8
8

Anyone know why a static site wouldn't load with a VPN on?

1y 1mon ago by lemmy.ml/u/Paddy66 in web_hosting@programming.dev

My web hosting company can't explain this.

My website is old school static, just HTML, CSS and js files. Nothing fancy.

No VPN, it loads fine. With VPN (various, but in my case Mullvad) it won't load. I get this screenshot. All other sites load fine with that vpn!

Maybe ipv6 DNS issues:


;; ANSWER SECTION:
www.rebeltechalliance.org. 159  IN      CNAME   rebeltechalliance.org.
rebeltechalliance.org.  158     IN      A       136.243.169.53

;; ADDITIONAL SECTION:
rebeltechalliance.org.  159     IN      AAAA    2a10:e000:1::10

I'm not completely up to speed on ipv6 stuff but I can't get that AAAA address to resolve. If it is a valid address you may be running services only on ipv4 and the VPN could be using an ipv6 address where no programs are listening... I think?

Also if you run the whole host you may want to see if you need all of these services available or can block incoming connections to them.

21/tcp   open  ftp
25/tcp   open  smtp
26/tcp   open  rsftp
53/tcp   open  domain
80/tcp   open  http
106/tcp  open  pop3pw
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql
8443/tcp open  https-alt

It's not immediately a DNS issue. Usually if there's no response within less then a second, then a browser will skip IPv6 and use IPv4 (Happy Eyeballs). But in this case the server responds with an SSL error over IPv6.

curl -v -6 "https://rebeltechalliance.org/"
* Host rebeltechalliance.org:443 was resolved.
* IPv6: 2a10:e000:1::10
* IPv4: (none)
*   Trying [2a10:e000:1::10]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /data/data/com.termux/files/usr/etc/tls/cert.pem
*  CApath: /data/data/com.termux/files/usr/etc/tls/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLS connect error: error:00000000:lib(0)::reason(0)
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to rebeltechalliance.org:443
* closing connection #0
curl: (35) TLS connect error: error:00000000:lib(0)::reason(0)

It was IP6 issues!

My hosting provider had not provided the IP6 address, so I didn't input it to the DNS records. After a month of back and forth they finally coughed up this information, and I've added it to the records, and everything works.

I've no idea why they didn't give it to me in the first place!

The site works now! https://www.rebeltechalliance.org/

The hosting provider hadn't provided their IP6 address, and I didn't know I needed it...

Thanks everyone for your help 😊

Which Screenshot?

Looks like some sort of SSL issue. Are you able to reach it incognito?

works for me with protonvpn