Hi,
running the ubports installer on saturday I had stochastic download errors ("ECONNRESET") that made it impossible to finish installation, until I disabled my IPv6 internet support alltogether.
Right now I can reproduce the problem, a significant percentage of SSL connection attempts die after the TLS client hello due to the server sending a RST packet.
https_proxy= wget https://system-image.ubports.com//20.04/arm64/android9plus/stable/mimameid/version-1.tar.xz.asc
--2023-07-11 09:31:51-- https://system-image.ubports.com//20.04/arm64/android9plus/stable/mimameid/version-1.tar.xz.asc
Resolving system-image.ubports.com (system-image.ubports.com)... 2606:4700:3030::6815:61, 2606:4700:3033::ac43:96d2, 172.67.150.210, ...
Connecting to system-image.ubports.com (system-image.ubports.com)|2606:4700:3030::6815:61|:443... connected.
GnuTLS: Error in the pull function.
Unable to establish SSL connection.
This is the corresponding tcpdump:
$ tcpdump -r brokenip6-2.dump
reading from file brokenip6-2.dump, link-type LINUX_SLL (Linux cooked v1), snapshot length 262144
09:31:51.904786 IP6 mosquito-public-ip.40400 > 2606:4700:3030::6815:61.https: Flags [S], seq 1137994465, win 64440, options [mss 1432,sackOK,TS val 1525877974 ecr 0,nop,wscale 7], length 0
09:31:51.924352 IP6 2606:4700:3030::6815:61.https > mosquito-public-ip.40400: Flags [S.], seq 346910756, ack 1137994466, win 64704, options [mss 1360,sackOK,TS val 1056910065 ecr 1525877974,nop,wscale 13], length 0
09:31:51.924464 IP6 mosquito-public-ip.40400 > 2606:4700:3030::6815:61.https: Flags [.], ack 1, win 504, options [nop,nop,TS val 1525877994 ecr 1056910065], length 0
09:31:51.925039 IP6 mosquito-public-ip.40400 > 2606:4700:3030::6815:61.https: Flags [P.], seq 1:518, ack 1, win 504, options [nop,nop,TS val 1525877995 ecr 1056910065], length 517
09:31:51.945671 IP6 2606:4700:3030::6815:61.https > mosquito-public-ip.40400: Flags [R], seq 346910757, win 0, length 0
This is running on a Devuan-Linux server connected via DSL directly on a PPPoE modem. So no middle-boxes (NAT etc.) involved (not that I'd expect any NAT to happen on IPv6).
Though this could still be my internet provider doing shenanigans.
Can you collect packet captures on your side, so we can compare where those RST packets are injected?
Note also, that forums.ubports.com is currently broken when running via a IPv6 connection. Maybe your browser's Happy Eyeballs implementation hides the problem from you, but with a HTTPS proxy currently any connection attempts time out for me.
cheers,
Dave