On Sep 21, 2023, at 07:52, Henrique Brancher
Gravina via 44net <44net(a)mailman.ampr.org <mailto:44net@mailman.ampr.org>>
wrote:
Thanks, TCP MSS was the answer!
On my router ( Mikrotik ):
/ip firewall mangle
add action=change-mss chain=forward new-mss=clamp-to-pmtu passthrough=yes protocol=tcp
tcp-flags=syn
On Sun, Sep 17, 2023 at 4:02 PM Jonathan Lassoff <jof(a)thejof.com
<mailto:jof@thejof.com>> wrote:
That DNS resolution seems ok, 20.201.28.151 is
one of the web frontend
IPs. (Confirmed with their API's /meta endpoint:
https://api.github.com/meta)
However, an operation timing out implies that something along the path
is filtering your TCP connection.
Maybe use `tcptraceroute` to try and tell how far your initial TCP SYN
packet is making it (to try and tell whom is filtering).
The other thought that comes in mind in the context of TCP breaking
while traversing VPNs (where small packets like ICMP pings are
working) is that maybe something along the path is not clamping TCP
MSS? Maybe try adding a `mssfix` option into the OpenVPN config (maybe
sized 1420 bytes).
--j
On Sat, 16 Sept 2023 at 11:19, Henrique Brancher Gravina
<henrique(a)gravina.com.br <mailto:henrique@gravina.com.br>> wrote:
>
> gnutls-cli cannot connect to the host, it give me a timeout:
>
> $gnutls-cli github.com:443 <http://github.com:443/>
> Processed 137 CA certificate(s).
> Resolving 'github.com:443'...
> Connecting to '20.201.28.151:443'...
> *** Fatal error: The operation timed out
>
>
> But I cant ping the host:
>
> $ping
www.github.com <http://www.github.com/>
> PING
github.com <http://github.com/> (20.201.28.151) 56(84) bytes of data.
> 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=1 ttl=111 time=22.3 ms
> 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=2 ttl=111 time=19.5 ms
> 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=3 ttl=111 time=22.3 ms
> 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=4 ttl=111 time=19.8 ms
> 64 bytes from 20.201.28.151 (20.201.28.151): icmp_seq=5 ttl=111 time=19.7 ms
>
>
>
>
> On Sat, Sep 16, 2023 at 3:33 AM Jonathan Lassoff <jof(a)thejof.com
<mailto:jof@thejof.com>> wrote:
>>
>> For what it's worth, I am able to successfully do git clones from IPv4
>> Github from 44net BGP island space, and even that repo you list.
>>
>> That error suggests that something happened with GNUTLS while
>> establishing a TLS connection. Maybe test just that with GNUTLS and
>> run "gnutls-cli github.com:443 <http://github.com:443/>"?
>>
>> On Fri, 15 Sept 2023 at 23:08, Henrique Brancher Gravina via 44net
>> <44net(a)mailman.ampr.org <mailto:44net@mailman.ampr.org>> wrote:
>> >
>> > Hello,
>> >
>> > I am running a 44 network with bgp announces on Vultr ( mikrotik ) and a
VPN to my home ( mikrotik ) . Everything is working fine inbound and outbound traffic are
being routed ok.
>> >
>> > The problem is that I can use github on the server on my 44 hosts.
>> >
>> > For example:
>> >
>> > # git clone
https://github.com/Henriquegravina/DxccResolver
>> > Cloning into 'DxccResolver'...
>> > fatal: unable to access
'https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake() failed:
Error in the pull function.
>> > # root@odc1:/home/henrique/tmp# git clone
https://github.com/Henriquegravina/DxccResolver
>> > Cloning into 'DxccResolver'...
>> > fatal: unable to access
'https://github.com/Henriquegravina/DxccResolver/': gnutls_handshake() failed:
Error in the pull function.
>> >
>> > Thanks for any help.
>> > PU3IKE
>> >
>> >
>> > _______________________________________________
>> > 44net mailing list -- 44net(a)mailman.ampr.org
<mailto:44net@mailman.ampr.org>
>> > To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
<mailto:44net-leave@mailman.ampr.org>
_______________________________________________
44net mailing list -- 44net(a)mailman.ampr.org <mailto:44net@mailman.ampr.org>
To unsubscribe send an email to 44net-leave(a)mailman.ampr.org
<mailto:44net-leave@mailman.ampr.org>