Greetings - I'm trying to setup ATS as a reverse proxy to enable IPv4 connectivity to IPv6 only servers. The HTTP side is working great with a couple of lines
In remap.yaml: map http://austin.localgroups.net/ http://[2001:550:9203:291::7223]/ In records.yaml: proxy.config.url_remap.pristine_host_hdr 1 However, trying to setup a similar SNI proxy isn't working. In records.yaml: proxy.config.http.connect_ports 443 In sni.yaml: ---8<--- sni: - fqdn: austin.localgroups.net tunnel_route: '[2001:550:9203:291::7223]:443' client_sni_policy: server_name ---8<--- However when attempting to connect via curl yields this: ---8<--- > curl -4 -vv https://austin.localgroups.net 13:52:36.148832 [0-0] * Host austin.localgroups.net:443 was resolved. 13:52:36.148945 [0-0] * IPv6: (none) 13:52:36.149031 [0-0] * IPv4: 38.57.161.59 13:52:36.149134 [0-0] * [HTTPS-CONNECT] adding wanted h2 13:52:36.149245 [0-0] * [HTTPS-CONNECT] added 13:52:36.149321 [0-0] * [HTTPS-CONNECT] connect, init 13:52:36.149391 [0-0] * Trying 38.57.161.59:443... 13:52:36.149483 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0 13:52:36.149517 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0 13:52:36.149585 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks 13:52:36.158710 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0 13:52:36.158832 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0 13:52:36.158917 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks 13:52:36.247079 [0-0] * ALPN: curl offers h2,http/1.1 13:52:36.247425 [0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1): 13:52:36.254439 [0-0] * CAfile: /etc/ssl/certs/ca-certificates.crt 13:52:36.254591 [0-0] * CApath: none 13:52:36.254738 [0-0] * [HTTPS-CONNECT] connect -> 0, done=0 13:52:36.254847 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 0, done=0 13:52:36.254938 [0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks 13:52:36.348592 [0-0] * TLSv1.3 (OUT), TLS alert, record overflow (534): 13:52:36.348705 [0-0] * TLS connect error: error:0A0000C6:SSL routines::packet length too long 13:52:36.348782 [0-0] * [HTTPS-CONNECT] connect, all attempts failed 13:52:36.348871 [0-0] * [HTTPS-CONNECT] connect -> 35, done=0 13:52:36.348974 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(block=0) -> 35, done=0 13:52:36.349054 [0-0] * [HTTPS-CONNECT] Curl_conn_connect(), filter returned 35 13:52:36.349167 [0-0] * closing connection #0 curl: (35) TLS connect error: error:0A0000C6:SSL routines::packet length too long ---8<--- I'm having difficulty debugging this, any suggestions? It seems like I may be missing something critical on the SNI/HTTPS config of ATS but I am unsure what. -Carl
