Last modified at 11/2/2013 11:46 AM by Koen Zomers
It may occur that even though you're sure you have allowed certain traffic in your firewall settings, connections are instable and packets are dropped. You will see TCP:RA and TCP:PA dropped packets being logged, like:

pfSense-RoutingRaPaFirewallLogs.png

Clicking on the red X square shows a reason similar to:

pfSense-RoutingRaPaFirewallLogsErrorMessage.png

It only occurred in my situation when routing IPv6 traffic through pfSense between two different VLANs. There are people in forums that mention it occurred with IPv4 connections as well though.

It is easy to fix this by following these steps:
  1. Go to the webinterface of your pfSense box
  2. Go to System and then to Advanced in the top menu
  3. Click on the Firewall / NAT tab
  4. Change the setting of Firewall Optimization Options to conservative

    pfSense-RoutingRaPaFirewallOptimizationOption.png
  5. Click Save at the bottom. No reboot of your pfSense server is necessary. It should now no longer drop packets.
The increased memory and CPU usage it warns for was negligible at my pfSense box equipped with 4GB of RAM and containing an Intel Atom D525 CPU.