On 2016-02-12 14:07, Kristof Provost wrote: >> On 12 Feb 2016, at 15:33, Larry Rosenman <ler_at_lerctr.org> wrote: >> >> On 2016-02-12 08:31, Kristof Provost wrote: >>>> On 12 Feb 2016, at 15:29, Larry Rosenman <ler_at_lerctr.org> wrote: >>>> On 2016-02-12 08:13, Larry Rosenman wrote: >>>>> sysctl net.inet.tcp.rfc1323=0 >>>>> makes it work >>>> Shouldn't the stack do the right thing here? For the record, the >>>> other side >>>> is also FreeBSD (10.2-STABLE). >>> Yes, but it’s possible that there’s a problem with the pf scrubbing >>> of >>> the window scaling or timestamp options. >>> I have a vague recollection of having looked at that in the past. >>> Bug 172648 also claims there is/was an issue with checksums in that >>> case, but I’ve never been able to reproduce it. >>> Regards, >>> Kristof >> Ok. Since I can reproduce this at will, and the 2 firewalls are >> pfSense, how can I help? > > I’ll still need to reproduce it locally to fix it, but it might be > interesting to know if the packet is dropped by the router, or sent > out again with an incorrect checksum. > Can you take a capture on the WAN interface and see if the TCP SYN > makes it out (if it does, I’d expect the checksum to be wrong) or not? > > Regards, > Kristof Will do tonight. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 214-642-9640 E-Mail: ler_at_lerctr.org US Mail: 7011 W Parmer Ln, Apt 1115, Austin, TX 78729-6961Received on Fri Feb 12 2016 - 19:22:20 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:02 UTC