Greetings list,
A few days ago I finally found time to upgrade my ageing pfSense 2.1-RC0
at home to 2.1 final. Since that upgrade I've noticed that pfSense
doesn't seem to be handling state killing on failed gateways very well.
A bit of background: I live in a rural location with poor broadband
speeds, so I have 3 incoming ADSL connections which I feed into pfSense
- WAN, WAN2 and WAN3. I then perform policy-based routing so that
HTTP/HTTPS traffic goes out via WAN, SIP, mail and SSH out via WAN3, and
everything else via WAN2. Of these 3 connections, WAN and WAN3 are
pretty reliable, but WAN2 is much less so - an average of 2-3
disconnections a day (less than 30 secs each time, but a disconnection
nonetheless - I suspect it's an older copper pair than the other 2).
Shortly after upgrading to 2.1-release I noticed SSH terminal sessions
would routinely drop every few hours. Checking the gateway logs, WAN3
remains up throughout but WAN2 shows a disconnect at the time the SSH
session drops. I've verified (by looking at connections on the remote
box) that SSH is indeed using WAN3 as it should.
It looks like pfSense successfully detects the disconnect on WAN2, then
basically flushes the whole state table (dropping the SSH sessions),
rather than just flushing states involving WAN2.
I can work around the issue by ticking State Killing on Gateway
Failure on the Advanced page, but from my reading of the description,
this will effectively prevent failover of any existing states if their
gateway genuinely goes down.
I have checked the XML config from my 2.1-RC0 backup and this option
definitely isn't enabled there, so I have to wonder if something's
changed under the hood between -RC0 and -release.
Has anyone else encountered a similar issue? Suggestions gratefully
appreciated.
Kind regards,
Chris
--
This email is made from 100% recycled electrons
___
List mailing list
List@lists.pfsense.org
http://lists.pfsense.org/mailman/listinfo/list
