Page MenuHomeDevCentral
Create Task
Maniphest T1735

Investigate why IPv6 connections fail to Dwellers port 443
Closed, ResolvedPublic
Actions

Description

A strange issue on Dwellers with HE tunnel: connections to port 22, 80, or an arbitrary one work, but not to port 443.

We tried:

  • new port on nginx: works
  • explictly allows port 41: sill the same issue (well, if it works for other ports ...)
  • reset iptables rules: still the same issue
  • watch netstat for incoming connections: never appear
  • try tunnel routing IP / routed IP: same issue

As a temporary solution, I've removed the following AAAA records to the canonical IPv6 of Dwellers:

AAAA records
lists.
app2.
dwellers.
social.
www3.

bugzilla.espace-win.org.

Could be worthwhile to ask HE for assistance.

Event Timeline

dereckson created this task.May 27 2022, 14:59
dereckson updated the task description. (Show Details)May 27 2022, 15:12
dereckson moved this task from Backlog to Servers on the IPv6 board.Oct 13 2024, 12:04
dereckson closed this task as Resolved.Mon, Mar 23, 00:08
dereckson claimed this task.

Checked today, it works fine:

WindRiver
$ nc -6 -zv dwellers.nasqueron.org 443
Connection to dwellers.nasqueron.org 443 port [tcp/https] succeeded!

$ openssl s_client -6 -connect dwellers.nasqueron.org:443
Connecting to 2001:470:1f13:30b:ca5:cade:fab:1e
CONNECTED(00000003)
depth=2 C=US, O=Internet Security Research Group, CN=ISRG Root X1
verify return:1
depth=1 C=US, O=Let's Encrypt, CN=E8
verify return:1
depth=0 CN=dwellers.nasqueron.org
verify return:1
---
Certificate chain
 0 s:CN=dwellers.nasqueron.org
   i:C=US, O=Let's Encrypt, CN=E8
   a:PKEY: EC, (prime256v1); sigalg: ecdsa-with-SHA384
   v:NotBefore: Feb 12 13:42:17 2026 GMT; NotAfter: May 13 13:42:16 2026 GMT
 1 s:C=US, O=Let's Encrypt, CN=E8
   i:C=US, O=Internet Security Research Group, CN=ISRG Root X1
   a:PKEY: EC, (secp384r1); sigalg: sha256WithRSAEncryption
   v:NotBefore: Mar 13 00:00:00 2024 GMT; NotAfter: Mar 12 23:59:59 2027 GMT
---
[...]

GET /
<!doctype html>                                                                                                                                                                                                                                
<html class="no-js" lang="en">         
  <head>                                                                                                               
    <meta charset="utf-8" /> 
[...]
Nasqueron DevCentral · If it had been much bigger the moon would have had a core of ice. · Powered by Phabricator