Ermal Luçi wrote:
On Fri, Feb 5, 2010 at 11:22 PM, Evgeny Yurchenko <[email protected] <mailto:[email protected]>> wrote:I think it is more FreeBSD's problem than pfSense's but decided anyway to post it here as somebody might run into the same issue. When we use MD5 TCP signing with OpenBGP package TCP connection termination does not go properly which results in BGP password errors on remote cisco side and thus problems with reestablishing connection/routing. So, normal tcp connection tearing down procedure: ---FIN---> <---ACK--- <---FIN--- ----ACK---> All these TCP packets must be MD5 signed (correct me if I am wrong). The problem is: when pfSense initiates connection termination (you want to clear BGP session) the last ACK is not MD5 signed. It makes cisco keep this connection active for some time sending FINs as it attempts to close the connection. If somebody has a clue how to fix this I would be very grateful for solution. Try disabling selective acks. should be net.inet.tcp.sack.enable=0 -- Ermal
No luck. The same story. Evgeny. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
