I'm having a problem connecting with (and through) one OpenBSD box.
Both ends are running OpenBSD -current (-current as of last weekend)
and I've had the issue through a couple of months of various builds of
-current.
The problem occurs whether I'm connecting directly to the remote
OpenBSD box (firewall) or connecting through it via a redirect to an
inside box.
The connections attempts are all coming from a Linux box inside my
network (and i'm running a recent -current as my firewall), and
connections to and through several other remote OpenBSD boxes
(although not running a recent -current) all work 100% of the time.
With the problem box sometimes the connection never completes. After
the failed connection attempt subsequent connection attempts work
fine, it's only after some time that the problem may arise again.
For example if I attempt to ssh to the problem box I'm greeted with a
blank line:
====================================
$ ssh problem_box
====================================
And after some minutes, I'l finally receive this:
====================================
ssh_exchange_identification: read: Connection timed out
====================================
>From another terminal I can then shell in (whether or not I kill the
first attempt). The connection states reported are (all address have
been munged):
my local firewall:
====================================
all tcp 51.213.211.197:22 <- 172.25.12.66:44291 ESTABLISHED:ESTABLISHED
all tcp 76.112.133.216:54348 (172.25.12.66:44291) -> 51.213.211.197:22
ESTABLISHED:ESTABLISHED
all tcp 51.213.211.197:22 <- 172.25.12.66:44292 ESTABLISHED:ESTABLISHED
all tcp 76.112.133.216:58306 (172.25.12.66:44292) -> 51.213.211.197:22
ESTABLISHED:ESTABLISHED
====================================
the remote firewall:
====================================
all tcp 51.213.211.197:22 <- 76.112.133.216:54348 SYN_SENT:ESTABLISHED
all tcp 51.213.211.197:22 <- 76.112.133.216:58306 ESTABLISHED:ESTABLISHED
====================================
The "hung" connection is the "SYN_SENT:ESTABLISHED" one and it stays
that way for some time, although my local firewall believes it to be
established.
I've seen the same issue with an RDP connection to an inside Windows
box via a redirect. Sometimes the first attempt will not connect, if I
kill it and try again, voila, it works.
The critical part is that my rsync backup to an internal box fails
about every third night due to this issue. As I rsync two different
paths (one and then the other) on the remote daemon the first path
will fail sporadically, the second path always completes. Have none of
these issues with other accounts (but as mentioned the OpenBSD
versions on those firewalls are a bit older).
Any assistance on resolving this would be much appreciated.
Thank you,
Chris
