On 3/30/2010 3:25 PM, Oliver Hansen wrote:
I tried posting this specifically before and didn't have any luck (
http://www.mail-archive.com/[email protected]/msg19099.html ) but
now that I have contacted Microsoft I have a few more details to ask
the questions with. Here is the basic scenario:
- On the server, TCP session timeouts have been lowered to 5 minutes
(through a reg edit that MS support had me make)
- The client application has been shut down and netstat shows no
connections open to the server
- The server still shows many (up to 30) connections to the client
long after the 5 minute timeout window
- The pfSense (1.2.3-RC3) GUI Diagnostics -> States table shows
sessions between the client and server as ESTABLISHED:ESTABLISHED
- The client and server are in two different subnets connected by an
IPSec VPN
Now, is there anything in pfSense that would keep a session open even
after the client has closed it and the server's TCP timeout window has
passed? The way MS Support was explaining it to me, they said the
server would send out a message to see if the client was still around
and it would only be keeping the session open if something was
responding on the client's behalf. She said to look for any setting on
the router such as "tcp keep alive" or "idle keep alive" but the only
thing I see is under VPN settings for the Keep Alive IP to ping which
I thought was only to keep the tunnel up by pinging a host on the
remote subnet.
Thank for any help!
Is there anyone who can give me some advice on what to check? I'd be
perfectly happy to show MS that the routers are not causing the problem
but I'm not sure how to do that. If a state exists on the router between
two computers and the state is not shown on either of the two computers,
what should I be looking for in a packet capture?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org
