From owner-freebsd-net@freebsd.org  Wed Dec 18 11:47:32 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 939791DC80E
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Wed, 18 Dec 2019 11:47:32 +0000 (UTC)
 (envelope-from Axel.Rau@Chaos1.DE)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 47dCtD2B50z4VHc
 for <freebsd-net@freebsd.org>; Wed, 18 Dec 2019 11:47:32 +0000 (UTC)
 (envelope-from Axel.Rau@Chaos1.DE)
Received: by mailman.nyi.freebsd.org (Postfix)
 id 4AD411DC80D; Wed, 18 Dec 2019 11:47:32 +0000 (UTC)
Delivered-To: net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4A9641DC80C
 for <net@mailman.nyi.freebsd.org>; Wed, 18 Dec 2019 11:47:32 +0000 (UTC)
 (envelope-from Axel.Rau@Chaos1.DE)
Received: from mailout4.lrau.net (mailout4.lrau.net [IPv6:2a05:bec0:26:2::73])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (2048 bits) client-digest SHA256)
 (Client CN "mailout4.lrau.net",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 47dCtC1XLnz4VHb
 for <net@FreeBSD.ORG>; Wed, 18 Dec 2019 11:47:30 +0000 (UTC)
 (envelope-from Axel.Rau@Chaos1.DE)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=chaos1.de; 
 s=email1;
 h=Message-Id:In-Reply-To:To:References:Date:Subject:Mime-Version:
 Content-Type:From:Sender:Reply-To:Cc:Content-Transfer-Encoding:Content-ID:
 Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
 :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
 List-Post:List-Owner:List-Archive;
 bh=Mk1O4TV7L3TtNnL3cElTHjLKvBo9hX9cSQ6bA504orU=; b=V7qWlB/2LyzBgU9VdhUf7qN94I
 ajv09GTzDPW7irilRZeu1fCb3t9EGz3PwrNuXRjxUILjUBztTCn1ZhgqDMOHYLHDAmti5ycgyzOHw
 1cEAwk34CZeYOm/IDkYBvvx8Lbg3AKaf0l9rzpa9n/jfy1HUDEOg5wJtOA4obD+y3c60hdJrMhqtA
 GzgGcia5QzEiK/cLVE+3LaKpuVNm8jnJ8LDsSQ15DT81aQASJ0QWQRMBu1qGhH43kD8cYMCdhTLSk
 4Is9nmh+o+we3NNxiM87x9A70oW/2L45xsemIyeym8eY1MzqLdbeZ3NfRG5eNXAziLPqFjSQFgFmA
 px053Cng==;
Received: from [91.216.35.74] (helo=imap.lrau.net)
 by mailout4.lrau.net with esmtp (Exim 4.92.3 (FreeBSD))
 (envelope-from <Axel.Rau@Chaos1.DE>) id 1ihXnW-000Apy-E0
 for net@FreeBSD.ORG; Wed, 18 Dec 2019 11:47:22 +0000
Received: from Axel.Rau@Chaos1.DE by imap.lrau.net (Archiveopteryx
 3.2.0) with esmtpsa id 1576669641-15822-15815/7/23; Wed, 18 Dec 2019
 11:47:21 +0000
From: Axel Rau <Axel.Rau@chaos1.de>
Content-Type: multipart/signed; protocol="application/pgp-signature";
 boundary="Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED";
 micalg=pgp-sha256
Mime-Version: 1.0
Subject: [RESOLVED]  --was: Re: TCP 3-way-handshake fails
Date: Wed, 18 Dec 2019 12:47:14 +0100
References: <12A16AC0-651B-4CAC-814A-FD5A8FF68D2F@Chaos1.DE>
To: net@FreeBSD.ORG
In-Reply-To: <12A16AC0-651B-4CAC-814A-FD5A8FF68D2F@Chaos1.DE>
Message-Id: <6BBBA26D-10CD-41AE-806E-818FC8E884DE@Chaos1.DE>
X-Mailer: Apple Mail (2.3445.104.11)
X-Rspamd-Queue-Id: 47dCtC1XLnz4VHb
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=chaos1.de header.s=email1 header.b=V7qWlB/2;
 dmarc=none;
 spf=none (mx1.freebsd.org: domain of Axel.Rau@Chaos1.DE has no SPF policy when
 checking 2a05:bec0:26:2::73) smtp.mailfrom=Axel.Rau@Chaos1.DE
X-Spamd-Result: default: False [-6.03 / 15.00]; ARC_NA(0.00)[];
 RCVD_VIA_SMTP_AUTH(0.00)[];
 R_DKIM_ALLOW(-0.20)[chaos1.de:s=email1];
 NEURAL_HAM_LONG(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; MV_CASE(0.50)[];
 HAS_ATTACHMENT(0.00)[];
 MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain];
 TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1];
 DWL_DNSWL_LOW(-1.00)[chaos1.de.dwl.dnswl.org : 127.0.3.1];
 RCVD_COUNT_THREE(0.00)[3]; DMARC_NA(0.00)[chaos1.de];
 DKIM_TRACE(0.00)[chaos1.de:+];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; R_SPF_NA(0.00)[];
 SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; RCVD_TLS_LAST(0.00)[];
 ASN(0.00)[asn:197071, ipnet:2a05:bec0::/29, country:DE];
 MID_RHS_MATCH_FROM(0.00)[];
 IP_SCORE(-1.13)[ipnet: 2a05:bec0::/29(-3.77), asn: 197071(-1.87),
 country: DE(-0.02)]
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 18 Dec 2019 11:47:32 -0000



--Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8

After router startup, its routingtable shows entries like this:

2a05:bec0:26:2::70                 0c:c4:7a:ce:9e:90       UHLc
2a05:bec0:26:2::71                 link#1                  UHLc

The 2nd one is an alias address for the 1st one (a jail).

After ping6 from the router to this 2nd address, it looks as expected:

fw1# ping6 2a05:bec0:26:2::71
2a05:bec0:26:2::70                 0c:c4:7a:ce:9e:90       UHLc
2a05:bec0:26:2::71                 0c:c4:7a:ce:9e:90       UHLc

The reason for this misbehaviour was that I disabled auto linklocal
(-auto_linklocal in rc.conf).

Axel

> Am 10.12.2019 um 11:40 schrieb Axel Rau <Axel.Rau@chaos1.de>:
>=20
> Hi all
>=20
> I have a fancy behaviour on a FreeBSD 12.1 box, with
> some servers (e.g. rsyslogd, nginx) which happens with
> some clients, with others not (both are in the same sub-
> nets). Everything is dualstack. Disabling IPv6, stops
> the problem.
> The traffic is routed via 2 firewalls OpenBSD 6.6)
> and a VPN.
>=20
> I attach 2 textfiles (tcpdump) with an extracted flow:
>=20
> gw1, the OpenBSD side
> db3: the FreeBSD side
>=20
> I also include an example, where the problem
> does not happen: db3,ok.txt
>=20
> Which details needs to be collected to insulate
> the problem?
>=20
> Any help is very welcome,
> Axel
>=20
> <gw1.32404.txt><db3.32404.txt><db3.ok.txt>
> ---
> PGP-Key: CDE74120  =E2=98=80  computing @ chaos claudius
>=20

---
PGP-Key: CDE74120  =E2=98=80  computing @ chaos claudius


--Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.2
Comment: GPGTools - http://gpgtools.org

iQIzBAEBCAAdFiEEl5evOTfnjZdhkBzKaPxTRM3nQSAFAl36EcIACgkQaPxTRM3n
QSDlBw//S+PTrp4cHlzmCUv7Ov4EgiudUhZA43K14g7+EIeuZo21SNkzOwdMjCGG
x5ueTwDRRgMaVRGQeckLKVHfiFiwj0vmjH5QPpZUgk7SGXShssXUGkVs+s0P6OZQ
MLbdzfAi6KxocALaJ5mo2+r9QZK7h6ISqnIkwFpKqruTdERuhP5j4Q1oI28OYv22
Le0LQn1NLfh8Fu+fMPKGOygCxNi+4ogkEcvq7aX/41Zk4rKqEMxrusQr/F3l8Dds
bZ4sdnXTiuHPAZtYSGAEQ4IPvCF110LmT93Ib74xkZC9G7AUxUnyFbSr8WA+Lvr/
KNJGL0zwxoSvbq8Pj2JxLPFan44W22WnTQzNXeHecSlssvIiubsih7OwPh1SrZwB
IBfC355C18Fp6KeQxqxG5bNPgPAPNjvto6181AIju0Pj8gC4/xxIQ/Yg9+JKr6eL
/ov75AaLsWj/g+glI/o3+nvSxChOvAS7kmdJZSJd+pzCwAl4gDaLHf9uaEMSH5rP
CYePPFMTdHVbTW7yTvLWbscV6FzhkpVDuR/dS77vIAh7VAWwRziDpbpRVwqTyBYT
XPwgbHm+IMJa3qybCw10H/y4H+5TkaBmt+HU2VakiejMTNduAQAx7ewGxJGQIofL
KyJmmMV+N+tfV/JXcRdk0P9yPjrhijsNlMcYjodcvKie6XUis18=
=wm9U
-----END PGP SIGNATURE-----

--Apple-Mail=_4508E5B3-4F4C-4B7F-AB92-AEB5C38F15ED--