Fórum Root.cz
Hlavní témata => Sítě => Téma založeno: waclaw 02. 07. 2024, 07:50:02
-
Ahoj,
chtel bych se zeptat, zda vam jde portal stavebnika
https://portal.stavebnisprava.gov.cz/
pres vpsFree IPV6 tunel?
Vcera jeste sel gov.cz i obcan.portal.gov.cz pres IPv6, ale dnes jiz resolver vraci jen IPv4. U portalu stavebnika jeste vraci IPv6, ale pripojit se od zacatku nejde (timeout).
Diky.
-
Mam jen vpsFree virtual a z nej se na Portal stavebnika po IPv6 dostanu. Jak vypada mtr? A jak curl -v ...?
-
Tady to je, ale moc z toho chytrej nejsem...
$ curl -v -6 https://portal.stavebnisprava.gov.cz/
* Host portal.stavebnisprava.gov.cz:443 was resolved.
* IPv6: 2620:1ec:bdf::45
* IPv4: (none)
* Trying [2620:1ec:bdf::45]:443...
* Connected to portal.stavebnisprava.gov.cz (2620:1ec:bdf::45) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* Recv failure: Spojení zrušeno druhou stranou
* OpenSSL SSL_connect: Spojení zrušeno druhou stranou in connection to portal.stavebnisprava.gov.cz:443
* Closing connection
curl: (35) Recv failure: Spojení zrušeno druhou stranou
waclaw (2a03:3b40:xxx:0:xxxx:xxxx:xxxx:xxxx) -> portal.stavebnisprava.gov.cz (2620:1ec:bdf::60) 2024-07-02T14:19:48+0200
Keys: Help Display mode Restart statistics Order of fields quit
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 2a03:3b40:xxx::1 0.0% 105 0.2 0.2 0.1 0.3 0.0
2. 2a03:3b40:xxx::1 0.0% 105 4.8 5.5 4.2 31.3 2.9
3. 2a03:3b40:42:1:9::2 0.0% 105 5.3 7.0 4.9 30.2 3.0
4. 2a03:3b40:42:1:9::1 0.0% 104 5.3 6.7 4.2 75.2 7.9
5. vl129.sl527s.r1-8.dc1.4d.prg.masterinter.net 0.0% 104 7.8 7.4 4.5 44.2 5.6
6. vl1692.ss500.r1-8.dc1.4d.prg.masterinter.net 0.0% 104 6.0 6.8 4.5 24.0 3.0
7. 2a01:430:ff:1333:1::2 0.0% 104 4.9 6.4 4.2 87.5 8.2
8. 2a01:430:ff:1380:1::3 0.0% 104 8.8 6.6 4.3 38.3 4.6
9. prag-b4-link.ip.twelve99.net 88.3% 104 5.9 5.6 5.1 6.4 0.4
10. ffm-bb2-v6.ip.twelve99.net 50.5% 104 15.2 13.8 11.2 30.4 3.7
11. (waiting for reply)
12. microsoftirelandoperationslimited-svc077193-ic366587.ip.twelve99-cust.net 0.0% 104 14.7 21.9 14.1 87.8 15.6
13. 2a01:111:0:133::3de 0.0% 104 15.7 15.6 13.7 35.5 2.5
14. 2a01:111:223:11a::5e 0.0% 104 15.4 15.8 13.5 32.2 2.9
15. (waiting for reply)
16. 2a01:111:2056:11a::1 0.0% 104 17.6 16.1 13.9 79.9 6.6
2620:1ec:bdf::60
17. (waiting for reply)
18. 2a01:111:2056:11a::1 0.0% 102 15.0 17.1 13.9 74.7 6.6
19. 2a01:111:2056:11a::1 0.0% 102 14.5 17.5 14.2 70.6 7.2
20. 2a01:111:2056:11a::1 0.0% 102 14.4 17.0 14.2 68.1 6.4
21. 2a01:111:2056:11a::1 0.0% 102 21.8 16.7 14.0 36.4 3.6
22. 2a01:111:2056:11a::1 0.0% 102 15.9 16.6 14.0 61.1 5.2
2620:1ec:bdf::60
23. 2a01:111:2056:11a::1 0.0% 101 14.7 16.9 14.1 79.9 7.6
2620:1ec:bdf::60
24. 2a01:111:2056:11a::1 0.0% 99 14.9 16.5 14.1 46.4 4.1
25. 2a01:111:2056:11a::1 0.0% 98 14.7 16.3 14.1 28.2 2.6
2620:1ec:bdf::60
26. 2a01:111:2056:11a::1 0.0% 96 14.9 17.3 14.0 78.7 8.5
27. 2a01:111:2056:11a::1 0.0% 94 15.7 16.6 14.0 54.2 4.5
2620:1ec:bdf::60
28. 2a01:111:2056:11a::1 0.0% 93 18.0 17.0 14.0 70.9 6.8
2620:1ec:bdf::60
29. 2a01:111:2056:11a::1 0.0% 91 15.2 16.8 14.1 37.3 4.3
30. 2a01:111:2056:11a::1 0.0% 90 21.7 16.1 14.2 26.0 2.4
2620:1ec:bdf::60
-
To vypada na problem s detekci MTU. Na jakem zarizeni je ukonceny ten vpsfree tunel a co je to za transport (openvpn nebo wireguard)?
Pokud je na routeru curl, jak vypada curl z routeru?
-
vpsFree mi jede pres wireguard na Fedore (server) a curl tam funguje! Vypada takhle...
# curl -v https://portal.stavebnisprava.gov.cz/
* Host portal.stavebnisprava.gov.cz:443 was resolved.
* IPv6: 2620:1ec:bdf::45
* IPv4: 13.107.246.45
* Trying [2620:1ec:bdf::45]:443...
* Connected to portal.stavebnisprava.gov.cz (2620:1ec:bdf::45) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /etc/pki/tls/certs/ca-bundle.crt
* CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / secp256r1 / RSASSA-PSS
* ALPN: server accepted h2
* Server certificate:
* subject: CN=portal.stavebnisprava.gov.cz
* start date: Jun 14 00:00:00 2024 GMT
* expire date: Dec 12 23:59:59 2024 GMT
* subjectAltName: host "portal.stavebnisprava.gov.cz" matched cert's "portal.stavebnisprava.gov.cz"
* issuer: C=US; O=DigiCert, Inc.; CN=GeoTrust Global TLS RSA4096 SHA256 2022 CA1
* SSL certificate verify ok.
* Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 1: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha1WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://portal.stavebnisprava.gov.cz/
* [HTTP/2] [1] [:method: GET]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: portal.stavebnisprava.gov.cz]
* [HTTP/2] [1] [:path: /]
* [HTTP/2] [1] [user-agent: curl/8.6.0]
* [HTTP/2] [1] [accept: */*]
> GET / HTTP/2
> Host: portal.stavebnisprava.gov.cz
> User-Agent: curl/8.6.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 200
< date: Tue, 02 Jul 2024 13:30:08 GMT
< content-type: text/html
< content-length: 962
< cache-control: public, must-revalidate, max-age=30
< etag: "27988630"
< last-modified: Sun, 30 Jun 2024 06:11:08 GMT
< strict-transport-security: max-age=10886400; includeSubDomains; preload
< referrer-policy: same-origin
< x-content-type-options: nosniff
< x-xss-protection: 1; mode=block
< x-dns-prefetch-control: off
< x-azure-ref: 20240702T133008Z-17d856f5577k67n26f9ucb323c0000000bvg00000000k52p
< x-cache: CONFIG_NOCACHE
< accept-ranges: bytes
MTU wg rozhrani je 1420.
Diky za ochotu! Vypada, ze jsme na dobre stope.
-
Tzn. na te fedore predpokladam bezi i radvd? Pokud ano, zkusil bych v nem nastavit AdvLinkMTU 1420, restartovat radvd a odpojit/pripojit klienta od site/k siti (ip -6 route by pak melo ukazovat default routu s mtu 1420).
A jeste jeden namet k provereni, sit providera vyuziva primo ethernet/dhcp nebo pppoe? V pripade pppoe by bylo potreba odebrat z mtu jeste 8 bajtu (ale nevim, jak/jestli se tohle nastavuje i na strane vpsfree endpointu, to by vedel Ondra Caletka).
-
Stacilo nastavit AdvLinkMTU na 1420 a restartovat radvd, vse okamzite funguje. Provider je primo na ethernetu.
Diky moc za pomoc!