English Forums > Intrusion Detection and Prevention
[solved] Problem with inbound TLS connection
(1/1)
Hunduster:
Hello everyone,
I have a problem with one of my mail gateways behind an OPNsense and two Internet connections.
WAN 1 - COLT fiber
WAN 2 - Vodafone DOCSIS
Both connections have fixed IP addresses. On each OPNsense, a static IP is entered on the WAN interfaces and the remaining IP addresses are created as CARP.
I have two mail gateways behind the firewall, where port 25 is forwarded to the gateways via DNAT. One CARP IP is forwarded to gateway 1 and one CARP IP to gateway 2. The rules are otherwise identical.
The whole thing works perfectly with the COLT connection. With the Vodafone connection, I cannot establish a TLS connection, only plain. With various TLS checks I always get the same error message:
--- Code: ---Cannot convert to SSL (reason: SSL wants a read first)
--- End code ---
So something is really messing up here.
I have already deactivated all possible security features such as IPS/IDS and Zenarmour. It's no use. The logs also show nothing. Firewall and DNAT rule let all packets through.
I'm slowly running out of ideas where else to look.
Hunduster:
You won't believe it, but restarting the master node solved the problem. I double and triple checked everything for two days and then the ::)
Hunduster:
--- Quote from: Hunduster on March 01, 2024, 05:21:26 pm ---You won't believe it, but restarting the master node solved the problem. I double and triple checked everything for two days and then the ::)
--- End quote ---
No, it has not been solved. Now, after a few minutes of mastering, I have the same error again :-(
Hunduster:
It's always the little things that make a big difference! :D I have now been able to find out exactly what the problem was: MTU.
With our old firewall, I had set up an MTU of 1412 on the Vodafone connection. I had stupidly adopted this with OPNsense.
Now that I have set the MTU back to 1500, it is stable on all firewall nodes
Navigation
[0] Message Index
Go to full version