I’m building a very small PoC that reflects a situation we’ve encountered in the while: somewhere between our software client and a remote server, a firewall is dropping idle connections. The client doesn’t receive a RST or FIN and this leads to Bad Behaviour. I’d like to use VYOS as the firewall. I have read through much of the documentation but didn’t find out how to do this.
Could someone provide me a hint? The goal in a nutshell: an idle connection is silently dropped after a configurable timeout is reached.
set system conntrack timeout tcp established 3600
Clears idle connection after 1 hour.
I wonder if resets are sent (in both directions) on timeout event. Which would be the correct way to tell up/downstream devices that connection is gone
after much fiddling about, I finally got my PoC working (using VyOS inside EVE-NG Community edition). I’ve managed to set it up such that there are no RST’s sent at all. Netcat’s on both sides of the firewall sit there, not noticing anything has happened. It’s exactly what I needed!
