TCP/TLS Dropped packets, I don't know where to look for the issue?
About a month ago my site to site VPN (only on one side) stop working but only for certain requests. I have two Ubiquity Edgemax routers setup with an IPSEC site to site. Site A works and can do all request from site B. Site B fails with the same requests, but not all. I did a wire shark session and see an error "TCP Previous segment not captured" . It is very consistent. For example when I do a request for the router GUI from site B to site A, it fails. When I do a request from site A to site B route GUI, it works fine. I am not an expert on the TCP and TLS protocols. The software has not changed in over 2 years, the only change to the network was earlier this spring I had my ISP fix my DSL line to site B. It worked great for 3 months. I can do stuff from site B to site A, for example I can get and hold a remote desktop session for hours with an issue. I just need some help in interrupting the wireshark runs and where to look for the issue? Is it possible to upload the .pcapng output?
Things like this don't just start to happen: what changed about a month ago?
They only thing that happened is my ISP had a 6 hour outage on a Saturday night. It was a couple of days later that I noticed the failures. I have already asked ISP about it and they watched my line and could find no issues, but I could never get level 2 to talk to me so I could ask more details. Not that I can see that it is their fault, the tunnels are connected...but why would only certain requests fail? I have reseated all the network connections, changed out my site B router and upgraded the s/w and it still consistently fails these 3 types of requests. Router Gui on port 443 Synology Diskstation GUI on port 5000 SVN on 3390
what works? RDP on 3389 Telnet on 22
Same on all my devices on site B...(Mac, 2 Windows 2, iPad, Synology Diskstation). I ...(more)
I don't think either that it's an ISP or line issue, because as you said most of the services like RDP are running fine. An line issue would harm all connections over that tunnel.
You said you can see periodically "Previous segment not captured" messages in your capture. Where did you captured the traffic? As a first overview a client-side capture of the problematic connetion would be great. You can upload it to a fileshare hoster of your choice.
@JasMan Don't be too quick to rule out the ISP. It could be that they rerouted traffic on a link with slightly smaller MTU. So I wonder exactly what traffic isn't (site-to-site?) and is (site-to-edge router?) affected.
@Jaap Yes, sure....never say never. But if only those three services are affecctes by the issue, and all others are working fine, it sounds more like an issue on the LAN-side for me. Because on the Internet, all packets between site A and B are encapsulated and encrypted due to IPsec. The ISP, router or whatever is not able to see the payload. So which mechanisme or mask should block always the same three services then? In my opinion all other connections from B to A would be affected of this issue too in this case.