this post was submitted on 10 May 2025
7 points (100.0% liked)

Web Hosting

375 readers
2 users here now

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
snowe
Reson8
Ategon
7
Anyone know why a static site wouldn't load with a VPN on? (lemmy.ml)
submitted 3 days ago by [email protected] to c/web_hosting
8 comments fedilink hide all child comments
 

My web hosting company can't explain this.

My website is old school static, just HTML, CSS and js files. Nothing fancy.

No VPN, it loads fine. With VPN (various, but in my case Mullvad) it won't load. I get this screenshot. All other sites load fine with that vpn!

top 8 comments
sorted by: hot top controversial new old
[โ€“] [email protected] 2 points 2 days ago

The site works now! https://www.rebeltechalliance.org/

The hosting provider hadn't provided their IP6 address, and I didn't know I needed it...

Thanks everyone for your help ๐Ÿ˜Š

[โ€“] [email protected] 6 points 3 days ago (2 children)

Maybe ipv6 DNS issues:


;; ANSWER SECTION:
www.rebeltechalliance.org. 159  IN      CNAME   rebeltechalliance.org.
rebeltechalliance.org.  158     IN      A       136.243.169.53

;; ADDITIONAL SECTION:
rebeltechalliance.org.  159     IN      AAAA    2a10:e000:1::10

I'm not completely up to speed on ipv6 stuff but I can't get that AAAA address to resolve. If it is a valid address you may be running services only on ipv4 and the VPN could be using an ipv6 address where no programs are listening... I think?

Also if you run the whole host you may want to see if you need all of these services available or can block incoming connections to them.

21/tcp   open  ftp
25/tcp   open  smtp
26/tcp   open  rsftp
53/tcp   open  domain
80/tcp   open  http
106/tcp  open  pop3pw
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
465/tcp  open  smtps
587/tcp  open  submission
993/tcp  open  imaps
995/tcp  open  pop3s
3306/tcp open  mysql
8443/tcp open  https-alt
[โ€“] [email protected] 2 points 2 days ago

It was IP6 issues!

My hosting provider had not provided the IP6 address, so I didn't input it to the DNS records. After a month of back and forth they finally coughed up this information, and I've added it to the records, and everything works.

I've no idea why they didn't give it to me in the first place!

[โ€“] SteveTech 4 points 3 days ago* (last edited 3 days ago)

It's not immediately a DNS issue. Usually if there's no response within less then a second, then a browser will skip IPv6 and use IPv4 (Happy Eyeballs). But in this case the server responds with an SSL error over IPv6.

curl -v -6 "https://rebeltechalliance.org/"
* Host rebeltechalliance.org:443 was resolved.
* IPv6: 2a10:e000:1::10
* IPv4: (none)
*   Trying [2a10:e000:1::10]:443...
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /data/data/com.termux/files/usr/etc/tls/cert.pem
*  CApath: /data/data/com.termux/files/usr/etc/tls/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLS connect error: error:00000000:lib(0)::reason(0)
* OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to rebeltechalliance.org:443
* closing connection #0
curl: (35) TLS connect error: error:00000000:lib(0)::reason(0)
[โ€“] [email protected] 2 points 3 days ago (1 children)

Which Screenshot?

[โ€“] [email protected] 1 points 3 days ago (2 children)

[โ€“] [email protected] 3 points 3 days ago

Looks like some sort of SSL issue. Are you able to reach it incognito?

[โ€“] [email protected] 1 points 3 days ago

works for me with protonvpn