On 2017-04-20, Sjöholm Per-Olov <p...@incedo.org> wrote: > Could it be any buffers that is causing this in 6.1 but not in 6.0 ?
There were changes that would allow larger TCP buffers in 6.1. This would not have made a difference to normal or natted connections from non-OpenBSD going through PF to non-OpenBSD but could possibly affect some configurations with proxies (though only if PF rules were already dodgy - you would have active states in "pfctl -ss|grep -A1 tcp" without wscale values if this was the case). Might be worth bumping up the pf log level and seeing if system logs give you more clues. Default is "error", you need "notice" to get the ones which might give useful clues (loose state match warnings or state mismatch errors). (On a busy machine, be ready to back-off on the debug level in case it causes too much load).