This issue is still with me. Sporadically the connection will fail, and a connection attempt immediately after the failure will (so far) always work. Again the problem is only with this one remote firewall, all of the others are fine. the hardware is virtually identical, similar versions of the Supermicro 5015A boxes. Also note that said problem box was used in another location with an older version of OpenBSD without said issues.
It's possible the ISP's cable modem might be to blame but I'd like to have something to go on before I point that finger. Could really use some ideas on how to troubleshoot this. Chris On Sun, Dec 29, 2013 at 9:56 PM, Chris Smith <obsd_m...@chrissmith.org> wrote: > I'm having a problem connecting with (and through) one OpenBSD box. > Both ends are running OpenBSD -current (-current as of last weekend) > and I've had the issue through a couple of months of various builds of > -current. > > The problem occurs whether I'm connecting directly to the remote > OpenBSD box (firewall) or connecting through it via a redirect to an > inside box. > > The connections attempts are all coming from a Linux box inside my > network (and i'm running a recent -current as my firewall), and > connections to and through several other remote OpenBSD boxes > (although not running a recent -current) all work 100% of the time. > > With the problem box sometimes the connection never completes. After > the failed connection attempt subsequent connection attempts work > fine, it's only after some time that the problem may arise again. > > For example if I attempt to ssh to the problem box I'm greeted with a > blank line: > ==================================== > $ ssh problem_box > > ==================================== > > And after some minutes, I'l finally receive this: > ==================================== > ssh_exchange_identification: read: Connection timed out > ==================================== > > From another terminal I can then shell in (whether or not I kill the > first attempt). The connection states reported are (all address have > been munged): > my local firewall: > ==================================== > all tcp 51.213.211.197:22 <- 172.25.12.66:44291 ESTABLISHED:ESTABLISHED > all tcp 76.112.133.216:54348 (172.25.12.66:44291) -> 51.213.211.197:22 > ESTABLISHED:ESTABLISHED > all tcp 51.213.211.197:22 <- 172.25.12.66:44292 ESTABLISHED:ESTABLISHED > all tcp 76.112.133.216:58306 (172.25.12.66:44292) -> 51.213.211.197:22 > ESTABLISHED:ESTABLISHED > ==================================== > > the remote firewall: > ==================================== > all tcp 51.213.211.197:22 <- 76.112.133.216:54348 SYN_SENT:ESTABLISHED > all tcp 51.213.211.197:22 <- 76.112.133.216:58306 > ESTABLISHED:ESTABLISHED > ==================================== > > The "hung" connection is the "SYN_SENT:ESTABLISHED" one and it stays > that way for some time, although my local firewall believes it to be > established. > > I've seen the same issue with an RDP connection to an inside Windows > box via a redirect. Sometimes the first attempt will not connect, if I > kill it and try again, voila, it works. > > The critical part is that my rsync backup to an internal box fails > about every third night due to this issue. As I rsync two different > paths (one and then the other) on the remote daemon the first path > will fail sporadically, the second path always completes. Have none of > these issues with other accounts (but as mentioned the OpenBSD > versions on those firewalls are a bit older). > > Any assistance on resolving this would be much appreciated. > > Thank you, > > Chris
