Hi Guillaume, I did some research this morning on this bug. The issue appears on Tumbleweed + Leap 15.2 on a Raspberry Pi 4 with the most recent images and looks to me like a YaST related issue when enabling IPv6 Forwarding. I filed https://bugzilla.opensuse.org/show_bug.cgi?id=1182360.
Best, Felix On Tue, 2021-02-16 at 16:04 +0000, Guillaume Gardet wrote: > > > > -----Original Message----- > > From: Felix Niederwanger <[email protected]> > > Sent: 16 February 2021 13:17 > > To: Mailinglist openSUSE ARM <[email protected]> > > Subject: https issue with IPv6 on Raspberry Pi 4 > > > > Hi, > > > > Already since some time my Raspberry Pi 4 is not able to make https > > requests > > over IPv6: > > Is it on Tumbleweed or Leap 15.x? > > > > > $ curl -6 http://heise.de > > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > > <html><head> > > <title>301 Moved Permanently</title> > > </head><body> > > <h1>Moved Permanently</h1> > > <p>The document has moved <a > > href="https://www.heise.de/";>here</a>.</p> > > </body></html> > > > > $ curl -6 https://heise.de > > curl: (35) OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection > > to > > heise.de:443 > > It works fine here on an aarch64 server: > curl -6 https://heise.de > <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> > <html><head> > <title>301 Moved Permanently</title> > </head><body> > <h1>Moved Permanently</h1> > <p>The document has moved <a > href="https://www.heise.de/";>here</a>.</p> > </body></html> > > You should fill a bug to track it. > > Guillaume > > > > > > I noticed this issue already like a month ago, when "zypper ref" > > fails with a > > "Connection reset by peer" error message. The rest of the IPv6 > > network works > > fine, I'm connecting via ssh to the Raspberry Pi using it's IPv6 > > address and also a > > ping works nicely. > > > > $ ping6 heise.de > > PING heise.de(redirector.heise.de (2a02:2e0:3fe:1001:302::)) 56 > > data bytes > > 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): > > icmp_seq=1 ttl=56 time=14.1 ms > > 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): > > icmp_seq=2 ttl=56 time=13.3 ms > > 64 bytes from redirector.heise.de (2a02:2e0:3fe:1001:302::): > > icmp_seq=3 ttl=56 time=13.4 ms > > ^C > > --- heise.de ping statistics --- > > 3 packets transmitted, 3 received, 0% packet loss, time 2002ms > > rtt min/avg/max/mdev = 13.315/13.640/14.151/0.377 ms > > > > > > I'm attaching the strace of `curl -6 https://heise.de` to this > > email as well. It is > > interesting, as it appears to be able to fetch the SSL Certificate, > > but then ppoll > > fails with a series of timeouts. > > > > Could be that it's just a stupid misconfiguration on my side, but > > I'm unable to find > > the culprit. > > > > ## System configuration > > > > * Raspberry Pi 4, 4 GB + 8 GB model (tried on both) > > * openSUSE Leap 15.2 > > * Network bridge br0 with eth0 > > * Wifi is not used > > * Native IPv6 prefix in house, works fine with the rest of the > > network > > > > > > I'm using wicked, a stable ethernet connection and have configured > > eth0 to be in > > a network bridge within YaST. The interface configuration looks > > like the following: > > > > 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master > > br0 > > state UP group default qlen 1000 > > link/ether dc:a6:32:03:f0:6a brd ff:ff:ff:ff:ff:ff > > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN > > group > > default qlen 1000 > > link/ether dc:a6:32:03:f0:6b brd ff:ff:ff:ff:ff:ff > > 4: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue > > state > > UP group default qlen 1000 > > link/ether dc:a6:32:03:f0:6a brd ff:ff:ff:ff:ff:ff > > inet 192.168.0.80/24 brd 192.168.0.255 scope global br0 > > valid_lft forever preferred_lft forever > > inet6 2a02:<REDACTED>:beef/64 scope global > > valid_lft forever preferred_lft forever > > inet6 fe80::dea6:32ff:fe03:f06a/64 scope link > > valid_lft forever preferred_lft forever > > > > Default routes are set for IPv4 and IPv6, Packet forwarding is > > enabled for IPc4 and > > IPv6, as this setup is intended to be used as a virtualization test > > host. > > > > > > I'm a bit puzzled here. > > > > Best, > > Felix :-)
signature.asc
Description: This is a digitally signed message part
