English Forums > Intrusion Detection and Prevention

[solved] Problem with inbound TLS connection

(1/1)

Hunduster:
Hello everyone,

I have a problem with one of my mail gateways behind an OPNsense and two Internet connections.

WAN 1 - COLT fiber
WAN 2 - Vodafone DOCSIS

Both connections have fixed IP addresses. On each OPNsense, a static IP is entered on the WAN interfaces and the remaining IP addresses are created as CARP.

I have two mail gateways behind the firewall, where port 25 is forwarded to the gateways via DNAT. One CARP IP is forwarded to gateway 1 and one CARP IP to gateway 2. The rules are otherwise identical.

The whole thing works perfectly with the COLT connection. With the Vodafone connection, I cannot establish a TLS connection, only plain. With various TLS checks I always get the same error message:
--- Code: ---Cannot convert to SSL (reason: SSL wants a read first)
--- End code ---

So something is really messing up here.

I have already deactivated all possible security features such as IPS/IDS and Zenarmour. It's no use. The logs also show nothing. Firewall and DNAT rule let all packets through.

I'm slowly running out of ideas where else to look.

Hunduster:
You won't believe it, but restarting the master node solved the problem. I double and triple checked everything for two days and then the  ::)

Hunduster:

--- Quote from: Hunduster on March 01, 2024, 05:21:26 pm ---You won't believe it, but restarting the master node solved the problem. I double and triple checked everything for two days and then the  ::)

--- End quote ---

No, it has not been solved. Now, after a few minutes of mastering, I have the same error again :-(

Hunduster:
It's always the little things that make a big difference! :D I have now been able to find out exactly what the problem was: MTU.

With our old firewall, I had set up an MTU of 1412 on the Vodafone connection. I had stupidly adopted this with OPNsense.
Now that I have set the MTU back to 1500, it is stable on all firewall nodes

Navigation

[0] Message Index