OPNsense
  • Home
  • Help
  • Search
  • Login
  • Register

  • OPNsense Forum »
  • Profile of hyper4d »
  • Show Posts »
  • Messages
  • Profile Info
    • Summary
    • Show Stats
    • Show Posts...
      • Messages
      • Topics
      • Attachments

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

  • Messages
  • Topics
  • Attachments

Messages - hyper4d

Pages: [1]
1
General Discussion / Re: Problems with YouTube / GQUIC Protocol
« on: May 12, 2021, 01:32:57 pm »
Common, as if nobody else have this issue... :-\

2
General Discussion / Re: Problems with YouTube / GQUIC Protocol
« on: April 22, 2021, 01:30:28 am »
Push #2

3
General Discussion / Re: Problems with YouTube / GQUIC Protocol
« on: April 19, 2021, 10:24:22 pm »
Push

4
General Discussion / Problems with YouTube / GQUIC Protocol
« on: March 30, 2021, 04:27:36 pm »
Hello,

I have an OPNsense running over a VM Cloud that I connect to over Wireguard. All this works wonderfully. The only exception is YouTube. More specifically YouTube and "YouTube Music" as an iOS app variant.
Every time I want to watch a video (or play a song on YouTube Music) it stays black and sometimes loads for 30 seconds to 1 minute (!!) before it finally plays.

I have Suricata and Unbound running on the FW.
- Unbound does not block the sent DNS requests (*.googlevideo etc.).
- Suricata is only in "Alert" mode anyway, so it doesn't block anything either.
- In the firewall logs I could not find any block/reject at playback time.
- Most important: Both on the PC, as well as under iOS, just via the browser, YouTube (-music) works without problems! Super fast loading times, almost like I'm online without FW.

I captured different PCAPs under different conditions and could see that the only difference I measured was that via the YouTube app UDP "GQUIC" packets were exchanged. These initially ended in Rejects after the client hello, and then by the time the video finally played "Payload (Encrypted)" was added.

307   4.647638   10.3.0.3   173.194.187.233   GQUIC   126   Client Hello, PKN: 1, CID: 9655794248220275632   14:45:31.626068

Example packets:
Code: [Select]
Frame 307: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
Null/Loopback
Internet Protocol Version 4, Src: 10.3.0.3, Dst: 173.194.187.233
User Datagram Protocol, Src Port: 64341, Dst Port: 443
    Source Port: 64341
    Destination Port: 443
    Length: 1358
    Checksum: 0x7d08 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 3]
    [Timestamps]
    UDP payload (1350 bytes)
GQUIC (Google Quick UDP Internet Connections)
    Public Flags: 0x0d
    CID: 9655794248220275632
    Version: Q043
    Packet Number: 1
    Message Authentication Hash: f0ff80e7055b29d2c3e9d438
    STREAM (Special Frame Type) Stream ID: 1, Type: CHLO (Client Hello)
        Frame Type: STREAM (Special Frame Type) (0xa0)
        Stream ID: 1 (Reserved for (G)QUIC handshake, crypto, config updates...)
        Data Length: 456
        Tag: CHLO (Client Hello)
        Tag Number: 20
        Padding: 0000
        Tag/value: SNI (Server Name Indication) (l=32): r4---sn-4g5ednly.googlevideo.com
            Tag Type: SNI (Server Name Indication)
            Tag offset end: 32
            [Tag length: 32]
            Tag/value: 72342d2d2d736e2d34673565646e6c792e676f6f676c65766964656f2e636f6d
            Server Name Indication: r4---sn-4g5ednly.googlevideo.com
        Tag/value: STK (Source Address Token) (l=56)
            Tag Type: STK (Source Address Token)
            Tag offset end: 88
            [Tag length: 56]
            Tag/value: b5e068274ab69c1d3abce10b7768c84fb30b7bd2eaf2692200488b35a441fee1ec48e55f…
            Source-address token: b5e068274ab69c1d3abce10b7768c84fb30b7bd2eaf2692200488b35a441fee1ec48e55f…
        Tag/value: VER (Version) (l=4): Q043
            Tag Type: VER (Version)
            Tag offset end: 92
            [Tag length: 4]
            Tag/value: 51303433
            Version: Q043
        Tag/value: CCS (Common Certificate Sets) (l=16)
            Tag Type: CCS (Common Certificate Sets)
            Tag offset end: 108
            [Tag length: 16]
            Tag/value: 01e8816092921ae87eed8086a2158291
            Common certificate sets: 0x01e8816092921ae8
            Common certificate sets: 0x7eed8086a2158291
        Tag/value: NONC (Client Nonce) (l=32)
            Tag Type: NONC (Client Nonce)
            Tag offset end: 140
            [Tag length: 32]
            Tag/value: 605df38b00e03098f4cc8d8147011b48bbd9078347e5d6bbfa1368139dff6435
            Client nonce: 605df38b00e03098f4cc8d8147011b48bbd9078347e5d6bbfa1368139dff6435
        Tag/value: AEAD (Authenticated encryption algorithms) (l=4), AES-GCM with a 12-byte tag and IV
            Tag Type: AEAD (Authenticated encryption algorithms)
            Tag offset end: 144
            [Tag length: 4]
            Tag/value: 41455347
            Authenticated encryption algorithms: AESG (AES-GCM with a 12-byte tag and IV)
        Tag/value: SCID (Server config ID) (l=16)
            Tag Type: SCID (Server config ID)
            Tag offset end: 160
            [Tag length: 16]
            Tag/value: caafdaefae9ddcc8129e17fc1e3c0044
            Server Config ID: caafdaefae9ddcc8129e17fc1e3c0044
        Tag/value: TCID (Connection ID truncation) (l=4)
            Tag Type: TCID (Connection ID truncation)
            Tag offset end: 164
            [Tag length: 4]
            Tag/value: 00000000
            Connection ID truncation: 0 (0x00000000)
        Tag/value: PDMD (Proof Demand) (l=4): X509
            Tag Type: PDMD (Proof Demand)
            Tag offset end: 168
            [Tag length: 4]
            Tag/value: 58353039
            Proof demand: X509
        Tag/value: ICSL (Idle connection state) (l=4)
            Tag Type: ICSL (Idle connection state)
            Tag offset end: 172
            [Tag length: 4]
            Tag/value: 1e000000
            Idle connection state: 30 (0x0000001e)
        Tag/value: NONP (Client Proof Nonce) (l=32)
            Tag Type: NONP (Client Proof Nonce)
            Tag offset end: 204
            [Tag length: 32]
            Tag/value: 54c7e1f215b233c59aeff9a622b9510b5bb177262f9c4464acef8de289b7568f
            Client Proof nonce: 54c7e1f215b233c59aeff9a622b9510b5bb177262f9c4464acef8de289b7568f
        Tag/value: PUBS (Public value) (l=32)
            Tag Type: PUBS (Public value)
            Tag offset end: 236
            [Tag length: 32]
            Tag/value: e743f9acb79fc55f5287dadfb6933741adf0daf01aeec18899f10746dffc3458
            Public value: 17383 (0x0043e7)
            Public value: 12037369 (0xb7acf9)
            Public value: 6276511 (0x5fc59f)
            Public value: 14321490 (0xda8752)
            Public value: 9680607 (0x93b6df)
            Public value: 11354423 (0xad4137)
            Public value: 15784688 (0xf0daf0)
            Public value: 12709402 (0xc1ee1a)
            Public value: 15833480 (0xf19988)
            Public value: 14632455 (0xdf4607)
            Public value: 5780732 (0x5834fc)
        Tag/value: MIDS (Max incoming dynamic streams) (l=4): 100
            Tag Type: MIDS (Max incoming dynamic streams)
            Tag offset end: 240
            [Tag length: 4]
            Tag/value: 64000000
            Max incoming dynamic streams: 100
        Tag/value: KEXS (Key exchange algorithms) (l=4), Curve25519
            Tag Type: KEXS (Key exchange algorithms)
            Tag offset end: 244
            [Tag length: 4]
            Tag/value: 43323535
            Key exchange algorithms: C255 (Curve25519)
        Tag/value: XLCT (Expected leaf certificate) (l=8)
            Tag Type: XLCT (Expected leaf certificate)
            Tag offset end: 252
            [Tag length: 8]
            Tag/value: 4dd4b12ffd5d8c36
            Expected leaf certificate: 4dd4b12ffd5d8c36
        Tag/value: CSCT (Signed cert timestamp (RFC6962) of leaf cert) (l=0)
            Tag Type: CSCT (Signed cert timestamp (RFC6962) of leaf cert)
            Tag offset end: 252
            [Tag length: 0]
            Tag/value: <MISSING>
            Signed cert timestamp: <MISSING>
        Tag/value: COPT (Connection options) (l=12)
            Tag Type: COPT (Connection options)
            Tag offset end: 264
            [Tag length: 12]
            Tag/value: 41434b44414b44554e535450
            Connection options: ACKD
            Connection options: AKDU
            Connection options: NSTP
        Tag/value: CCRT (Cached certificates) (l=16)
            Tag Type: CCRT (Cached certificates)
            Tag offset end: 280
            [Tag length: 16]
            Tag/value: 4dd4b12ffd5d8c366032cb92a0414ddf
            Cached certificates: 4dd4b12ffd5d8c366032cb92a0414ddf
        Tag/value: CFCW (Initial session/connection) (l=4): 15728640
            Tag Type: CFCW (Initial session/connection)
            Tag offset end: 284
            [Tag length: 4]
            Tag/value: 0000f000
            Initial session/connection: 15728640
        Tag/value: SFCW (Initial stream flow control) (l=4): 6291456
            Tag Type: SFCW (Initial stream flow control)
            Tag offset end: 288
            [Tag length: 4]
            Tag/value: 00006000
            Initial stream flow control: 6291456
    PADDING Length: 863
        Frame Type: PADDING (0x00)
        [Padding Length: 863]
        Padding: 000000000000000000000000000000000000000000000000000000000000000000000000…

->
316   4.652478   173.194.187.233   10.3.0.3   GQUIC   1382   Rejection, PKN: 1, CID: 9655794248220275632   14:45:31.630908

Code: [Select]
Frame 316: 1382 bytes on wire (11056 bits), 1382 bytes captured (11056 bits)
Null/Loopback
Internet Protocol Version 4, Src: 173.194.187.233, Dst: 10.3.0.3
User Datagram Protocol, Src Port: 443, Dst Port: 64341
    Source Port: 443
    Destination Port: 64341
    Length: 1358
    Checksum: 0xdde3 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 3]
    [Timestamps]
    UDP payload (1350 bytes)
GQUIC (Google Quick UDP Internet Connections)
    Public Flags: 0x08
    CID: 9655794248220275632
    Packet Number: 1
    Message Authentication Hash: 5dbce39e00d6397da95c6f63
    ACK (Special Frame Type)
        Frame Type: ACK (Special Frame Type) (0x40)
        Largest Acked: 1
        Largest Acked Delta Time: 1129
        First Ack block length: 1
        Num Timestamp: 0
    STOP_WAITING
        Frame Type: STOP_WAITING (0x06)
        Least unacked delta: 0
    STREAM (Special Frame Type) Stream ID: 1, Type: REJ (Rejection)
        Frame Type: STREAM (Special Frame Type) (0xa0)
        Stream ID: 1 (Reserved for (G)QUIC handshake, crypto, config updates...)
        Data Length: 594
        Tag: REJ (Rejection)
        Tag Number: 7
        Padding: 0000
        Tag/value: STK (Source Address Token) (l=56)
            Tag Type: STK (Source Address Token)
            Tag offset end: 56
            [Tag length: 56]
            Tag/value: 9e93043bc00176a9c03812a2fa166a03bc074ca435d39226ba34207ef361ebc46ffe25df…
            Source-address token: 9e93043bc00176a9c03812a2fa166a03bc074ca435d39226ba34207ef361ebc46ffe25df…
        Tag/value: SNO (Server nonce) (l=52)
            Tag Type: SNO (Server nonce)
            Tag offset end: 108
            [Tag length: 52]
            Tag/value: 45ed20d4d498e528dea613a163894abc81e6e21cfcce9f9835f7a95db7e3d026edd32b3e…
            Server nonce: 45ed20d4d498e528dea613a163894abc81e6e21cfcce9f9835f7a95db7e3d026edd32b3e…
        Tag/value: PROF (Proof (Signature)) (l=256)
            Tag Type: PROF (Proof (Signature))
            Tag offset end: 364
            [Tag length: 256]
            Tag/value: 8ff366ede919ede938eb1b4fe0c149d2df5bbc769b8c57093526b3c8eae8b8313e2f6639…
            Proof (Signature): 8ff366ede919ede938eb1b4fe0c149d2df5bbc769b8c57093526b3c8eae8b8313e2f6639…
        Tag/value: SCFG (Server Config) (l=135)
            Tag Type: SCFG (Server Config)
            Tag offset end: 499
            [Tag length: 135]
            Tag/value: 534346470600000041454144080000005343494418000000505542533b0000004b455853…
            Server Config Tag: SCFG
            Number Server Config Tag: 6
            Tag/value: AEAD (Authenticated encryption algorithms) (l=8), AES-GCM with a 12-byte tag and IV, Unknown
                Tag Type: AEAD (Authenticated encryption algorithms)
                Tag offset end: 8
                [Tag length: 8]
                Tag/value: 4145534743433230
                Authenticated encryption algorithms: AESG (AES-GCM with a 12-byte tag and IV)
                Authenticated encryption algorithms: CC20 (Unknown)
            Tag/value: SCID (Server config ID) (l=16)
                Tag Type: SCID (Server config ID)
                Tag offset end: 24
                [Tag length: 16]
                Tag/value: 21b0521101193d259cacb4cc3915e237
                Server Config ID: 21b0521101193d259cacb4cc3915e237
            Tag/value: PUBS (Public value) (l=35)
                Tag Type: PUBS (Public value)
                Tag offset end: 59
                [Tag length: 35]
                Tag/value: 200000cea92e9c6470ac4648af5d13941168404a650bfb7ca97544dab9f49099748465
                Public value: 32 (0x000020)
                Public value: 11128320 (0xa9ce00)
                Public value: 6593582 (0x649c2e)
                Public value: 4631664 (0x46ac70)
                Public value: 6139720 (0x5daf48)
                Public value: 1152019 (0x119413)
                Public value: 4866152 (0x4a4068)
                Public value: 16452453 (0xfb0b65)
                Public value: 7711100 (0x75a97c)
                Public value: 12180036 (0xb9da44)
                Public value: 10064116 (0x9990f4)
                Public value: 6653044 (0x658474)
            Tag/value: KEXS (Key exchange algorithms) (l=4), Curve25519
                Tag Type: KEXS (Key exchange algorithms)
                Tag offset end: 63
                [Tag length: 4]
                Tag/value: 43323535
                Key exchange algorithms: C255 (Curve25519)
            Tag/value: OBIT (Server Orbit) (l=8)
                Tag Type: OBIT (Server Orbit)
                Tag offset end: 71
                [Tag length: 8]
                Tag/value: b4bbcd2d2fdc99ba
                Server orbit: b4bbcd2d2fdc99ba
            Tag/value: EXPY (Expiry) (l=8)
                Tag Type: EXPY (Expiry)
                Tag offset end: 79
                [Tag length: 8]
                Tag/value: 53ee476100000000
                Expiry: 1632104019
       [b] Tag/value: RREJ (Reasons for server sending) (l=4), Code Couldn't find the Server config id (kSCID)
            Tag Type: RREJ (Reasons for server sending)
            Tag offset end: 503
            [Tag length: 4]
            Tag/value: 0d000000
            Reasons for server sending: Couldn't find the Server config id (kSCID) (13)[/b]
        Tag/value: STTL (Server Config TTL) (l=8)
            Tag Type: STTL (Server Config TTL)
            Tag offset end: 511
            [Tag length: 8]
            Tag/value: c7fae90000000000
            Server Config TTL: 15334087
        Tag/value: CRT� (Certificate chain) (l=19)
            Tag Type: CRT� (Certificate chain)
            Tag offset end: 530
            [Tag length: 19]
            Tag/value: 024dd4b12ffd5d8c36026032cb92a0414ddf00
            Certificate chain: 024dd4b12ffd5d8c36026032cb92a0414ddf00
    PADDING Length: 721
        Frame Type: PADDING (0x00)
        [Padding Length: 721]
        Padding: 000000000000000000000000000000000000000000000000000000000000000000000000…
   

I think the most important thing here is:
        Tag/value: RREJ (Reasons for server sending) (l=4), Code Couldn't find the Server config id (kSCID)
            Tag Type: RREJ (Reasons for server sending)
            Tag offset end: 503
            [Tag length: 4]
            Tag/value: 0d000000
            Reasons for server sending: Couldn't find the Server config id (kSCID) (13)

On the PC (and everywhere else where it works), however, "QUIC" seems to be used. Not "GQUIC".

Of course, I'm not even sure if it's GQUIC or if I've gotten too attached to it and it might be due to something else entirely.
Unfortunately I haven't found any other post where someone had this problem regarding YouTube, so I would be very happy if anyone here could help me with this strange problem.

With kind regards
Martin

p.s.: In case you are wondering I already postet this question in German in the German forums but no one could help me there

5
German - Deutsch / IDS Eigene Regel hinzufügen
« on: March 30, 2021, 04:11:45 pm »
Hallo,

ich versuche gerade gemäß https://forum.opnsense.org/index.php?topic=7209.0 meine eigenen Suricata Regeln hinzuzufügen. Das scheitert jedoch daran, dass die Regeln nicht installiert/updated werden.
Die custom hinzugefügte Regeln bleiben bei "Not installed".

Steps zum reproduzieren:

1) Füge suricata/custom.rules zu der Website hinzu und schreibe da die Regeln rein. Habe jetzt myname.github.io benutzt. Das sollte doch klappen oder? Ist ja quasi ne normale website. Curl funktioniert auch:
Code: [Select]
curl https://myname.github.io/suricata/custom.rules
# This rule drops all tcp traffic on User Ports from the internet to your local network
drop tcp $EXTERNAL_NET any -> $HOME_NET [1024:1025] (msg:"Block User Ports"; classtype:bad-unknown; sid:9900001; rev:1;)
2) Erstelle custom.xml in /usr/local/opnsense/scripts/suricata/metadata/rules/ :
Code: [Select]
<?xml version="1.0"?>
<ruleset documentation_url="http://docs.opnsense.org/">
    <location url="https://myname.github.io/suricata/" prefix="custom"/>
    <files>
        <file description="CUSTOM RULES">custom.rules</file>
        <file description="Custom" url="inline::rules/custom.rules">custom.rules</file>
    </files>
</ruleset>

3) IDS Neustarten.
4) Ruleset finden und enablen.
5) "Download & Update Rules"

Und dann hängt sich Suricata genau bei der Regel auf. D.h. der Button zeigt an, dass geladen wird aber nix passiert mehr. Nach einem reload sieht man, dass nur die Regeln vor der custom rule geupdated haben.

Kann mir wer helfen was hier falsch ist?

P.S. Ich habe es übrigens auch mit raw.github... probiert - ging auch nicht. Bitte sagt mir nicht ich muss jetzt ernsthaft nen eigenen Webserver anmieten um vielleicht 3 Rules bereitzustellen...

Vielen Dank schon mal
MfG Martin


6
German - Deutsch / Re: YouTube / GQUIC probleme
« on: March 29, 2021, 10:58:56 am »
YouTube denkt tatsächlich das die IP in den USA wäre. Meinst du es liegt daran? US IPs sollten die ja eigentlich nicht sperren...

7
German - Deutsch / Re: YouTube / GQUIC probleme
« on: March 27, 2021, 12:53:41 pm »
89 Views und keine Antwort. Das sagt viel. Ich glaube ich schreib das nochmal ins Englische Forum 😅

8
German - Deutsch / YouTube / GQUIC probleme
« on: March 26, 2021, 04:30:26 pm »
Hallo,

ich habe eine OPNsense über eine VM Cloud am laufen mit der ich über Wireguard connecte. Das alles funktioniert wunderbar. Die einzige Ausnahme: YouTube. Genauer gesagt YouTube und "YouTube Music" als iOS App Variante.
Jedes mal wenn ich mir ein Video anschauen möchte (oder bei YouTube Music einen Song an mache) bleibt dies erstmal schwarz und lädt teilweise 30 Sekunden bis 1 Minute (!!) bevor es dann letztendlich doch abspielt.

Ich habe auf der FW Suricata und Unbound am laufen.
- Unbound blockt die gesendeten DNS anfragen (*.googlevideo etc.) nicht.
- Suricata ist sowieso nur im "Alert" modus, blockt also auch nix.
- In den Firewall Logs konnte ich zur Abspielzeit auch keinen block/reject feststellen.
- Am wichtigsten: Sowohl am PC, als auch unter iOS, nur eben über den Browser, funktioniert YouTube (-Music) ohne Probleme! Super schnelle Ladezeiten, fast als ob ich ohne FW unterwegs wäre.

Ich habe verschiedene PCAPs unter verschiedenen Bedingungen gecaptured und konnte feststellen, dass der einzige Unterschied den ich erkennen konnte war, dass über die YouTube App UDP "GQUIC" Pakete ausgetauscht wurden. Diese endeten nach dem Client-Hello zunächst in Rejects, und zu der Zeit in der das Video dann endlich abspielte kam dann auch "Payload (Encrypted)" hinzu.

Beispiel Pakete:
307   4.647638   10.3.0.3   173.194.187.233   GQUIC   126   Client Hello, PKN: 1, CID: 9655794248220275632   14:45:31.626068

Code: [Select]
Frame 307: 126 bytes on wire (1008 bits), 126 bytes captured (1008 bits)
Null/Loopback
Internet Protocol Version 4, Src: 10.3.0.3, Dst: 173.194.187.233
User Datagram Protocol, Src Port: 64341, Dst Port: 443
    Source Port: 64341
    Destination Port: 443
    Length: 1358
    Checksum: 0x7d08 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 3]
    [Timestamps]
    UDP payload (1350 bytes)
GQUIC (Google Quick UDP Internet Connections)
    Public Flags: 0x0d
    CID: 9655794248220275632
    Version: Q043
    Packet Number: 1
    Message Authentication Hash: f0ff80e7055b29d2c3e9d438
    STREAM (Special Frame Type) Stream ID: 1, Type: CHLO (Client Hello)
        Frame Type: STREAM (Special Frame Type) (0xa0)
        Stream ID: 1 (Reserved for (G)QUIC handshake, crypto, config updates...)
        Data Length: 456
        Tag: CHLO (Client Hello)
        Tag Number: 20
        Padding: 0000
        Tag/value: SNI (Server Name Indication) (l=32): r4---sn-4g5ednly.googlevideo.com
            Tag Type: SNI (Server Name Indication)
            Tag offset end: 32
            [Tag length: 32]
            Tag/value: 72342d2d2d736e2d34673565646e6c792e676f6f676c65766964656f2e636f6d
            Server Name Indication: r4---sn-4g5ednly.googlevideo.com
        Tag/value: STK (Source Address Token) (l=56)
            Tag Type: STK (Source Address Token)
            Tag offset end: 88
            [Tag length: 56]
            Tag/value: b5e068274ab69c1d3abce10b7768c84fb30b7bd2eaf2692200488b35a441fee1ec48e55f…
            Source-address token: b5e068274ab69c1d3abce10b7768c84fb30b7bd2eaf2692200488b35a441fee1ec48e55f…
        Tag/value: VER (Version) (l=4): Q043
            Tag Type: VER (Version)
            Tag offset end: 92
            [Tag length: 4]
            Tag/value: 51303433
            Version: Q043
        Tag/value: CCS (Common Certificate Sets) (l=16)
            Tag Type: CCS (Common Certificate Sets)
            Tag offset end: 108
            [Tag length: 16]
            Tag/value: 01e8816092921ae87eed8086a2158291
            Common certificate sets: 0x01e8816092921ae8
            Common certificate sets: 0x7eed8086a2158291
        Tag/value: NONC (Client Nonce) (l=32)
            Tag Type: NONC (Client Nonce)
            Tag offset end: 140
            [Tag length: 32]
            Tag/value: 605df38b00e03098f4cc8d8147011b48bbd9078347e5d6bbfa1368139dff6435
            Client nonce: 605df38b00e03098f4cc8d8147011b48bbd9078347e5d6bbfa1368139dff6435
        Tag/value: AEAD (Authenticated encryption algorithms) (l=4), AES-GCM with a 12-byte tag and IV
            Tag Type: AEAD (Authenticated encryption algorithms)
            Tag offset end: 144
            [Tag length: 4]
            Tag/value: 41455347
            Authenticated encryption algorithms: AESG (AES-GCM with a 12-byte tag and IV)
        Tag/value: SCID (Server config ID) (l=16)
            Tag Type: SCID (Server config ID)
            Tag offset end: 160
            [Tag length: 16]
            Tag/value: caafdaefae9ddcc8129e17fc1e3c0044
            Server Config ID: caafdaefae9ddcc8129e17fc1e3c0044
        Tag/value: TCID (Connection ID truncation) (l=4)
            Tag Type: TCID (Connection ID truncation)
            Tag offset end: 164
            [Tag length: 4]
            Tag/value: 00000000
            Connection ID truncation: 0 (0x00000000)
        Tag/value: PDMD (Proof Demand) (l=4): X509
            Tag Type: PDMD (Proof Demand)
            Tag offset end: 168
            [Tag length: 4]
            Tag/value: 58353039
            Proof demand: X509
        Tag/value: ICSL (Idle connection state) (l=4)
            Tag Type: ICSL (Idle connection state)
            Tag offset end: 172
            [Tag length: 4]
            Tag/value: 1e000000
            Idle connection state: 30 (0x0000001e)
        Tag/value: NONP (Client Proof Nonce) (l=32)
            Tag Type: NONP (Client Proof Nonce)
            Tag offset end: 204
            [Tag length: 32]
            Tag/value: 54c7e1f215b233c59aeff9a622b9510b5bb177262f9c4464acef8de289b7568f
            Client Proof nonce: 54c7e1f215b233c59aeff9a622b9510b5bb177262f9c4464acef8de289b7568f
        Tag/value: PUBS (Public value) (l=32)
            Tag Type: PUBS (Public value)
            Tag offset end: 236
            [Tag length: 32]
            Tag/value: e743f9acb79fc55f5287dadfb6933741adf0daf01aeec18899f10746dffc3458
            Public value: 17383 (0x0043e7)
            Public value: 12037369 (0xb7acf9)
            Public value: 6276511 (0x5fc59f)
            Public value: 14321490 (0xda8752)
            Public value: 9680607 (0x93b6df)
            Public value: 11354423 (0xad4137)
            Public value: 15784688 (0xf0daf0)
            Public value: 12709402 (0xc1ee1a)
            Public value: 15833480 (0xf19988)
            Public value: 14632455 (0xdf4607)
            Public value: 5780732 (0x5834fc)
        Tag/value: MIDS (Max incoming dynamic streams) (l=4): 100
            Tag Type: MIDS (Max incoming dynamic streams)
            Tag offset end: 240
            [Tag length: 4]
            Tag/value: 64000000
            Max incoming dynamic streams: 100
        Tag/value: KEXS (Key exchange algorithms) (l=4), Curve25519
            Tag Type: KEXS (Key exchange algorithms)
            Tag offset end: 244
            [Tag length: 4]
            Tag/value: 43323535
            Key exchange algorithms: C255 (Curve25519)
        Tag/value: XLCT (Expected leaf certificate) (l=8)
            Tag Type: XLCT (Expected leaf certificate)
            Tag offset end: 252
            [Tag length: 8]
            Tag/value: 4dd4b12ffd5d8c36
            Expected leaf certificate: 4dd4b12ffd5d8c36
        Tag/value: CSCT (Signed cert timestamp (RFC6962) of leaf cert) (l=0)
            Tag Type: CSCT (Signed cert timestamp (RFC6962) of leaf cert)
            Tag offset end: 252
            [Tag length: 0]
            Tag/value: <MISSING>
            Signed cert timestamp: <MISSING>
        Tag/value: COPT (Connection options) (l=12)
            Tag Type: COPT (Connection options)
            Tag offset end: 264
            [Tag length: 12]
            Tag/value: 41434b44414b44554e535450
            Connection options: ACKD
            Connection options: AKDU
            Connection options: NSTP
        Tag/value: CCRT (Cached certificates) (l=16)
            Tag Type: CCRT (Cached certificates)
            Tag offset end: 280
            [Tag length: 16]
            Tag/value: 4dd4b12ffd5d8c366032cb92a0414ddf
            Cached certificates: 4dd4b12ffd5d8c366032cb92a0414ddf
        Tag/value: CFCW (Initial session/connection) (l=4): 15728640
            Tag Type: CFCW (Initial session/connection)
            Tag offset end: 284
            [Tag length: 4]
            Tag/value: 0000f000
            Initial session/connection: 15728640
        Tag/value: SFCW (Initial stream flow control) (l=4): 6291456
            Tag Type: SFCW (Initial stream flow control)
            Tag offset end: 288
            [Tag length: 4]
            Tag/value: 00006000
            Initial stream flow control: 6291456
    PADDING Length: 863
        Frame Type: PADDING (0x00)
        [Padding Length: 863]
        Padding: 000000000000000000000000000000000000000000000000000000000000000000000000…

->
316   4.652478   173.194.187.233   10.3.0.3   GQUIC   1382   Rejection, PKN: 1, CID: 9655794248220275632   14:45:31.630908

Code: [Select]
Frame 316: 1382 bytes on wire (11056 bits), 1382 bytes captured (11056 bits)
Null/Loopback
Internet Protocol Version 4, Src: 173.194.187.233, Dst: 10.3.0.3
User Datagram Protocol, Src Port: 443, Dst Port: 64341
    Source Port: 443
    Destination Port: 64341
    Length: 1358
    Checksum: 0xdde3 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 3]
    [Timestamps]
    UDP payload (1350 bytes)
GQUIC (Google Quick UDP Internet Connections)
    Public Flags: 0x08
    CID: 9655794248220275632
    Packet Number: 1
    Message Authentication Hash: 5dbce39e00d6397da95c6f63
    ACK (Special Frame Type)
        Frame Type: ACK (Special Frame Type) (0x40)
        Largest Acked: 1
        Largest Acked Delta Time: 1129
        First Ack block length: 1
        Num Timestamp: 0
    STOP_WAITING
        Frame Type: STOP_WAITING (0x06)
        Least unacked delta: 0
    STREAM (Special Frame Type) Stream ID: 1, Type: REJ (Rejection)
        Frame Type: STREAM (Special Frame Type) (0xa0)
        Stream ID: 1 (Reserved for (G)QUIC handshake, crypto, config updates...)
        Data Length: 594
        Tag: REJ (Rejection)
        Tag Number: 7
        Padding: 0000
        Tag/value: STK (Source Address Token) (l=56)
            Tag Type: STK (Source Address Token)
            Tag offset end: 56
            [Tag length: 56]
            Tag/value: 9e93043bc00176a9c03812a2fa166a03bc074ca435d39226ba34207ef361ebc46ffe25df…
            Source-address token: 9e93043bc00176a9c03812a2fa166a03bc074ca435d39226ba34207ef361ebc46ffe25df…
        Tag/value: SNO (Server nonce) (l=52)
            Tag Type: SNO (Server nonce)
            Tag offset end: 108
            [Tag length: 52]
            Tag/value: 45ed20d4d498e528dea613a163894abc81e6e21cfcce9f9835f7a95db7e3d026edd32b3e…
            Server nonce: 45ed20d4d498e528dea613a163894abc81e6e21cfcce9f9835f7a95db7e3d026edd32b3e…
        Tag/value: PROF (Proof (Signature)) (l=256)
            Tag Type: PROF (Proof (Signature))
            Tag offset end: 364
            [Tag length: 256]
            Tag/value: 8ff366ede919ede938eb1b4fe0c149d2df5bbc769b8c57093526b3c8eae8b8313e2f6639…
            Proof (Signature): 8ff366ede919ede938eb1b4fe0c149d2df5bbc769b8c57093526b3c8eae8b8313e2f6639…
        Tag/value: SCFG (Server Config) (l=135)
            Tag Type: SCFG (Server Config)
            Tag offset end: 499
            [Tag length: 135]
            Tag/value: 534346470600000041454144080000005343494418000000505542533b0000004b455853…
            Server Config Tag: SCFG
            Number Server Config Tag: 6
            Tag/value: AEAD (Authenticated encryption algorithms) (l=8), AES-GCM with a 12-byte tag and IV, Unknown
                Tag Type: AEAD (Authenticated encryption algorithms)
                Tag offset end: 8
                [Tag length: 8]
                Tag/value: 4145534743433230
                Authenticated encryption algorithms: AESG (AES-GCM with a 12-byte tag and IV)
                Authenticated encryption algorithms: CC20 (Unknown)
            Tag/value: SCID (Server config ID) (l=16)
                Tag Type: SCID (Server config ID)
                Tag offset end: 24
                [Tag length: 16]
                Tag/value: 21b0521101193d259cacb4cc3915e237
                Server Config ID: 21b0521101193d259cacb4cc3915e237
            Tag/value: PUBS (Public value) (l=35)
                Tag Type: PUBS (Public value)
                Tag offset end: 59
                [Tag length: 35]
                Tag/value: 200000cea92e9c6470ac4648af5d13941168404a650bfb7ca97544dab9f49099748465
                Public value: 32 (0x000020)
                Public value: 11128320 (0xa9ce00)
                Public value: 6593582 (0x649c2e)
                Public value: 4631664 (0x46ac70)
                Public value: 6139720 (0x5daf48)
                Public value: 1152019 (0x119413)
                Public value: 4866152 (0x4a4068)
                Public value: 16452453 (0xfb0b65)
                Public value: 7711100 (0x75a97c)
                Public value: 12180036 (0xb9da44)
                Public value: 10064116 (0x9990f4)
                Public value: 6653044 (0x658474)
            Tag/value: KEXS (Key exchange algorithms) (l=4), Curve25519
                Tag Type: KEXS (Key exchange algorithms)
                Tag offset end: 63
                [Tag length: 4]
                Tag/value: 43323535
                Key exchange algorithms: C255 (Curve25519)
            Tag/value: OBIT (Server Orbit) (l=8)
                Tag Type: OBIT (Server Orbit)
                Tag offset end: 71
                [Tag length: 8]
                Tag/value: b4bbcd2d2fdc99ba
                Server orbit: b4bbcd2d2fdc99ba
            Tag/value: EXPY (Expiry) (l=8)
                Tag Type: EXPY (Expiry)
                Tag offset end: 79
                [Tag length: 8]
                Tag/value: 53ee476100000000
                Expiry: 1632104019
       [b] Tag/value: RREJ (Reasons for server sending) (l=4), Code Couldn't find the Server config id (kSCID)
            Tag Type: RREJ (Reasons for server sending)
            Tag offset end: 503
            [Tag length: 4]
            Tag/value: 0d000000
            Reasons for server sending: Couldn't find the Server config id (kSCID) (13)[/b]
        Tag/value: STTL (Server Config TTL) (l=8)
            Tag Type: STTL (Server Config TTL)
            Tag offset end: 511
            [Tag length: 8]
            Tag/value: c7fae90000000000
            Server Config TTL: 15334087
        Tag/value: CRT� (Certificate chain) (l=19)
            Tag Type: CRT� (Certificate chain)
            Tag offset end: 530
            [Tag length: 19]
            Tag/value: 024dd4b12ffd5d8c36026032cb92a0414ddf00
            Certificate chain: 024dd4b12ffd5d8c36026032cb92a0414ddf00
    PADDING Length: 721
        Frame Type: PADDING (0x00)
        [Padding Length: 721]
        Padding: 000000000000000000000000000000000000000000000000000000000000000000000000…

Ich denke am wichtigsten ist hier:
        Tag/value: RREJ (Reasons for server sending) (l=4), Code Couldn't find the Server config id (kSCID)
            Tag Type: RREJ (Reasons for server sending)
            Tag offset end: 503
            [Tag length: 4]
            Tag/value: 0d000000
            Reasons for server sending: Couldn't find the Server config id (kSCID) (13)

Auf dem PC (und überall sonst wo es funktioniert) wird dagegen anscheinend "QUIC" verwendet. Nicht "GQUIC".

Ich bin mir natürlich nichtmal sicher ob es an GQUIC liegt oder ich mich zu sehr daran festgehangen habe und es an vielleicht ganz andere Ursachen hat.
Ich habe leider auch sonst noch keinen Post gefunden, in dem jemand dieses Problem bezüglich YouTube hatte, darum würde ich mich sehr freuen wenn mir irgendjemand hier bei diesem merkwürdigen Problem helfen könnte.

Mit freundlichen Grüßen
Martin

Pages: [1]
OPNsense is an OSS project © Deciso B.V. 2015 - 2024 All rights reserved
  • SMF 2.0.19 | SMF © 2021, Simple Machines
    Privacy Policy     | XHTML | RSS | WAP2