> I tried different ISPs to which I have access and I can't establish a > IPv6 connection to port TCP/443 to neither 2a02:a90:c400:4001::2 nor > 2a02:a90:c400:5001::2 which seems the two loadbalancers responsible for > www.swisscom.ch except from a Swisscom Business DSL connection. > > Init7 -> fail
Strange, from AS13030 (Fiber7 residential), both IPs work fine. And I can't get a TLS 1.3 handshake to succeed, the load balancers seem to support only TLS 1.1 and 1.2. > Those incorrect checksums: are my systems generating incorrect checksums > or is it the swisscom side? It seems weird that different systems with > different OS at different customers would all start making wrong tcp > checksums. The incorrect checksums are only shown for packets sent by your client, so most likely not something Swisscom can do anything about. I wouldn't bother too much about them though, this can be caused by checksum offloading and is usually corrected after tcpdump has seen the packets. But it can't hurt to try turning such features on/off to see if it makes a difference. The first dump shows the client attempting a TCP handshake (multiple SYN messages), but there is no response from the server. Eventually, the server sends a RST, so it must have gotten some of your SYNs. The second dump shows a successful handshake (SYN, SYN+ACK, ACK) and some data being PuSHed by the client, which is ACKed by the server. Then the server sends a RST. This could indicate incorrect or incomplete packets being sent from your client. A failed TLS 1.3 handshake should look more like SYN, SYN+ACK, ACK, PSH+ACK, PSH+ACK, FIN+ACK. Perhaps something is wrong with your test client? Wrong MTU? OS issue? Did you try a different machine? _______________________________________________ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
