curl not working

Started by bbchucks, January 25, 2024, 05:45:44 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 25, 2024, 05:45:44 PM
i'm unable to connect to 45.90.28.111 (nextdns) using curl

doesn't work -
curl -v https://dns.nextdns.io/info --connect-to ::45.90.28.211:443
Connecting to hostname: 45.90.28.211
* Connecting to port: 443
* Trying 45.90.28.211:443...

working - i can connect -
curl -v https://dns.nextdns.io/info --connect-to ::76.76.2.11:443

anyone know why? can't seem to figure out whats wrong on opnsense.
January 25, 2024, 05:54:23 PM #1
if it connects on one, all is good from your side. Problem/limitation/disablement/etc. is on the other end.
January 25, 2024, 06:22:54 PM #2
thanks - just not making sense nextdns would block ip
January 25, 2024, 06:29:26 PM #3
just tried from my OPN.

Code Select
root@OPNsense:/tmp # curl -v https://dns.nextdns.io/info --connect-to ::45.90.28.211:443
* Connecting to hostname: 45.90.28.211
* Connecting to port: 443
*   Trying 45.90.28.211:443...
* Connected to 45.90.28.211 (45.90.28.211) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /usr/local/etc/ssl/cert.pem
*  CApath: none
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=dns.nextdns.io
*  start date: Nov 29 00:00:00 2023 GMT
*  expire date: Feb 27 23:59:59 2024 GMT
*  subjectAltName: host "dns.nextdns.io" matched cert's "dns.nextdns.io"
*  issuer: C=AT; O=ZeroSSL; CN=ZeroSSL ECC Domain Secure Site CA
*  SSL certificate verify ok.
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* using HTTP/2
* h2 [:method: GET]
* h2 [:scheme: https]
* h2 [:authority: dns.nextdns.io]
* h2 [:path: /info]
* h2 [user-agent: curl/8.1.2]
* h2 [accept: */*]
* Using Stream ID: 1 (easy handle 0x8010ec800)
> GET /info HTTP/2
> Host: dns.nextdns.io
> User-Agent: curl/8.1.2
> Accept: */*
>
< HTTP/2 200
< access-control-allow-origin: *
< content-type: application/json
< strict-transport-security: max-age=63072000; includeSubDomains; preload
< timing-allow-origin: *
< content-length: 84
< date: Thu, 25 Jan 2024 17:26:32 GMT
<
* Connection #0 to host 45.90.28.211 left intact
{"locationName": "🇬🇧 London, United Kingdom", "pop": "zepto-lon", "rtt": 9222}  root@OPNsense:/tmp #
January 25, 2024, 06:38:16 PM #4
thanks! for me -
curl -v https://dns.nextdns.io/info --connect-to ::45.90.28.211:443
* Connecting to hostname: 45.90.28.211
* Connecting to port: 443
*   Trying 45.90.28.211:443...


is there a firewall rule i can explicity allow this ip for anything?
January 25, 2024, 10:44:31 PM #5
sorry, I should have been much clearer.
I tried to say that the OS won't interfere by default. There is something either blocking on your side (firewall rules, services, etc.) or something by ISP or even the receiving server.
Start with the live log and move to packet capture if necessary.
Print
Go Up Pages1
User actions