Hi Guillaume, I did some research this morning on this bug. The issue appears on Tumbleweed + Leap 15.2 on a Raspberry Pi 4 with the most recent images and looks to me like a YaST related issue when enabling IPv6 Forwarding. I filed https://bugzilla.opensuse.org/show_bug.cgi?id=1182360. Best, Felix On Tue, 2021-02-16 at 16:04 +0000, Guillaume Gardet wrote:
-----Original Message----- From: Felix Niederwanger <felix.niederwanger@suse.de> Sent: 16 February 2021 13:17 To: Mailinglist openSUSE ARM <opensuse-arm@opensuse.org> Subject: https issue with IPv6 on Raspberry Pi 4
Hi,
Already since some time my Raspberry Pi 4 is not able to make https requests over IPv6:
Is it on Tumbleweed or Leap 15.x?
$ curl -6 http://heise.de <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://www.heise.de/">here</a>.</p> </body></html>
$ curl -6 https://heise.de curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to heise.de:443
It works fine here on an aarch64 server: curl -6 https://heise.de <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <html><head> <title>301 Moved Permanently</title> </head><body> <h1>Moved Permanently</h1> <p>The document has moved <a href="https://www.heise.de/">here</a>.</p> </body></html>
You should fill a bug to track it.
Guillaume
I noticed this issue already like a month ago, when "zypper ref" fails with a "Connection reset by peer" error message. The rest of the IPv6 network works fine, I'm connecting via ssh to the Raspberry Pi using it's IPv6 address and also a ping works nicely.
$ ping6 heise.de PING heise.de(redirector.heise.de (2a02:2e0:3fe:1001:302::)) 56 data bytes 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=1 ttl=56 time=14.1 ms 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=2 ttl=56 time=13.3 ms 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): icmp_seq=3 ttl=56 time=13.4 ms ^C --- heise.de ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 13.315/13.640/14.151/0.377 ms
I'm attaching the strace of `curl -6 https://heise.de` to this email as well. It is interesting, as it appears to be able to fetch the SSL Certificate, but then ppoll fails with a series of timeouts.
Could be that it's just a stupid misconfiguration on my side, but I'm unable to find the culprit.
## System configuration
* Raspberry Pi 4, 4 GB + 8 GB model (tried on both) * openSUSE Leap 15.2 * Network bridge br0 with eth0 * Wifi is not used * Native IPv6 prefix in house, works fine with the rest of the network
I'm using wicked, a stable ethernet connection and have configured eth0 to be in a network bridge within YaST. The interface configuration looks like the following:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000 link/ether dc:a6:32:03:f0:6a brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether dc:a6:32:03:f0:6b brd ff:ff:ff:ff:ff:ff 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether dc:a6:32:03:f0:6a brd ff:ff:ff:ff:ff:ff inet 192.168.0.80/24 brd 192.168.0.255 scope global br0 valid_lft forever preferred_lft forever inet6 2a02:<REDACTED>:beef/64 scope global valid_lft forever preferred_lft forever inet6 fe80::dea6:32ff:fe03:f06a/64 scope link valid_lft forever preferred_lft forever
Default routes are set for IPv4 and IPv6, Packet forwarding is enabled for IPc4 and IPv6, as this setup is intended to be used as a virtualization test host.
I'm a bit puzzled here.
Best, Felix :-)