Good late morning, All fixed by now - I was notified that ipv6/https was unreachable due to maintenance at SBB last night.
curl -6 -I -v https://sbb.ch as well as a real browser now work again. Thanks everyone for the fast response! Sunny greetings from Glarus, Nico p.s.: MTU on my test boxes was 9000 and 1500, both had the same issue yesterday. Müller Urs (IT-OM-SDP-SDN) <urs.bf.muel...@sbb.ch> writes: > Hello everybody > > We are still having issues with the MTU detection. > At the moment, we are translating on our Internet-Router and internal > Loadbalancers are unaware or unable to talk back to the webserver, if the MTU > is smaller than usual. > This happens usually with Tunnelbrokers or some (self built) Firewall/Routers. > > Hope, we will bring IPv6 deeper into our network until Q2/2020 and fix that > nasty issue with that. > > If Nico could try to look into his MTU and perhaps share it's hardware specs? > > I am connecting with EdgeRouter Pro and through INIT7/Fiber7. > > :~$ curl -6 -l -v https://sbb.ch > * Rebuilt URL to: https://sbb.ch/ > * Trying 2a00:4bc0:ffff:ffff::c296:f58e... > * TCP_NODELAY set > * Connected to sbb.ch (2a00:4bc0:ffff:ffff::c296:f58e) port 443 (#0) > * ALPN, offering h2 > * ALPN, offering http/1.1 > * successfully set certificate verify locations: > * CAfile: /etc/ssl/certs/ca-certificates.crt > CApath: /etc/ssl/certs > * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 > * ALPN, server accepted to use http/1.1 > * Server certificate: > * subject: jurisdictionC=CH; jurisdictionST=Bern; > serialNumber=CHE-102.909.703; businessCategory=Private Organization; C=CH; > ST=Bern; L=Bern; O=Schweizerische Bundesbahnen SBB; OU=IT; CN=www.sbb.ch > * start date: Jul 25 14:52:45 2019 GMT > * expire date: Jul 25 14:52:45 2021 GMT > * subjectAltName: host "sbb.ch" matched cert's "sbb.ch" > * issuer: C=CH; O=SwissSign AG; CN=SwissSign EV Gold CA 2014 - G22 > * SSL certificate verify ok. > > Regards, Urs > > Urs Müller > Schweizerische Bundesbahnen SBB > Senior Architekt > IT Operations Management - Service Design > Lindenhofstrasse 1 - Worblaufen, 3000 Bern 65 > urs.bf.muel...@sbb.ch / www.sbb.ch > > > > > -----Ursprüngliche Nachricht----- > Von: swinog-boun...@lists.swinog.ch <swinog-boun...@lists.swinog.ch> Im > Auftrag von Silvan M. Gebhardt > Gesendet: Montag, 21. Oktober 2019 09:59 > An: Benoit Panizzon <benoit.paniz...@imp.ch> > Cc: swinog <swinog@lists.swinog.ch> > Betreff: Re: [swinog] SBB partially reachable via IPv6 > > SBB is a test case for proper MTU. Check your MTU ;) > > > ----- Ursprüngliche Mail ----- > Von: "Benoit Panizzon" <benoit.paniz...@imp.ch> > An: "swinog" <swinog@lists.swinog.ch> > Gesendet: Montag, 21. Oktober 2019 07:40:15 > Betreff: Re: [swinog] SBB partially reachable via IPv6 > > Works for me: > $ telnet sbb.ch https > Trying 2a00:4bc0:ffff:ffff::c296:f58e... > Connected to sbb.ch. > > $ openssl s_client -connect sbb.ch:https > CONNECTED(00000003) > depth=2 C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2 verify return:1 > depth=1 C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22 verify > return:1 > depth=0 jurisdictionC = CH, jurisdictionST = Bern, serialNumber = > CHE-102.909.703, businessCategory = Private Organization, C = CH, ST = Bern, > L = Bern, O = Schweizerische Bundesbahnen SBB, OU = IT, CN = www.sbb.ch > verify return:1 > --- > Certificate chain > 0 s:jurisdictionC = CH, jurisdictionST = Bern, serialNumber = > CHE-102.909.703, businessCategory = Private Organization, C = CH, ST = Bern, > L = Bern, O = Schweizerische Bundesbahnen SBB, OU = IT, CN = www.sbb.ch > i:C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22 > 1 s:C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22 > i:C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2 > > Mit freundlichen Grüssen > > -Benoît Panizzon- -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog