Facebook owned sites blocked when syncookies are used.

Started by sja1440, May 28, 2023, 02:58:18 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 28, 2023, 02:58:18 PM Last Edit: May 28, 2023, 03:06:13 PM by sja1440
Facebook owned sites, including whatsapp.com, are effectively blocked when setting:
Code Select
Firewall->Settings->Advanced->Enable syncookies = always

No other site seems to be affected.

Using Wireshark on the WAN connection from my Opnsense box to my modem shows that, with syncookies enabled, no response is obtained from facebook owned sites for the transmitted Opnsense reconstructed SYN.

I do not know whether facebook et al object to the constant tcp sequence number of 64240 as reported  here: https://forum.opnsense.org/index.php?topic=34236.0 or because  tcp options are removed from the SYN by the syncookie mechanism.

The problem is resolved by setting
Code Select
Firewall->Settings->Advanced->Enable syncookies = none

Edited: Version is OPNsense 23.1.8-amd64
Print
Go Up Pages1
User actions