardware). The behaviour we've noticed is that on a multi-wan setup this makes the connection with 'Unknown' status get ignored within a gateway group until the next restart of the apinger service. This doesn't allow our box to run autonomously i.e. if we have a power or intermittent line failure someone has to log into opnsense and keep restarting the apinger service to make sure we have 'online' status at all times, effectively making it a manual failover.
Also when we started investigating the problem further we discovered that if we disable all gateways and reboot opnsense the gateways show as disabled but they remain enabled (i.e. traffic still flows like we didn't disable them); this can't be right. It's as though the gateway group feature undermines the individual gateway's 'disabled' status. If this is intentional behaviour, is it possible to have an option to disable the group?
Are these known issues?
«
Last Edit: October 18, 2016, 05:34:42 pm by joer
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
16.7 Legacy Series
»
Sticky Connections Broken