Hello I had a similar issue with a 6to4 tunnel but I guess that the same cause may be relevant to a VPN or some other type of connection that affects the MTU.
The pull operation would fail sporadically, usually on the same package — most of the time that would be a relatively large package like the kernel but not necessarily. The failure would often be a TLS failure but I found it to be a common failure when there is a connectivity issue because it is the TLS that tries to establish or restore the connection. I admit that I had similar issues with connecting to just a few seemingly random websites over the tunnel, but the download of substitutes from the bordeaux server seemed to be the most affected. The tunnel customer support suggested that it is an MTU issue. I tried a lot of different MTU values. Some of the values I tried fixed all my connection issues except for the pull operation until I found how to set up the tunnel in a way that automatically discovers and changes the MTU dynamically. I thought it was too specific to my router, so I posted my findings elsewhere: "How can I set up 6to4 on MikroTik and configure MTU to fix connection failures and update guix?" https://superuser.com/q/1808662/1203531 I recently followed a link to this bug report from a help mailing list thread: "guix pull/guix upgrade often fails over VPN with TLS error message" https://lists.gnu.org/archive/html/help-guix/2024-09/msg00014.html I found the descriptions of the issue familiar, so I am sharing an idea that it might be related to the MTU of the connection to the substitute server. Roman
signature.asc
Description: This is a digitally signed message part
