Follow

Hey, @aeris !
About your CryptCheck website... it's reporting that it can't connect to this Mastodon instance via IPv6, which I find a little bit strange, because IPv6 seems to be working and other IPv6 website checks are reporting that everything is ok with IPv6, so I'm wondering why CryptCheck complains?

@ij Seems there is a real ipv6 trouble on your instance. Curl hangs on it

# curl -6 nerdculture.de/ -v
* Trying 2a01:a700:4629:213::1...
* TCP_NODELAY set

@aeris - can't confirm from this IPv6 enabled Dt. Telekom DSL:

curl -6 nerdculture.de/ -v
* Trying 2a01:a700:4629:213::1...
* TCP_NODELAY set
* Connected to nerdculture.de (2a01:a700:4629:213::1) port 443 (#0)

@ij If you kill the connection, and try later after some idle time, it's ok.
Seems there is a firewall somewhere on the path, limiting packets per seconds and blacklisting something if too many.
Currently, CryptCheck easily generates 10-20 packets per second

@ij I can't reproduce this on my own line, but on Scaleway, I have this trouble.

@aeris - I can ping 64 bytes from 2001:bc8:4400:2700::265b: icmp_seq=2 ttl=55 time=17.1 ms

@ij Ping is OK, but curl hangs quite a lot on some connection. Not all.

@aeris - hmmm, maybe fail2ban? I can deactivate for a test...

@aeris - ooops... fail2ban not running on this host at all ;)

@ij # for i in $(seq 1 10); do; timeout 2 curl -sq6 nerdculture.de/ &>/dev/null && echo OK || echo KO ; done
OK
OK
OK
OK
KO
OK
OK
KO
OK
OK

@aeris - from my DSL:

for i in $(seq 1 10); do timeout 2 curl -sq6 nerdculture.de/ &>/dev/null && echo OK || echo KO ; done
OK
OK
OK
OK
OK
OK
OK
OK
OK
OK

Can you run mtr for some minutes and maybe spot if there is packet loss in routing?

@aeris - I see approx. 50% packet loss at 2a01:4a0:1338:e4::2

@aeris -a few days ago my check was A+... let's hope it's an intermediate issue and will resolve itself again...
Thx for looking into this issue!

Sign in to participate in the conversation
Mastodon on NerdCulture

All friendly creatures are welcome. Be excellent to each other, live humanism, no nazis, no hate speech. Not only for nerds, but the domain is somewhat cool. ;) No bots in general! (only with prior permission)