TLS failure
Colin Law
clanlaw at gmail.com
Mon Oct 22 13:29:41 UTC 2018
On Sun, 21 Oct 2018 at 23:01, Colin Watson <cjwatson at ubuntu.com> wrote:
> ...
> Have you checked for MTU problems? This is the sort of weird problem
> that an incorrect MTU can cause.
Thanks to all for the various suggestions. I don't think it is an MTU
problem. I have now tried it setting the MTU to 1000 and it makes no
difference.
I have had a go with tcpdump and using sudo tcpdump host
vehicletax.service.gov.uk I see this. (I have inserted line feeds
between each transaction to make it a bit easier to read.
11:44:04.711668 IP tigger.33584 > 107.162.132.57.https: Flags [S], seq
1219288911, win 29200, options [mss 1460,sackOK,TS val 270762524 ecr
0,nop,wscale 7], length 0
11:44:04.725582 IP 107.162.132.57.https > tigger.33584: Flags [S.],
seq 2537281460, ack 1219288912, win 4356, options [mss
1460,sackOK,eol], length 0
11:44:04.725596 IP tigger.33584 > 107.162.132.57.https: Flags [.], ack
1, win 29200, length 0
11:44:04.725764 IP tigger.33584 > 107.162.132.57.https: Flags [P.],
seq 1:235, ack 1, win 29200, length 234
11:44:04.739037 IP 107.162.132.57.https > tigger.33584: Flags [.], ack
235, win 4590, length 0
At this point there is several seconds wait
11:44:08.738918 IP 107.162.132.57.https > tigger.33584: Flags [R.],
seq 1, ack 235, win 4590, length 0
11:44:08.739859 IP tigger.33590 > 107.162.132.57.https: Flags [S], seq
3421144022, win 29200, options [mss 1460,sackOK,TS val 270766552 ecr
0,nop,wscale 7], length 0
11:44:08.751098 IP 107.162.132.57.https > tigger.33590: Flags [S.],
seq 2514563206, ack 3421144023, win 4356, options [mss
1460,sackOK,eol], length 0
11:44:08.751163 IP tigger.33590 > 107.162.132.57.https: Flags [.], ack
1, win 29200, length 0
11:44:08.751774 IP tigger.33590 > 107.162.132.57.https: Flags [P.],
seq 1:235, ack 1, win 29200, length 234
11:44:08.762568 IP 107.162.132.57.https > tigger.33590: Flags [.], ack
235, win 4590, length 0
Then there is another wait and the last five lines are repeated. It
repeats this a few more times then fails.
When I connect through the VPN and repeat the exercise I see
11:35:24.829072 IP tigger.55710 > 107.162.132.57.https: Flags [S], seq
822655265, win 29200, options [mss 1460,sackOK,TS val 801822720 ecr
0,nop,wscale 7], length 0
11:35:24.862589 IP 107.162.132.57.https > tigger.55710: Flags [S.],
seq 2005228617, ack 822655266, win 4104, options [mss
1368,sackOK,eol], length 0
11:35:24.862608 IP tigger.55710 > 107.162.132.57.https: Flags [.], ack
1, win 29200, length 0
11:35:24.862784 IP tigger.55710 > 107.162.132.57.https: Flags [P.],
seq 1:235, ack 1, win 29200, length 234
11:35:24.888874 IP 107.162.132.57.https > tigger.55710: Flags [.], ack
235, win 4338, length 0
This time there is no delay at this point
11:35:24.890242 IP 107.162.132.57.https > tigger.55710: Flags [P.],
seq 1:103, ack 235, win 4338, length 102
11:35:24.890250 IP tigger.55710 > 107.162.132.57.https: Flags [.], ack
103, win 29200, length 0
and the communication continues.
I have run tcpdump in the router watching the internet port and it
shows the same packets.
With my limited knowledge it looks as if there is a packet missing
from the server back to me, but hopefully someone with more knowledge
will be able to throw some more light on this.
Colin
More information about the ubuntu-users
mailing list