[SOLVED] Has anybody had success with QUIC / HTTP3?

Started by meyergru, January 05, 2023, 08:40:58 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 05, 2023, 08:40:58 PM Last Edit: January 09, 2023, 10:57:58 PM by meyergru
I have a running setup including IPv4 and IPv6, but I cannot for the life of me get QUIC to work.

Whenever I try https://cloudflare-quic.com or https://quic.nginx.org/ or https://http3.is/, nothing really happens.

When I try UDP functionality, it works fine, so I am at a loss as to why this does not work.

Has anyone gotten QUIC / HTTP/3 to work over OpnSense? And if so, how?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
January 05, 2023, 08:59:31 PM #1
I had to modify my chrome icon using the following command line.

"C:\Program Files\Google\Chrome\Application\chrome.exe" --enable-quic --quic-version=h3-29

then https://cloudflare-quic.com and https://http3.is both reported connected via HTTP/3 QUIC (maybe a refresh as well due to cache)

Using latest Opnsense 22.7.10_2
January 09, 2023, 10:57:07 PM #2 Last Edit: January 10, 2023, 02:22:45 AM by meyergru
Never mind, the problem is not OpnSense, but my Windows installation. Firefox and Chrome should now include QUIC support without further ado.

FWIW: I have tried another fresh Windows and it works, whereas I cannot lie my hand on what is wrong, because the problem occurs on my specific PC with every browser, even fresh installs with no plugins.

I suspect that the network stack is the problem, because there are many packages installed that alter it (e.g. Wireshark, VMware workstation). I have verified that UDP traffic on port 443 passes in and out when I use iperf3  and I also disabled the Windows firewall altogether. The packets do not get send when I use a new version of curl (which seems to use WinSock, like most browsers).

I can see with Wireshark that the UDP packets do not go out, while Windows Firewall log does show that it does not block them, either. I also disabled my Antivirus, to no avail. Maybe there are still some WFP filters active that block outgoing UDP packets in some layer between WinSock and network drivers. Probably those filters are still active even when the Antivirus software is disabled.

I am marking this problem as SOLVED now, because OpnSense is not the culprit.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
January 10, 2023, 10:20:20 AM #3
OMG. It was Avira. But only in the paid, not in the free version. You have to completely uninstall it to make QUIC work...
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 440 up, Bufferbloat A+
Print
Go Up Pages1
User actions