IPv4 diagnostic check times out for some nodes
odesenfans opened this issue · comments
Describe the bug
The diagnostic VM attempts to connect to https://9.9.9.9 (Quad9 DNS) to verify that IPv4 connectivity works. Some node operators report that this check fails in their setup because of a timeout error.
To Reproduce
Unclear yet. At least one node running under Gthost is impacted (soros2..
Logs
*** VM Supervisor
in aenter Sep 11 10:12:24 tor-sm5038mr-h8trf-8-2 python3[1642]: self._resp = await self._coro Sep 11 10:12:24 tor-sm5038mr-h8trf-8-2 python3[1642]: File "/usr/local/lib/python3.9/dist-packages/aiohttp/client.py", line 634, in _request Sep 11 10:12:24 tor-sm5038mr-h8trf-8-2 python3[1642]: break Sep 11 10:12:24 tor-sm5038mr-h8trf-8-2 python3[1642]: File "/usr/local/lib/python3.9/dist-packages/aiohttp/helpers.py", line 721, in exit Sep 11 10:12:24 tor-sm5038mr-h8trf-8-2 python3[1642]: raise asyncio.TimeoutError from None Sep 11 10:12:24 tor-sm5038mr-h8trf-8-2 python3[1642]: asyncio.exceptions.TimeoutError Sep 11 10:12:24 tor-sm5038mr-h8trf-8-2 python3[1642]: 2023-09-11 10:12:24,520 | DEBUG | VM already has a timeout. Extending it.
*** curl output on the same machine
# curl -vvv https://9.9.9.9
* Trying 9.9.9.9:443...
* Connected to 9.9.9.9 (9.9.9.9) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*** Expected curl output
# curl -vvv https://9.9.9.9
* Trying 9.9.9.9:443...
* Connected to 9.9.9.9 (9.9.9.9) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=US; ST=California; L=Berkeley; O=Quad9; CN=*.quad9.net
* start date: Jul 31 00:00:00 2023 GMT
* expire date: Aug 6 23:59:59 2024 GMT
* subjectAltName: host "9.9.9.9" matched cert's IP address!
* issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS Hybrid ECC SHA384 2020 CA1
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55bf2fee6e90)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: 9.9.9.9
> user-agent: curl/7.81.0
> accept: */*
>
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
< HTTP/2 404
< server: h2o/dnsdist
< date: Sat, 09 Sep 2023 10:38:10 GMT
< content-type: text/plain; charset=utf-8
< content-length: 9
Additional context
Reaching 8.8.8.8 and 1.1.1.1 from the server works.