IPv6 routing issue with Telegram
Hi list, Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self. When I try to load telegram web, with IPv6 address, the connection will hang for me. ❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout But I don't have this issue with other IPv6 services, like google.com Can you please check on your side? and which ISP are you using? Thanks. Regards -- Rabin
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using? -- "Prior to capitalism, the way people amassed great wealth was by looting, plundering and enslaving their fellow man. Capitalism made it
I tried both: curl --connect-timeout 3 -ipv6 https://web.telegram.org/ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ In both cases, the response was prompt. I am connected to the Internet via Bezeq (as infrastructure provider) and Partner (as ISP). I got IPv6 from Partner several months ago, and replaced the router due to this. United we shall win, --- Omer Zak On Tue, 2024-01-09 at 13:17 +0200, Rabin Yasharzadehe wrote: possible to become wealthy by serving your fellow man." - Walter E. Williams My own blog is at https://tddpirate.zak.co.il/ My opinions, as expressed in this E-mail message, are mine alone. They do not represent the official policy of any organization with which I may be affiliated in any way. WARNING TO SPAMMERS: at https://www.zak.co.il/spamwarning.html
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation. Few things to check: - Does this work for you with IPv4? - Can you use "openssl s_client" to see if your environment manages to finish the SSL handshake? - Can you try to connect from inside a Docker container that is using a different base distro? -- Lior ---- On Tue, 09 Jan 2024 13:17:23 +0200 Rabin Yasharzadehe <rabin@rabin.io> wrote --- Hi list, Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self. When I try to load telegram web, with IPv6 address, the connection will hang for me. ❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to http://web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout But I don't have this issue with other IPv6 services, like http://google.com Can you please check on your side? and which ISP are you using? Thanks. Regards -- Rabin _______________________________________________ Linux-il mailing list -- mailto:linux-il@cs.huji.ac.il To unsubscribe send an email to mailto:linux-il-leave@cs.huji.ac.il
Nice catch, IPv4 works, as the moment I remove the address from my interface, I can connect to the site. From what I can see, it does able to complete the TLS handshake, and I can see the certificate. And I see the same behavior from inside a container. Ping to the address seems to be working, and I don't see any routing issue to the destination. Issue with telegram service? -- Rabin On Wed, 10 Jan 2024 at 07:52, Lior Okman <lior@okman.name> wrote:
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation.
Few things to check:
- Does this work for you with IPv4? - Can you use "openssl s_client" to see if your environment manages to finish the SSL handshake? - Can you try to connect from inside a Docker container that is using a different base distro?
-- Lior
---- On Tue, 09 Jan 2024 13:17:23 +0200 *Rabin Yasharzadehe <rabin@rabin.io <rabin@rabin.io>>* wrote ---
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin _______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-leave@cs.huji.ac.il
Hi, Can you check the offered cipher using openssl s_client ? It could be that there is no suggested cipher or changing suggested cipher between ipv4 vs ipv6, (something that can happen with some farms and other load balancing systems) . On Thursday, 11 January 2024 12:18:24 IST Rabin Yasharzadehe wrote:
Nice catch,
IPv4 works, as the moment I remove the address from my interface, I can connect to the site. From what I can see, it does able to complete the TLS handshake, and I can see the certificate. And I see the same behavior from inside a container.
Ping to the address seems to be working, and I don't see any routing issue to the destination.
Issue with telegram service?
-- Rabin
On Wed, 10 Jan 2024 at 07:52, Lior Okman <lior@okman.name> wrote:
Looking at the curl output, it manages to connect using IPv6 and is timing out on the SSL negotiation.
Few things to check:
- Does this work for you with IPv4? - Can you use "openssl s_client" to see if your environment manages to finish the SSL handshake? - Can you try to connect from inside a Docker container that is using a different base distro?
-- Lior
---- On Tue, 09 Jan 2024 13:17:23 +0200 *Rabin Yasharzadehe <rabin@rabin.io <rabin@rabin.io>>* wrote ---
Hi list,
Can you please help me identify if the issue, is in my end / ISP (Bezeq) and not the service it self.
When I try to load telegram web, with IPv6 address, the connection will hang for me.
❯ curl --connect-timeout 3 -Iv6 https://web.telegram.org/ * processing: https://web.telegram.org/ * Trying [2001:67c:4e8:f004::9]:443... * Connected to web.telegram.org (2001:67c:4e8:f004::9) port 443 * ALPN: offers h2,http/1.1 * TLSv1.3 (OUT), TLS handshake, Client hello (1): * CAfile: /etc/pki/tls/certs/ca-bundle.crt * CApath: none * SSL connection timeout * Closing connection curl: (28) SSL connection timeout
But I don't have this issue with other IPv6 services, like google.com
Can you please check on your side? and which ISP are you using?
Thanks. Regards
-- Rabin _______________________________________________ Linux-il mailing list -- linux-il@cs.huji.ac.il To unsubscribe send an email to linux-il-leave@cs.huji.ac.il
participants (4)
-
borissh1983@gmail.com -
Lior Okman -
Omer Zak -
Rabin Yasharzadehe