TCP issue inside the tunnel

monster4000

Hello

I got the capture here.

0_1549105719338_packetcapture.zip

Konstanti

@monster4000
The that in sight
Is immediately reset the connection
This error often occurs when the TCP port is closed
There may be a firewall (10.9.96.4) that reject connections

Capture Site B

0_1549106181831_09468da0-86df-4859-af88-82d618a8a585-image.png

Capture Site -A

0_1549106245080_ebe1e9d0-f195-45d1-a56a-fbeb11aa0b77-image.png

monster4000

Hello

That seems strange to me:
SiteB
1_1549106526740_Site B.PNG
SiteA
0_1549106526739_Site A.PNG

There is no firewall active on the linux servers.

Konstanti

@monster4000

There may be a firewall that drops connections (host 10.9.96.4)
This host (10.0.96.4) is configured to accept connections only from specific networks ?

monster4000

Hello

i´ve have already check 10.9.96.4 for a firewall there is none.
also tested with a fresh ubuntu machine it´s the same

root@pmg:~# iptables --list
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Konstanti

@monster4000
I meant that Icinga is configured to accept connections only from certain networks

monster4000

Hello

never heard of that, it uses ssl to check, but Rudder is using the network and have added that to the list :(

Konstanti

@monster4000 said in

There is still such an idea

mss clamping (both sides)
VPN/IPsec/Advanced Settings
System/Advanced/Networking (both sides)

monster4000

Hello
MSS seem to done the trick, what is MMS?
I already had the other change due to proxmox kvm

monster4000

Hello

Just noticed it breaks large packets of UDP :( hopefully we will get fix soon.
https://redmine.pfsense.org/issues/7801