Citrix freeze problems

asked 2021-07-23 02:29:23 +0000

kosta88

updated 2021-07-23 04:16:07 +0000

Hello, we have a new Firewall, an OPNsense, and are experiencing permanent freezes with Citrix sessions. It used to work without an issue on the Sophos.

What I seeing on the capture log concerns me.

It's permanent TCP retransmissions after Application Data, each and every single one. Then comes the part where it freezes, at about packet 235.

And after that it resumes the old TCP Retransmissions thing. And it repeats around every 1 minute. The freeze is always for about 20 seconds. If there are details needed from the actual packets, I can gladly provide, just say which.

I noticed one thing in the retransmissions: The first packets, Application Data, is between client and OPNsense. TCP Retransmission is between OPNsense and Cisco.

A little network background: We have a local IT with some servers and internet, and then we connect via VPN-Router to another location where we access another server via Citrix Netscaler (login page). OPNsense Firewall is connected directly to the internet and providing gateway functionality for the Cisco VPN-Router. So basically a secondary network for Cisco, static routes on the OPNsense to access specific networks via Cisco.

I confirmed it's not the server-side, since we have two ways to connect: We can go straight over internet, authenticating via Smartcard, completely omitting the router, but using OPNsense -> without any issues. We connect through the Cisco, authenticating without a Smartcard -> freezes.

I anonymized the capture, dest-ip is the workstation, dest-ip is the IP of the server inside the session. I can't capture the server side. The capture here was on LAN interface. Other interfaces are useless: gateway interface for Cisco shows only ESP packets, and WAN only sending those ESP packets further to the far endpoint.

Can you help?

Here is the log: Pastebin

Thank you.

1 Answer

answered 2021-07-23 12:14:43 +0000

kosta88

Solved. The issue seems to be that the outgoing packets from the workstation to the server were going over OPNsense router, but the incoming directly, omitting the OPNsense, resulting in asynchronous routing.

Asked: 2021-07-23 02:20:12 +0000

Seen: 58 times

Last updated: Jul 23