Re: TCP FIN hangups in encrypted ESP tunnel

2021-07-08 Thread Andre Stoebe 
Hi Peter,

it's not just you, I have similar problems since around July 1, but with a
netcup server.

Since then, downloading a bigger file from the netcup server using scp or rsync
fails pretty consistently. Normal ssh sessions or other stuff like imap or xmpp
remain stable, as far as I can tell.

I run the scp/rsync over wg, but it doesn't matter, happens over pppoe too.

Like you, I also spent the last evenings looking for mistakes on my side,
besides having this working for years. So now I guess the problem is on their
side or somewhere in between?

I see the following when the file transfer fails:

192.168.100.1 is my router, where I run "scp 192.168.100.2:dump.gz ."
192.168.100.2 is the netcup server

237470  28.285237 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] 
Seq=55922 Ack=195360998 Win=120512 Len=0 TSval=2630531475 TSecr=89901171
237471  28.285242 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237472  28.285260 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237473  28.285288 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] 
Seq=55922 Ack=195363734 Win=117824 Len=0 TSval=2630531475 TSecr=89901171
237474  28.285293 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237475  28.285311 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237476  28.285339 192.168.100.1 -> 192.168.100.2 TCP 56 12534 -> 22 [ACK] 
Seq=55922 Ack=195366470 Win=115072 Len=0 TSval=2630531475 TSecr=89901171
237477  28.285348 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: [TCP 
Previous segment not captured] , Encrypted packet (len=1368)
237478  28.285382 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#1] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=115072 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195369206
237479  28.285498 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195369206
237480  28.285863 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237481  28.285906 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#2] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195370574
237482  28.285914 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237483  28.285941 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#3] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195371942
237484  28.285946 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237485  28.285973 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#4] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195373310
237486  28.285979 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237487  28.286006 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#5] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195374678
237488  28.286016 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237489  28.286044 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#6] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195376046
237490  28.286054 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: Encrypted 
packet (len=1368)
237491  28.286081 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#7] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=123264 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237492  28.286343 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=131456 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237493  28.286421 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=139648 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237494  28.287076 192.168.100.2 -> 192.168.100.1 TCP 56 22 -> 12534 [FIN, ACK] 
Seq=195377414 Ack=55922 Win=16384 Len=0 TSval=89901171 TSecr=2630531475
237495  28.287141 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Dup ACK 237476#8] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=139648 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237496  28.288062 192.168.100.1 -> 192.168.100.2 TCP 68 [TCP Window Update] 
12534 -> 22 [ACK] Seq=55922 Ack=195366470 Win=147712 Len=0 TSval=2630531475 
TSecr=89901171 SLE=195367838 SRE=195377414
237497  28.288586 192.168.100.1 -> 192.168.100.2 SSHv2 104 Client: Encrypted 
packet (len=36)
237498  28.295439 192.168.100.2 -> 192.168.100.1 SSHv2 1424 Server: [TCP Fast 
Retransmission] ,

Re: Display flickers after upgrade to 6.6

2019-10-19 Thread Andre Stoebe 
Hi,

I ran into the same issue this morning. Disabling the compositor worked
for me, but I noticed later that this is also documented in the package
readme:

Screen compositor
=
If you're using the modesetting X driver and experience window
flickering when
the compositor is enabled, you should force the window manager to use the
XPresent method for vblank:

$xfwm4 --vblank=xpresent --replace &

This is documented upstream at
https://git.xfce.org/xfce/xfwm4/tree/COMPOSITOR#n114

Haven't tested that yet and left the compositor disabled, but I guess
this will fix your issues. If it does, that's probably a good reminder
to first look in the readme next time (me included). ;)

Regards,
André

Re: Package -stable updates

2019-08-29 Thread Andre Stoebe 
On 29.08.2019 01:59, Steven Shockley wrote:
> So, many thanks to everyone who put together the new -stable updates for
> packages.  Is there a command I can put in the crontab that will only
> output if there are updates?  Similar to what syspatch or openup does.
> I tried pkg_add -unx, but that still tells me to delete old files and
> prints the quirks line even if there are no updates.

Hi Steven,

here's what I came up with in my /etc/daily.local file...

(pkg_add -suv | sed -En 's/^Adding (.+)\(pretending\)/\1/p') 2>&1 \
| grep -v ': Requesting'

Initially I didn't use the verbose option and a simpler sed expression,
but I eventually found that pkg_add's output differs whether a terminal
is attached or not. So that's what works for me.

Regards
Andre

Re: unbound-checkconf "Killed" on openbsd 6.4 amd64 when loading large local cache

2018-10-25 Thread Andre Stoebe 
Use "rcctl set unbound timeout 300", which sets "unbound_timeout=300" in
rc.conf.local. The variables are documented in rc.d(8).

Regards
André