same subnet / strange connection loss ssh

raspberryswirl2 · February 27, 2018, 07:43:22 AM

Hi!

I am new to opnsense, it is a great product.
I recently noticed, that running ssh on the same subnet brings me to connection interruption with ssh -
I changed allready Firewall Optimization to conservative, in FW -> Settings -> Advanced
regarding to this post
https://servernetworktech.com/2013/05/pfsense-vlans-and-ssh-disconnects/
and it is better working!
Today also in Settings -> Normalization
IP Do-Not-Fragment
and now testing again)

Does anybody has another hint, to improove this issue?
thank you
rasp

franco · February 28, 2018, 08:53:43 AM

You have a loophole in your network. Some SSH traffic hits the firewall, while the other traffic goes directly to the server. This creates a problem for state tracking: it can't be done because packets are missing and the connection is terminated by the firewall for security reasons.

A switch plugged to your LAN port should fix this so that no internal LAN traffic reaches the firewall.

Cheers,
Franco

raspberryswirl2 · February 28, 2018, 07:49:37 PM

Hi Franco!

thank you! i thought about that. And as you explained, I did this - there is still a switch between the FW and the rest - BUT: I am using a virtual IP as the default GW in the same network. could that be the problem? Or a bridge i put over the WAN?

best regards
jonathan

franco · March 01, 2018, 09:52:58 AM

Hi Jonathan,

Could be the bridge, but can't say for sure. Maybe traffic is appearing twice and that confuses the state tracking.

Cheers,
Franco

same subnet / strange connection loss ssh

raspberryswirl2

February 27, 2018, 07:43:22 AM

franco

February 28, 2018, 08:53:43 AM #1

raspberryswirl2

February 28, 2018, 07:49:37 PM #2

franco

March 01, 2018, 09:52:58 AM #3