No response to some SYN packets when timestamps are enabled

timestamp tcp syn

Solution 1:

In my case the following command fixed the problem with missing SYN/ACK replies from Linux server:

sysctl -w net.ipv4.tcp_tw_recycle=0

I think it is more correct than disabling TCP timestamps, as TCP timestamps are useful after all (PAWS, window scaling, etc).

The documentation on the tcp_tw_recycle explicitly states that it is not recommended to enable it, as many NAT routers preserve timestamps and thus PAWS kicks in, as timestamps from the same IP are not consistent.

   tcp_tw_recycle (Boolean; default: disabled; since Linux 2.4)
          Enable fast recycling of TIME_WAIT sockets.  Enabling this
          option is not recommended for devices communicating with the
          general Internet or using NAT (Network Address Translation).
          Since some NAT gateways pass through IP timestamp values, one
          IP can appear to have non-increasing timestamps.  See RFC 1323
          (PAWS), RFC 6191.

Related

TCP packet being retransmitted 7 times when sysctl tcp_retries1 is set to 3 - why?
Passing free-form commands to Ansible using complex-args form
How do we instruct our employees to protect themselves from Heartbleed? [duplicate]
Create a link to the Unix socket [duplicate]
keytab auth against samba 4 DC: Client not found in Kerberos database while getting initial credentials
Authentication via RADIUS : MSCHAPv2 Error 691
grubby fatal error: unable to find a suitable template
Postfix: selecting relay host based on From: mail header rather than envelope sender
NetworkService account access to a shared folder (WinSrv 2012R2)
Force automatic restart even with users logged in after installation of updates on Windows 8.1 Professional
Windows Server 2012 – Full support for case sensitive file and directory names?
How can I use openssl to get results from HTTP GET requests?