secnet-0.6.0 connection stalling

[Ian Jackson]

Stephen Early writes ("Re: secnet-0.6.0 connection stalling"):
> I found the source of the problem.  It's not a secnet bug.  It was a 
> firewall configuration error.

Thanks for following up.

> Longer version: I was incorrect in my original email about the version 
> The firewalls at the three remote sites (but not the central site) did 
> not have UDP port 410 open for incoming traffic on IPv6.  Outgoing IPv6 
> traffic on port 410 would enable incoming traffic to be accepted for a 
> limited time.  It looks like version 0.4.0 did not try or prefer IPv6, 
> and 0.4.5 did.

I don't think there are any code changes between 0.4.0 and 0.4.5
relating to whether to use or prefer v6.  But maybe you were using a
previously-built 0.4.0 binary, rather than switching your source
version and rebuilding.  Then your symptoms would be consistent with
your 0.4.0 binary simply having been built without v6 support.  That
would happen if it was built against an older version of adns, for
example, which is quite plausible (0.4.0 is from February 2015).

>From memory, I think it's true that secnet in non-polypath mode
prefers v6.  With polypath there is something approximating a
happy-eyeballs (Happy-packetballs?) algorithm but you wouldn't be
using polypath amongst a set of static sites.

> Changing the firewall to permit incoming UDP on port 410 for IPv6 fixed 
> the problem, and version 0.6.0 is now running successfully at all the 
> sites.  Sorry for the false report!

Thanks.  I will try to fix your other problem, the make-secnet-sites
bug, ASAP.

Ian.