PfSense, VLAN’s, and SSH Disconnects (and how to fix it)

For the past month or so my storage box has been driving me insane. Whenever I SSH into the box, after about 30 seconds it would always disconnect me. I checked everything from routes, to firewall rules, and nothing was amiss. I spent weeks looking for the cause of these SSH Disconnects, but to no avail. That is, until recently. After some extreme googling, I was able to figure out the cause and I had to share it.

On the server in question, I have it hooked up to two networks. One vi cable, and another using a VLAN tag on the same port. If I were to take down the VLAN interface, or the direct cable interface, then SSH would not have any disconnect issues. This lead me to believe it was a routing issue, or a network configuration problem. Well in the end, I found the cause to be none other then my firewall, PfSense!

After finding a thread on their forum with someone who shared my troubles, I was able to find a solution and I felt it should be shared. (That said thread is linked at the bottom of this post).

So, lets get started!

  1. Login to your PfSense firewall
  2. Go to System > Advanced > Firewall / NAT
  3. Set Firewall Optimization Options to Conservative
  4. Enable Clear invalid DF bits instead of dropping the packets

In the end, it should look like this:

PfSense Firewall Settings to fix SSH Disconnects

 

 

 

 

 

After this, my SSH disconnects completely disappeared! I hope you find this as useful as I did.

Citation:

http://forum.pfsense.org/index.php?topic=35203.0

21 thoughts on “PfSense, VLAN’s, and SSH Disconnects (and how to fix it)

  1. Pingback: SSH connection through UTM 9 VM dropping after 1 min - Sophos User Bulletin Board

  2. Tilghman Lesher

    Excellent! That worked for us, as well, although our symptoms were slightly different. During backup times, when the network was being stressed, this would occur to long-running persistent SSH connections. This change has allowed those sessions to remain connected.

    Reply
  3. Oliver

    I tried that solution, and at the first look it worked
    But the problem must be elsewhere. If you take a look at the help page of pfSense it shows that in the “normal” Firewall mode “tcp.opening No response yet” get terminated after 30secs which is the time ssh takes to disconnect.
    https://doc.pfsense.org/index.php/Advanced_Setup#Firewall.2FNAT

    In “conservative” mode this time is just increased to 15min!
    So i waited for 15min instead of 30sec -> and the same problem occured.

    Do you have any idea what else it could be?

    Reply
  4. Dave W

    Thank you!!!! That has been driving me crazy for the last few days. I’ve been configuring a pfSense for our new external connection and switched to using it as my gateway to test.
    As soon as I did that, and configured the VLANs on pfSense, the SSH to the switched kept bombing out after a couple of minutes.
    I thought I had configured the VLANs wrong or that the box we are using wasn’t up to the task… Then I stumbled on your post.

    Reply
  5. Nico Bouthoorn

    Thanks it was a head banger!, my situation: a internal openvpn server, a ssh session from this openvpn tunnel on a virtual subnet internally.
    The tcp sessions allway’s freezes at about 47s.

    Reply
  6. Carlos Alberto Teixeira

    Many thanks from Ceará Brazil.

    But just switch Firewall Optimization Options to Conservative solved this issue to me.

    Best regards.

    Reply
  7. User10

    Wow. Finaly I was able to find the resolution to my SSH problems behind pFsense. Thank you very much for sharing this!

    Reply
  8. Laraib

    You’re good. Thank you sooo much Sir. I wasn’t able to find any solution for it and now it’s working flawlessly!

    Reply
  9. MSH

    Thanks. This problem has vexxed me occasionally numerous times. Was for a netgate 7541 routing between interfaces.

    Reply
  10. Elba Mace

    Hi there,
    Elba here.
    I’ve uncovered an email marketing strategy that the big players don’t want you to know.
    No contact limits, flat pricing. No price change when you grow your list. Plus, you can try it all for free.
    Interested? Just reply with “Tell me more” and I’ll share the full scoop.
    Trust me, you won’t want to miss this.
    Best regards,
    Elba Mace

    Reply
  11. Yetta Wetherspoon

    Discover the best in e-commerce with Shopify

    The premier platform designed for businesses of all sizes.

    Shopify offers an easily affordable pricing structure, making it accessible for startups and established enterprises alike.

    Benefit from exceptional customer support, available 24/7 to assist with any queries or issues you might face.
    Choose Shopify to streamline your online store management, enhance your customer experience, and drive your business success.
    Join the millions of merchants who trust Shopify as their e-commerce partner.

    Start today and watch your business thrive.

    Simply Visit Us @ shopify.pxf.io/jr04aa

    Bring your ideas to life for €1/month

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *