Matteo Temporini

PfSense e problemi di timeout su connessioni SSH

Ultimamente dopo gii ultimi aggiornamenti di PfSense alla versione 2.1.5 (probabilmente anche nelle precedenti), mi sono imbattuto in un fastidioso problema legato alle connessioni SSH.

Di fatto, una volta collegato in ssh su un server, se lasciavo la sessione in idle per alcuni minuti (così a spanne attorno ai 5 minuti), mi ritrovavo disconnesso con il messaggio di errore “write failed broken pipe”.

cerando un po’ di documentazione online, ho trovato che il problema è legato al timeout delle states di pfsense. Fra le soluzioni che ho trovato, due facevano al caso mio.

1- Modifica del timeout delle states su PfSense

2- Modifica lato client della connessione SSH

La prima soluzione però presenta il problema che aumentando troppo i timeout delle state, si rischia alla lunga di riempire le states table, portando ad un sovraccarico del firewall e di conseguenza ad un collasso delle prestazioni.

La seconda soluzione invece è quella che ho ritenuto più idonea (nonchè più semplice e più immediata).

Procediamo come a seguire

– editiamo il file ~/.ssh/config con il comando

nano ~/.ssh/config

– aggiungiamo le seguenti righe

ServerAliveInterval 60
ServerAliveCountMax 1440

ServerAliveInterval dice al nostro client SSH di inviare un pacchetto di SSH keepalive ogni 60 secondi (che è sicuramente più basso del timeout delle states del firewall).

ServerAliveCountMax indica invece al nostro client quanti di questi pacchetti posso fallire prima che il nostro client decida di chiudere la connessione.

Ora possiamo effettuare tranquillamente i collegamenti ssh senza preoccuparci dei timeout.

Pubblicato

in

, , ,

da

Matteo Temporini

Tag:

, , , , , ,

Commenti

84 risposte a “PfSense e problemi di timeout su connessioni SSH”

  1. Avatar 레깅스알바
    레깅스알바

    G is far from an anomaly in making use of cosmetic surgery to increase herr life.

    My blog; 레깅스알바

  2. Avatar Emely
    Emely

    It’s going to be ending of mine day, except before finish I am reading this fantastic paragraph to
    increase my knowledge.

  3. Avatar 이지알바
    이지알바

    “I have a college education that I really feeel like I
    am wasting by beikng there,” he added.

    My web page :: 이지알바

  4. Avatar 자동차대출
    자동차대출

    registered with tthe Securities and Exchange Commission (“SEC”).

    Feel free to visit my web-site 자동차대출

  5. Avatar Ken
    Ken

    Hi there! I’m at work surfing around your blog from my
    new apple iphone! Just wanted to say I love reading your
    blog and look forward to all your posts!

    Carry on the outstanding work!

  6. Avatar 정부지원대출
    정부지원대출

    You can borrow upp to $50,000, based oon qualifying factors, with a fixed rate
    and flexible payment options.

    Also visit my blog :: 정부지원대출

  7. Avatar 토토사이트
    토토사이트

    Sharing is a powerful tool for personal and collective growth.
    I want to use the resources and opportunities I’ve been given to help others.

  8. Avatar 메가밀리언
    메가밀리언

    Wiith VEED, you can draw, scribble and doodle on your videos
    as substantially as you like.

    Here is my web blog 메가밀리언

  9. Avatar 무직자대출
    무직자대출

    Do not gget deluded by the interest rates that the platforms offer you.

    Feel free tto visit my webpage :: 무직자대출

  10. Avatar 온라인카지노
    온라인카지노

    Minimum withdrawal amounts differ by technique, with cryptocurrency withdrswals starting at $20 and bank wire
    withdrawals at $one hundred.

    My blog; 온라인카지노

  11. Avatar 바카라사이트
    바카라사이트

    Onlin slots, for instance, are taxed at a price of 54%, which leaves tiny
    msrgin for operators.

    Feel free to visit my web page … 바카라사이트

  12. Avatar 카지노사이트
    카지노사이트

    Giving tickets foor absolutely free to some participants does not make a raffle legal if other tickets are sold that mke the overall
    raffle an illegal lottery.

    Also visit my page – 카지노사이트

  13. Avatar site
    site

    We checked whjat prospects had to say about producing
    deposits aand withdrawals.

    My page; site

  14. Avatar 웹툰사이트
    웹툰사이트

    Can I show my graceful appreciation and show my
    hidden information on really good stuff and if you want to really findout?
    Let me tell you a brief about how to find hot girls for free I am always here for
    yall you know that right?

  15. Avatar read more
    read more

    Outdoors of the United States, 22bet is likewise one of the greatest
    on the internet sports betting websites.

    My web-site read more

  16. Avatar homepage
    homepage

    This online casino began operations in 2000 and enjoys
    a healthful income of almost $5 million.

    Also visit my site: homepage

  17. Avatar Teri
    Teri

    May I simply just say what a comfort to find someone who actually
    knows what they are discussing on the internet. You actually realize how to bring
    an issue to light and make it important. A lot more people have to check this out
    and understand this side of your story. I was surprised that
    you are not more popular since you definitely possess the gift.

  18. Avatar get more info
    get more info

    As a bonus, there is a luxe spa, reside entertainment, and
    an award-winning golf course.

    Take a look at my webpage; get more info

  19. Avatar web site
    web site

    It is ppossible to see what ards other players have, which can influence a player’s dedcisions if there are only 1 or 2 decks
    in play.

    Alsso visit mmy site: web site

  20. Avatar site
    site

    Thirty minute customer parking is presented in Lot 62, accessible from Wellborn Road.

    Check out my web-site: site

  21. Avatar 급전 대출
    급전 대출

    Once you know the interest price, you can use the personal loan EMI calculator to know your EMI outflow.

    Feel free to visit mmy homepage … 급전 대출

  22. Avatar 카지노추천
    카지노추천

    When itt comes tto rewards, MyB Casino players have a lot to appear forward to.

    Also visit my page … 카지노추천

  23. Avatar 파워볼중계
    파워볼중계

    promptly beforehand.

    Look into my web blog … 파워볼중계

  24. Avatar 파워볼사이트
    파워볼사이트

    Anything in excess of $ten,000 should be claimed at New Hampshire Lottery headquarters or through the mail.

    My blog; 파워볼사이트

  25. Avatar 카지노사이트추천
    카지노사이트추천

    No state in the United States has jurisdiction over offshore
    gambling establishments.

    Check out my web site … 카지노사이트추천

  26. Avatar 바카라사이트
    바카라사이트

    The spins have a 24-hourvalidity period, in which you ought to wager tthe winnings 35 occasions.

    Also visit my web blog – 바카라사이트

  27. Avatar website
    website

    For this cause, South Koreans have identified an option – attempting their luck at offshore reside casinos.

    Also visit mmy blog … website

  28. Avatar Clemmie
    Clemmie

    I am in fact thankful to the holder of this website who has
    shared this impressive paragraph at at this time.

  29. Avatar 오피아트
    오피아트

    Hi there! I’m at work surfing around your blog from my new
    apple iphone! Just wanted to say I love reading through your blog and look forward to all your
    posts! Carry on the outstanding work!

  30. Avatar 바카라사이트
    바카라사이트

    Titpes include things like Cash Revenue Mermaid, Codebame Jackpot, and Cleopatra’s Gold.

    Stop by mmy website 바카라사이트

  31. Avatar https://fnote.net/
    https://fnote.net/

    This also suggests that if you arre registered and goo out of the Garden State, you
    cannot play until you’re back within state lines.

    my homepage … https://fnote.net/

  32. Avatar 온라인카지노
    온라인카지노

    UTAH—Utah, Hawaii, and Tennessee are the only states prohibiting all forms of commercial gambling.

    My page; 온라인카지노

  33. Avatar 바카라사이트
    바카라사이트

    Thhe expanjsive game lobby in 1xBet mobilpe
    casino is reputable computer software providers such as Microgaming and NetEnt.

    Alsso visit my pagee – 바카라사이트

  34. Avatar kennithlebron08.edublogs.org
    kennithlebron08.edublogs.org

    Examine all the bonuses and perks to determine on the
    1 you like ideal.

    Have a look at my blog post … kennithlebron08.edublogs.org

Commenti meno recenti
1 2

Lascia un commento

Il tuo indirizzo email non sarà pubblicato. I campi obbligatori sono contrassegnati *