fix, how to

The “Connection reset by peer” error occurs during a network connection when the other end or server closes the connection without reading the transferred data. The peer will return the data packet you sent while sending the RST (reset) bit and forcefully terminate the connection.

This issue usually happens if you are being blocked by the Firewall on any point in the route. But it can also happen due to other reasons. In this article, we mention different causes for the error along with how you can resolve it in each scenario.

Causes for Connection Reset By Peer

Here are some of the potential reasons for the “Connection reset by peer” error:

  • Access blocked by firewall or hosts file.
  • Your IP banned on the host server.
  • Server settings changed without restarting the daemons.
  • Low timeout period for connection.
  • Server busy with maximum connections.
  • Bugs in the program used to set up the connection.

How to Fix Connection Reset by Peer

First, make sure your system is not too busy. If you have high usage of CPU, memory or network, you’ll experience issues while setting up a new connection.

Also, try restarting the session and retry the attempt to make the connection. Then move on to the possible solution we have provided below.

Most of the steps we have mentioned are for a Debian based Linux server. If you have any other system, you can apply similar steps by searching on the internet for the exact process. Some commands also vary between the different Linux systems. So look out for those as well.

Check Logs

First, you need to check the logs or error messages to narrow down the reason for the error.

If you have access to the server, you can check the server-side logs as well.

For example, if you are experiencing this issue while setting up an ssh connection, you need to check the /var/log/auth.log file. To do so,

  1. Open the Terminal.
  2. Enter tail -f /var/log/auth.log.

It shows the logging information sent by the SSH daemon during the authentication attempts of your remote system.

Check Internet Connectivity and Routing

The next thing you should do is check for internet connectivity issues. You can check if the public or private server has gone down using IP lookup or similar websites.

You can also use use traceroute or tracert to trace the route between the two endpoints and check which access point is resetting your connection. The syntax is:

  • On Linux: traceroute [domain/IP]
  • On Windows: tracert [domain/IP]
    fix, how to

If the public server or access points are down, you need to wait until they are up again. For issues with the private server, you can contact the system admin or restart it if you have access.

Check for IP Ban

One major reason for this issue while connecting to public servers is your IP being blacklisted by major security service providers. Most public servers ban IP addresses while conforming to these server’s database.

To check whether your IP address is blacklisted,

  1. Open the MX Toolbox Supertool webpage.
  2. Set the yellow drop down box to Blacklist Check.
  3. Enter your IP address on the text box and click Blacklist Check. If you don’t know you IP address, search for “What is my IP” on Google.
    fix, how to

If your IP is blacklisted on multiple security networks, or important ones like BARRACUDA, BLOCKLIST.DE, Nordspam BL, etc., most servers or security filters will also ban you.

The only thing you can do is talk your ISP and have them contact the server admin to remove the ban.

You can also try changing your IP address using VPN to bypass this issue.

Check Firewall and Network Security Filters

The “Connection reset by peer” error occurs mostly due to Firewalls blocking access to the server.

If you have access to the private server you are trying to connect to, you can check if the firewall is actually blocking access to your IP. To do so on Linux,

  1. Open the Terminal
  2. Enter sudo iptables -L – line-number
    fix, how to
  3. Check for authentication attempts of your IP address and check if the target accepts or rejects the connection.

You can also check other security filters available on the server. The steps may vary between the respective programs, so check the official website or documentation for the methods.

Then, you need to whitelist your IP address on intrusion prevention apps like Fail2ban, DenyHosts, and so on, to make exceptions to the Firewall rules. The necessary steps to do so on Fail2ban is as follows:

  1. Open the Terminal and enter sudo nano /etc/fail2ban/jail.conf
  2. Remove the # symbol in front of ignoreip = and add the IP addresses you want on the line.
  3. For instance, the line can be ignoreip = 10.10.10.8
  4. Save and exit.

Warning: Practices such as disabling Firewall or making exception for all IPs on the firewall is not recommended. Firewalls and security filters exist to protect your system. So rather than compromising the security, it’s better to search for a workaround.

Restart Services and Daemons

If you encounter this issue on a private network, it is possible that the server admin has changed the rules for the connection without restarting the daemon services. This causes the service daemons to get stuck as it is still want to conform to the previous settings.

  1. Contact the server administrator and ask them to restart the service and the daemons in such scenario.
  2. If you have access to the server, you can do it yourself. First, verify that the services and the daemons are running using systemctl command.
  3. Restart the relevant daemons. The command you need for this process in a debian-based system is
    sudo systemctl restart “daemon name”

For instance, if you are setting up a FTP connection using samba share, you need to use the command sudo systemctl restart smbd. Since SSH service is available on almost all distros of linux, you don’t have to install any service package for it. So, for SSH connection, the command is sudo systemctl restart ssh.

And if you are using any other hosting services to set up the connection, you need to restart their daemons as well.

Edit Hosts File

Hosts files allow you to permit or deny access to particular IP addresses or hostnames. If you have access to the server, you should also check these files and make sure your IP address can establish a connection to the server.

To do so for a Debian System,

  1. Open the Terminal and enter sudo nano /etc/hosts.deny
    fix, how to
  2. Search for your local IP or host name on the file.
  3. If it’s there, comment it out by typing # before the line. You can also remove the line altogether.

You can also add your IP address on the hosts.allow file to force the connection. The process is similar to the above.

  1. Open the Terminal and enter sudo nano /etc/hosts.allow.
  2. Enter your IP address using the syntax is daemon_list : client_list [: command]
  3. Save and exit.

The daemon for FTP is usually vsftpd and for ssh, scp, and sftp is sshd. So, to allow ssh connection with local address, 10.10.10.8, you need to add sshd : 10.10.10.8 , LOCAL

It is also possible to edit the hosts file on Windows based server. You can refer to out article on editing hosts file on Windows for more to learn the necessary process.

Increase Timeout or Send Keepalive Packets

Many networking tools drop idle TCP and FTP connections after a certain period of inactivity.

There are two ways to prevent this issue:

  • Increase the timeout period.
  • Send periodic heartbeat data.

The first option is not a good solution. Keeping the timeout long can affect the server’s connections to other networks as they have to wait longer before attempting to set up a connection. You also need to increase the timeout on both ends, which is not always possible.

So, the better solution is to send regular heartbeat or keepalive packets. This prevents the connection from being idle and keeps the session alive for longer period.

Some connections allow sending keepalive packets but you have to enable this process for others. Here’s how you can enable the process of sending such packets:

On Linux

  1. Open the Terminal and enter sudo nano /etc/sysctl.conf
  2. Add the following lines while changing the values (in seconds) per your preference:
    • net.ipv4.tcp_keepalive_time = 300
    • net.ipv4.tcp_keepalive_probes = 9
    • net.ipv4.tcp_keepalive_intvl = 10
      fix, how to
  3. Save and exit.
  4. Enter the command sysctl – load=/etc/sysctl.conf

The above lines specify that the system waits for 300 seconds before sending the first keepalive packet. Then, it keeps sending the packet every 10 seconds. If it doesn’t receive ACK (acknowledgement) signal for 9 successive times, the connection is dropped.

Increasing the Keepalive period for SSH connections might compromise security as it remains open for a longer time. This connection is supposed to be very secure, so it’s not recommended to make any changes to the keepalive settings for ssh.

On Windows

  1. Open Run and enter regedit.
  2. Navigate to ComputerHKEY_LOCAL_MACHINESystemCurrentControlSetServicesTcpipParameters
    fix, how to
  3. Right-click on Parameters
  4. Add the following DWORD entries along with the respective values (in milliseconds) as you see fit:
    • KeepAliveTime – 300000 (in Decimal)
    • KeepAliveInterval – 1000
  5. To add an entry, right-click on Parameter, select New > DWORD (32-bit) Value and enter the name.
  6. Then, double-click on the entry to change its Value data.

Note: You must also enable TCP keepalive packets in your TCP/FTP client.

Check sshd_config File

The sshd_config file configures all settings an SSH (Secure Shell) connection uses. So, if possible, you need to check this file on the server and make sure everything is alright.

  1. Open the file using the command sudo nano /etc/ssh/sshd_config .
    fix, how to
  2. Look at the options we have provided below and change accordingly. You may also change other options depending on your connection. We recommend checking out the sshd_config documentation for more information.
  3. After changing these values, save and exit.
  4. Restart sshd using the command sudo systemctl restart ssh

Some of the options are:

MaxStartups

The MaxStartups value determines the maximum number of possible unauthenticated connections to the SSH daemon before the connections start dropping.

It has the format MaxStartups 10:30:100, where,

  • 10: Number of unauthenticated connections the dropping starts
  • 30: Probability of dropping after reaching the maximum unauthenticated number
  • 100: Maximum number of connections possible before dropping all of them

If your remote client needs to make more number of connections concurrently, you need to change these values.

Subsystem sftp

On a secure FTP connection using openssh package, the default value of Subsystem sftp is set to /usr/lib/openssh/sftp-server. However, sometimes, the openssh binary is available at /usr/lib/ssh/sftp-server instead. So you can alter this value and check if it works. If it doesn’t, revert it to the previous path.

ClientAlive

ClientAlive is a more secure keepalive setting. You can change the ClientAliveInterval and ClientAliveCountMax values in sshd_config to enable this setting.

ClientAliveInterval determines the interval of inactivity after which sshd sends an encrypted message to the client. And ClientAliveCountMax determines the max number of times sshd sends this message before dropping the connection if it doesn’t get any response.

Check Support for SSL

If the host server has enabled SSL (Secure Sockets Layer) but you haven’t enabled this service on your end, you can’t establish a connection.

So, you need to check the support for SSL on your TCP or any other network client and enable it. If it doesn’t support SSL, you need to use another client.

You also need to check your certificates and make sure you don’t have any malformed keys or certificates.

Change Open Connection Limit

Establishing a network connection also creates a socket, which is the logical window the client uses to communicate with the server. However, a server has a limit on how many sockets it can open at the same time.

If the server has already reached this limit, any new connection causes the server to drop the idle old connections. You can refresh or restart the session to renew the session. However, you can also increase the limit on the server side to facilitate more open connections.

If you want to change the limit for only the current session, you can use the command ulimit -n 65535, while replacing the number depending on your requirement.

To change it permanently,

  1. Open the Terminal and enter sudo nano /etc/security/limits.conf
  2. Add the following lines while changing the value of the limit if you want:
    • * soft nofile 65535
    • * hard nofile 65535
      fix, how to
  3. Save and exit. Then, restart the daemons and the session.

For Debian and Ubuntu systems, you need to enable PAM user limits as well. To do so,

  1. Enter sudo nano /etc/pam.d/common-session
  2. Add required pam_limits.so
  3. Add this command on /etc/pam.d/common-session-noninteractive as well.
  4. If you are using a SSH connection, add the line to /etc/pam.d/sshd

Debug Your Scripts and Configurations

Many users have encountered this issue while creating their own connection applications. In such scenario, any bugs in the scripts or configuration that unnecessarily close the connection or don’t conform the connection with the protocol will cause this error.

So, we recommend carefully looking through the program. Some protocols have quit or close commands that makes the host server close the connection.

You also need to close all forked child processes before exiting to prevent zombie processes. The zombie processes stay in the process table even after terminating the child. If there are too many zombie processes, the process table gets full. This way, the system fails to create new processes, disrupting the connection.

If you have trouble debugging your program, we recommend getting help from technical forums such as stackoverflow while providing the source code.

TECH NEWS RELATED

How to Undervolt Your CPU With Throttlestop in Windows

The more strenuous the tasks you carry out on your PC, the more your CPU (processor) will heat up and the more vital it is to reduce CPU temperature. This becomes particularly noticeable during gaming or heavyweight video-editing, but your CPU may be prone to overheating anyway if it’s ...

View more: How to Undervolt Your CPU With Throttlestop in Windows

Dragon Ball FighterZ Getting PS5, Xbox Series X|S Versions, & Rollback Netcode

During the celebrations for EVO 2022 Bandai Namco revealed news about its popular fighting game Dragon Ball FighterZ. The game is coming to PS5 and Xbox Series X|S, with a release date not yet announced. Upgrade will also be offered for free to those who have the PS4 and ...

View more: Dragon Ball FighterZ Getting PS5, Xbox Series X|S Versions, & Rollback Netcode

How to Access Your Linux (WSL) Files in Windows 10

Windows 10’s May 2019 Update introduced an easy, safe, and officially supported way to access and work with your Linux files from within File Explorer and other applications. Here’s how to get at your Windows Subsystem for Linux (WSL) files. Unlike previous methods, this is a safe way to ...

View more: How to Access Your Linux (WSL) Files in Windows 10

Samsung Galaxy Z Fold4 and Z Flip4 spotted in live images

Both Samsung Galaxy Z Flip4 and Z Fold4 are coming this week on August 10 at the Galaxy Unpacked 2022 launch event. Apparently, live images of both the foldable devices have appeared on the web showcasing a mesmerizing blue color shade that will debut with the two foldable devices ...

View more: Samsung Galaxy Z Fold4 and Z Flip4 spotted in live images

How to Manage Google Meet Invites From Google Calendar

Koshiro K/Shutterstock.com When you schedule a Google Meet through Google Calendar, you can manage your invitees right from the Meet interface. See who you invited, their RSVP status, notes, and if you made them optional. You can also open a Google Chat from Meet for those attendees who haven’t ...

View more: How to Manage Google Meet Invites From Google Calendar

Samsung’s Galaxy Z Fold 4 Won’t Have an S Pen Slot

Samsung via Equal Leaks Rumors suggested that the Galaxy Z Fold 4 could feature a dedicated S Pen slot, much like the Galaxy S22 Ultra or older Galaxy Note devices. But an accidental Amazon listing proves that the phone cannot hold an S Pen without an add-on case. The Amazon ...

View more: Samsung’s Galaxy Z Fold 4 Won’t Have an S Pen Slot

How to Enable Full Screen Caller ID in Truecaller

Even though you have plenty of apps for caller identification, the Truecaller is the most popular and offers many features. The caller identification app is available for both Android & iOS, and it keeps getting new features now and then. TrueCaller recognizes the calls and provides you options to ...

View more: How to Enable Full Screen Caller ID in Truecaller

Disco Elysium keeps crashing or freezing on PC

In the genre of role-playing video games, Disco Elysium has amassed a sizable fan base. However, some players experience compatibility problems and are unable to play the game. We have discussed potential solutions to the problem in this post. This post is for you if Disco Elysium keeps crashing or ...

View more: Disco Elysium keeps crashing or freezing on PC

How to Reset Illustrator Preferences on Windows PC

How to Turn Off Focused Inbox in Microsoft Outlook

How to Disable App Diagnostics in Windows 11

Melty Blood: Type Lumina Reveals Extensive Upcoming Updates at EVO 2022

How to send a Calendar Event as an attachment in Outlook

Granblue Fantasy Relink Is “At the Peak of Development;” New Glimpse of Gameplay Revealed

How to Restart a Computer

Spotify Finally Fixes Its Stupid Play Button

How to sell ammo in Fallout 76

Error 1053: The service did not respond to the start or control request in a timely fashion

How to solve the Relay Stone puzzle in Pudding Isle in Genshin Impact – Summertime Odyssey event

AMD upgrades the Ryzen Embedded series with Zen 3 and a 10-core model

OTHER TECH NEWS

Top Car News Car News