Connected on ipfire host by ssh:
[root@ipfire ~]# tracepath pakfire.ipfire.org
1?: [LOCALHOST] pmtu 1500
1: gateway 0.908ms
1: gateway 0.678ms
2: 201.88.216.1 190.061ms
3: 100.120.70.161 6.174ms
4: 100.120.31.223 21.620ms
5: 100.120.20.150 19.515ms
6: no reply
7: 45.238.97.194 40.512ms
8: 200.16.69.44 82.455ms asymm 10
9: 200.16.69.2 148.729ms asymm 11
10: no reply
11: 146.247.201.94 258.436ms asymm 17
12: 212.112.170.209 246.031ms asymm 17
13: 194.182.96.33 253.301ms asymm 20
14: 194.182.97.154 247.205ms asymm 20
15: 77.243.32.58 253.216ms asymm 18
16: et-0-0-5.hamb2pe2de.gc-net.eu 253.517ms asymm 15
17: fr4a.h.as24679.net 257.107ms asymm 16
18: no reply
19: no reply
20: no reply
21: no reply
22: no reply
23: no reply
24: no reply
25: no reply
26: no reply
27: no reply
28: no reply
29: no reply
30: no reply
Too many hops: pmtu 1500
Resume: pmtu 1500
Using a desktop connected direct to modem:
~$ tracepath pakfire.ipfire.org
1?: [LOCALHOST] pmtu 1500
1: _gateway 0.816ms
1: _gateway 1.016ms
2: 201.88.216.1 4.710ms
3: 100.120.70.111 5.181ms
4: 100.120.23.53 22.957ms
5: 100.120.25.202 30.410ms
6: 100.120.22.141 121.375ms
7: 45.238.97.194 37.315ms asymm 9
8: 200.16.69.44 78.374ms asymm 10
9: 200.16.69.2 143.551ms asymm 11
10: sem resposta
11: 146.247.201.94 251.067ms asymm 17
12: 212.112.170.209 246.464ms asymm 17
13: 194.182.96.33 246.848ms asymm 20
14: 194.182.97.154 241.894ms asymm 20
15: 77.243.32.58 240.995ms asymm 18
16: et-0-0-5.hamb2pe2de.gc-net.eu 251.292ms asymm 15
17: fr4a.h.as24679.net 247.523ms asymm 16
18: sem resposta
19: sem resposta
20: sem resposta
21: sem resposta
22: sem resposta
23: sem resposta
24: sem resposta
25: sem resposta
26: sem resposta
27: sem resposta
28: sem resposta
29: sem resposta
30: sem resposta
Too many hops: pmtu 1500
Resumir: pmtu 1500
Now, using curl, I think that the web server, or the reverse proxy, is receiving a connecting with IPv4 but is changing to IPv6 in answer if is supported by modem or is not answering in ipv4 when ipv6 is presente. But ipfire don’t know IPv6, so the server is inaccessible.
From a desktop connect direct to modem, the connection on IPv4 was change to IPv6:
~$ curl -v https://ipfire.org
* Trying 2001:678:b28:::443...
* TCP_NODELAY set
* Trying 81.3.27.38:443...
* TCP_NODELAY set
* Connected to ipfire.org (2001:678:b28::) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=www.ipfire.org
* start date: Nov 7 23:25:39 2023 GMT
* expire date: Feb 5 23:25:38 2024 GMT
* subjectAltName: host "ipfire.org" matched cert's "ipfire.org"
* issuer: C=US; O=Let's Encrypt; CN=R3
* SSL certificate verify ok.
* Using HTTP2, server supports multi-use
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x55d586315050)
> GET / HTTP/2
> Host: ipfire.org
> user-agent: curl/7.68.0
> accept: */*
* Connection #0 to host ipfire.org left intact
Connected behind ipfire, same desktop:
~$ curl -v https://ipfire.org
* Trying 81.3.27.38:443...
* TCP_NODELAY set
* Trying 2001:678:b28:::443...
* TCP_NODELAY set
* Immediate connect fail for 2001:678:b28::: A rede está fora de alcance
* Trying 2001:678:b28:::443...
* TCP_NODELAY set
* Immediate connect fail for 2001:678:b28::: A rede está fora de alcance
* Trying 2001:678:b28:::443...
* TCP_NODELAY set
* Immediate connect fail for 2001:678:b28::: A rede está fora de alcance
* Trying 2001:678:b28:::443...
* TCP_NODELAY set
* Immediate connect fail for 2001:678:b28::: A rede está fora de alcance
* Trying 2001:678:b28:::443...
* TCP_NODELAY set
* Immediate connect fail for 2001:678:b28::: A rede está fora de alcance
Connected on a ipfire terminal by ssh:
[root@ipfire ~]# curl -v https://www.ipfire.org
* processing: https://www.ipfire.org
* Trying 81.3.27.38:443...
* connect to 81.3.27.38 port 443 failed: Connection timed out
* Failed to connect to www.ipfire.org port 443 after 15380 ms: Couldn't connect to server
* Closing connection
curl: (28) Failed to connect to www.ipfire.org port 443 after 15380 ms: Couldn't connect to server
I did a TCP package capture from my desktop. For some reason, the ipfire web server answer with ipv6 and not ipv4. The IP address of my desktop is ipv4 and ipv6, gave from modem. I think that ipv6 is preferred from ipfire web server. But I`m not sure/.
Other websites with address only IPv4 works fine. And with ipv4 and ipv6 answer correctly with ipv4 or ipv6 and are accessible. Only ipfire is not accessible.
I think the problem is the DNS or the webserver, that anwser with two addresses, ipv4 and ipv6, and prefer ipv6.