Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

jessie -> stretch: Debian router fails specific connections

Linux Kernel, Network, and Services configuration.
Post Reply
Message
Author
reinhard.munz
Posts: 2
Joined: 2018-08-01 22:47

jessie -> stretch: Debian router fails specific connections

#1 Post by reinhard.munz »

Hi,

I have a Debian VM running on Citrix XenServer as router in a remote site. I upgraded this router from jessie to stretch few days ago and by now several clients have reported that specific websites stopped loading and specific mail accounts stopped synchronizing since that day. All other connections work as before.

I am using shorewall but when I turn on logging all connections are logged as accepted and none are logged as rejected or dropped. Clients often hang at TLS handshakes and most of the not working connections are TLS encrypted. However, I have seen one or two unencrypted websites that don't work. All these connections work flawlessly when I revert to a previous snapshot with jessie.

The symptoms of my problem sound exactly like the ones described for a Ubuntu 18.04 system here: https://ubuntuforums.org/showthread.php?t=2391692
If it's indeed the same problem, then it would have carried over into buster and must have been around for some time. I'm thus hoping that someone knows a simple and quick solution. So if you do, I'm all ears.

Otherwise there's not much I can do at the moment. I'm limited in the abilities to debug. I cannot boot the snapshot of the faulty system without interfering with the working one. And I do not have a second Citrix cluster to move it to.

I am only writing this to see whether by chance anyone has had the same problem and found a solution other than reinstalling the machine (as the one did for the Ubuntu system). I didn't find much else by googling although that might be due to the fact I'm not even sure what the exact problem is and what I should google for. Unfortunately, most additional debugging must wait until I am on site again later this year.

Please let me know if I should provide any additional information.

Thanks,
Reinhard
Top
p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: jessie -> stretch: Debian router fails specific connecti

#2 Post by p.H »

Do you use PPPoE too ?
Have you considered an "MTU black hole" issue ?
Top
reinhard.munz
Posts: 2
Joined: 2018-08-01 22:47

Re: jessie -> stretch: Debian router fails specific connecti

#3 Post by reinhard.munz »

Thanks p.H, exactly the hint I needed.

Turns out CLAMPMSS=No in the default shorewall.conf. I replaced the previous conf and missed to change that option. My bad. Thanks for the help.
Top
p.H
Global Moderator
Global Moderator
Posts: 3049
Joined: 2017-09-17 07:12
Has thanked: 5 times
Been thanked: 132 times

Re: jessie -> stretch: Debian router fails specific connecti

#4 Post by p.H »

Glad it helped. Be aware that MSS clamping is just a workaround which does not fix the real issue and works only with TCP connections. Other protocols such as UDP, ICMP, non-TCP based VPNs... are still affected.
Top
Post Reply

Return to “System and Network configuration”