neufuse Veteran Posted October 3, 2014 Veteran Share Posted October 3, 2014 I'm having an odd issue with RDP when going through my pfSense firewall. It works perfectly fine, but out of no where when I do something that might move a lot of data and after its been open for a bit of time it will drop the connection and MSTSC will do it's trying to reconnect window for 1 try then boom works again.. If i switch the pfSense with some cheapo netgear router, never see this issue... but put pfSense back in, and boom starts up again randomly... Am I seeing some type of TCP timeout issue? Not sure why I'd get that but it seems like it's somehow related to how long the connection is kept open to the RDP server. I'm running pfSense 2.1.5 release version the firewall rules are pretty simple It's basically IPv4 TCP/UDP from source * port * to destination 192.168.1.50 on port 3389 gateway * queue none, schedule none Link to comment Share on other sites More sharing options...
+BudMan MVC Posted October 3, 2014 MVC Share Posted October 3, 2014 So since you mention that it happens when you move a lot of data.. Pfsense will reset its states the gateway monitoring fails.. So it pings the gateway every 1 second.. If this fails, it can reset states!! This can happen if you have a full pipe. You can turn off this feature here. They are still having problems with attachments - so here I uploaded it to imgr So you can turn it off here, or you can turn off monitoring of your gateway all together. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted October 3, 2014 Author Veteran Share Posted October 3, 2014 So since you mention that it happens when you move a lot of data.. Pfsense will reset its states the gateway monitoring fails.. So it pings the gateway every 1 second.. If this fails, it can reset states!! This can happen if you have a full pipe. You can turn off this feature here. statekilling.png They are still having problems with attachments - so here I uploaded it to imgr So you can turn it off here, or you can turn off monitoring of your gateway all together. Thanks BudMan, unfortunately I already have that set and the issue still happens... the only connections that seem to be getting killed are my RDP connections everything else is still connected when this happens it appears.. I'll add that I also have gateway monitoring disabled because it was always losing my IPv6 lease with comcast's v6 DHCP-PD implementation.. it would just lose the IP out of no where then there was an IPv6 gateway hiccup Link to comment Share on other sites More sharing options...
+BudMan MVC Posted October 4, 2014 MVC Share Posted October 4, 2014 Is your RDP connection udp or tcp? Disable UDP.. Link to comment Share on other sites More sharing options...
+PeterUK MVC Posted October 4, 2014 MVC Share Posted October 4, 2014 Maybe try a older version of pfSense? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted October 4, 2014 MVC Share Posted October 4, 2014 So how are you sure its pfsense dropping the connection.. Who says the issue is not on the remote end when you fill up its pipe? All you know is your loosing the connection - have you found the disconnection in the log in pfsense? Are you doing RDP straight through pfsense - ie port 3389, or do you have a vpn setup? I sure hope its a vpn and not just 3389 exposed to the public net.. Link to comment Share on other sites More sharing options...
neufuse Veteran Posted October 4, 2014 Author Veteran Share Posted October 4, 2014 So how are you sure its pfsense dropping the connection.. Who says the issue is not on the remote end when you fill up its pipe? All you know is your loosing the connection - have you found the disconnection in the log in pfsense? Are you doing RDP straight through pfsense - ie port 3389, or do you have a vpn setup? I sure hope its a vpn and not just 3389 exposed to the public net.. I was running a network monitor on it and saw that specific connection would drop out of no where after a flood of ACK's coming from the same source / destination the remote end shouldn't be flooded, it's a 1Gbps fiber link that only has about 10% utilization on average we so far have never saturated it yet. Yes it is a RDP exposed to public, but I do have it limited down to only my remote IP block can connect to it. This is just a testing box, so even if something did get through, it's just for testing. Is your RDP connection udp or tcp? Disable UDP.. UDP is disabled now, had it on because we are testing stuff with newer RDP servers that like UDP better. Link to comment Share on other sites More sharing options...
+PeterUK MVC Posted October 4, 2014 MVC Share Posted October 4, 2014 So how are you sure its pfsense dropping the connection.. Who says the issue is not on the remote end when you fill up its pipe? If i switch the pfSense with some cheapo netgear router, never see this issue... but put pfSense back in, and boom starts up again randomly... This would seem to show it pfsense? Link to comment Share on other sites More sharing options...
+BudMan MVC Posted October 4, 2014 MVC Share Posted October 4, 2014 " saw that specific connection would drop out of no where after a flood of ACK's coming from the same source " How would you have acks if it was UDP? Can you post up this info when it drops? So your saying the state dropped in pfsense? What causes these flood of acks? Is just data packets? I vpn into my home network every day, and run rdp over it all the day and don't have disconnects.. Then again I don't saturate my pipe.. Would be very helpful is sniff on the pfsense side watching this connection when it drops.. Move your connection to inside a vpn tunnel.. Do you have rdp disconnects then? Link to comment Share on other sites More sharing options...
neufuse Veteran Posted October 4, 2014 Author Veteran Share Posted October 4, 2014 " saw that specific connection would drop out of no where after a flood of ACK's coming from the same source " How would you have acks if it was UDP? Can you post up this info when it drops? So your saying the state dropped in pfsense? What causes these flood of acks? Is just data packets? I vpn into my home network every day, and run rdp over it all the day and don't have disconnects.. Then again I don't saturate my pipe.. Would be very helpful is sniff on the pfsense side watching this connection when it drops.. Move your connection to inside a vpn tunnel.. Do you have rdp disconnects then? The ACKS where when I disabled the UDP protocol " saw that specific connection would drop out of no where after a flood of ACK's coming from the same source " How would you have acks if it was UDP? Can you post up this info when it drops? So your saying the state dropped in pfsense? What causes these flood of acks? Is just data packets? I vpn into my home network every day, and run rdp over it all the day and don't have disconnects.. Then again I don't saturate my pipe.. Would be very helpful is sniff on the pfsense side watching this connection when it drops.. Move your connection to inside a vpn tunnel.. Do you have rdp disconnects then? I can't do anymore tests until Monday when I'm back at the office, but now that you mention the VPN tunnel, we have Cisco AnyConnect vpn set up on our ASA box, and when I'm on it for hours at a time using RDP over it, I've never seen a disconnect... never thought about it until you mentioned it Link to comment Share on other sites More sharing options...
neufuse Veteran Posted October 9, 2014 Author Veteran Share Posted October 9, 2014 I think I might of tracked it down to a bad port on my router :huh: I switched my LAN and WAN ports to 2 of my OPT ports and the issue went away completely... switched them back and came back again... I only thought of this because I started seeing some odd hardware issues on the ports like the activity light flashing like nuts when this happens... oddest thing through is how it only affects RDP.. not sure if it's a bug, hardware issue, firmware issue, what, but it's working ok now after the NIC port remapping Link to comment Share on other sites More sharing options...
Recommended Posts