sam

@sam@cablespaghetti.dev

Father of two, husband, lover of dogs but owner of many cats. Runner. Technology enthusiast. Metalhead. AuADHDer. Cloudy DevOps type person. Formerly known as @sam@running.cafe

790 following, 702 followers

0 ★ 0 ↺

[?]sam »
@sam@cablespaghetti.dev

This VPS issue has me very confused. Can any experts help me help out their support here? Intermittently I'm getting connection resets for all inbound TCP traffic but only for IPv6. It breaks HTTPS and SSH traffic, and seemingly comes and goes by itself. Outbound traffic and IPv4 seem unaffected. Does this sound like a routing issue on the provider end or something I've somehow screwed up in the OS?

    ...

    [?]greem »
    @greem@cyberplace.social

    @sam sounds like the theoretically unlikely* situation of two independent devices trying to use the same v6 address.

    *Unlikely given the depth and breadth of the namespace, but...

    Have you set a static address on this one?

      ...
      0 ★ 0 ↺

      [?]sam »
      @sam@cablespaghetti.dev

      I have set a static address yes, but I was provided a /64 by the VPS provider for the node. Very interestingly since my last reply to the support request it has been perfect...I wonder if they accidentally gave the same prefix to two customers...

        ...

        [?]Gary Parker :party_porg: »
        @WiteWulf@cyberplace.social

        @sam @greem did I see you say you're on Hetzner? Because I've definitely seen that happen before on friends' VPSes with them.

          ...
          0 ★ 0 ↺

          [?]sam »
          @sam@cablespaghetti.dev

          I'm on a small provider on an instance I got very cheap. Honestly it's otherwise very fast and IPv4 is reliable. Support are at least being responsive so maybe they'll be able to figure it out. Since my last reply the 45 minute long stretch of it working has ended and we're back to broken now.

          CC: @greem@cyberplace.social

            ...

            [?]greem »
            @greem@cyberplace.social

            @sam
            While it's in faulty state, can you run tcpdump to see if traffic is actually getting to it?

            Via a v4 connection, obviously! Something like this:

            tcpdump -n -i eth0 '(tcp and port 22) or icmp'

            Make an SSH connection and see if the inbound SYN packet reaches the interface, or the interface itself responds with an RST or ICMP port/host unreachable.

            No packets? Provider.
            Packets and ICMP? Your problem!
            @WiteWulf

              ...
              2 ★ 0 ↺

              [?]sam »
              @sam@cablespaghetti.dev

              They gave me a new address allocation. It didn't help. Then I noticed in an outbound traceroute that traffic was going via a random IP...it turns out another customer in the same subnet was sending out IPv6 Router Advertisements! I have now changed my default gateway configuration to ::1 from :: and things seem fixed. I hope the host goes after the offending customer and asks for them to quit it but I suspect not.

              CC: @WiteWulf@cyberplace.social

                ...

                [?]greem »
                @greem@cyberplace.social

                @sam Pretty sure you'd be able to build yourself some firewall rules against that, but you have to be careful not to chop your VPS off at the knees 🪓

                Good sleuthing though!

                @WiteWulf

                  [?]fraggLe! »
                  @fwaggle@moodoo.org

                  @sam @greem @WiteWulf If you don't need RAs (it sounds like you're manually seeing the route?) you can turn accepting them off with a sysctl.

                    History

                    about this site - powered by snac