OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • TCP resets randomly Opnsense 24.1.4
« previous next »
  • Print
Pages: [1]

Author Topic: TCP resets randomly Opnsense 24.1.4  (Read 453 times)

greenych

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
TCP resets randomly Opnsense 24.1.4
« on: May 16, 2024, 04:34:41 pm »
Hi mates, we have a strange behavior with tcp sessions as it randomly resets by Opnsense(if I understand correctly from tcpdump).  I have captured WAN and LAN interfaces simultaneously and have found some interesting thing, host A(behind WAN) sends SYN, host B(behind LAN) receives SYN and answers with SYN/ACK and suddenly gets RST from host A. But in actual host A doesn't send RST(there is no such packet in capture on interface WAN and TTL=64), also SYN/ACK from host B doesn't comes on interface WAN. Problem appears randomly and I can't find any dependancies with time of a day and resource and channel utilization, maybe someone can suppose what can cause such behavior?
Logged

sja1440

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 6
    • View Profile
Re: TCP resets randomly Opnsense 24.1.4
« Reply #1 on: May 16, 2024, 07:39:50 pm »
Interesting.  I saw something very similar today.

In my case tcp connections were being initiated by Unbound within OPNsense towards port 853 of Quad9 (9.9.9.9) so:
* SYN from OPNsense to port 853 of Quad9
*SYN+ACK from Quad9 to OPNsense
*RST+ACK from OPNsense to Quad9.
To help track down the cause I activated a series of firewall traces including one on the last encounterd rule (pass) on the outgoing WAN interface.  The PF logs showed that the outgoing connection was passed.

At the time I was restructuring my firewall rules making use of firewall groups and tags. I didn't have to time to track down the problem so I backed up the borked OPNsense config and restored a previously working configuration.  I'll have another go when I have some free time.

I find it very odd that the PF logs show the connection as PASSed and yet the RST+ACK was being sent by Unbound/OPNsense. Very odd.

By the way, in my case all connections to Quad9 were impacted not just random.

I use OPNsense v 24.4.

« Last Edit: May 16, 2024, 07:45:48 pm by sja1440 »
Logged

sja1440

  • Jr. Member
  • **
  • Posts: 86
  • Karma: 6
    • View Profile
Re: TCP resets randomly Opnsense 24.1.4
« Reply #2 on: May 17, 2024, 12:53:54 pm »
I discovered that I had mistakenly applied the rules of one group to both a vlan and the underlying ethernet interface. This is a Bad Idea and, I believe, might well have been the cause of my problem.

If it turns out that I still have the problem then I'll be back here.
Logged

greenych

  • Newbie
  • *
  • Posts: 2
  • Karma: 0
    • View Profile
Re: TCP resets randomly Opnsense 24.1.4
« Reply #3 on: May 17, 2024, 02:05:30 pm »
In my case there are no groups, I try to find reasons why firewall can intercept TCP session and answer with RST and only one I have found is denying rule
Logged
  • Print
Pages: [1]
« previous next »
  • OPNsense Forum »
  • English Forums »
  • 24.1 Legacy Series »
  • TCP resets randomly Opnsense 24.1.4
 

OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2