Home
Help
Search
Login
Register
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Disable sshlockout ?
« previous
next »
Print
Pages: [
1
]
Author
Topic: Disable sshlockout ? (Read 8293 times)
x12MIke
Newbie
Posts: 1
Karma: 0
Disable sshlockout ?
«
on:
April 16, 2019, 11:32:01 pm »
Greetings,
I've been trying to find a solution to this, and haven't, so I wanted to inquire. Since the 19.x upgrade, one of my VPN tunnels has been HORRIBLY unstable. To bandaid things, I created a basic script to check if the tunnel is up. If it's not, it ssh's to the opnsense box, and restarts strongswan and unbound.
The issue, is that my workstation that runs the strongswan check script keeps getting added to this sshlockout table, and therefore my bandaid fails.
To my understanding there are automated rules to make sure the LAN side is not locked out, however that doesn't seem to work across VLAN's. My default LAN is not on re1 or re0, it's on a VLAN of re0. It appears the "Anti-Lockout Rule" can't be bound to a VLAN?
Ideally, I'd like to stabilize Strongswan on my box, however nothing changed on the other side of the tunnel. The instability arrived after the 19.x upgrade, so I am led to believe the instability is on my end.
I'm not familiar with how to file a bug report for the strongswan thing, if we can, so I figured I'd start in the forums and see where it leads
Logged
bewue
Newbie
Posts: 35
Karma: 3
Re: Disable sshlockout ?
«
Reply #1 on:
April 17, 2019, 09:17:44 pm »
1. I think for the sshlockout table only failed SSH logins get counted. Thus you should check your script.
2. The sshlockout rule is evaluated before the anti-lockout rule, thus the anti-lockout rule has no effect here.
I don't think there's an switch to disable the sshlockout function.
Anyway you can remove IPs from the sshlockout table -> Firewall: Diagnostics: pfTables
«
Last Edit: April 17, 2019, 09:19:15 pm by bewue
»
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
Archive
»
19.1 Legacy Series
»
Disable sshlockout ?