ERR Failed to serve quic connection; Cloudflare Quick Tunnels - cloudflare

I am attempting to host a local webpage for my friends to see and interact with over Cloudflare quick tunnels and attempted to start it following the guide here but when I do, it repeats this set of messages and repeats 4 or 5 times, and gives a 1033 error when I attempt to view the generated URL.
2022-08-12T20:37:27Z ERR Failed to serve quic connection error="Unauthorized: Failed to get tunnel" connIndex=0 ip=[removed]
2022-08-12T20:37:27Z ERR Register tunnel error from server side
error="Unauthorized: Failed to get tunnel" connIndex=0 ip=[removed]
2022-08-12T20:37:27Z INF Retrying connection in up to 2s seconds
connIndex=0 ip=[removed]
I have tried many times and am confident I am using the correct local URL, running
cloudflared tunnel --url http://localhost:60662
and the result is always the same.

Related

Unable to establish SSL connection upon wget on windows, accessing NASA CDDIS

I've been using wget to pull some .rnx files from the CDDIS NASA archives. This has been working no problem for ~200 iterations until now. Not sure what happened.
I'm receiving an SSL connection error that occurs on other files in the CDDIS website. when I try the same command for, say, www.google.com, the index file is downloaded fine to the given output directory.
I have found this solution thread for linux which seems like my issue:
Unable to establish SSL connection upon wget on Ubuntu 14.04 LTS
or
Unable to establish SSL connection, how do I fix my SSL cert?
I am on Windows 11. To be completely honest despite some googling and toying around with the ports (302/443) based on that thread, it's all a bit opaque on how I can fix this issue myself. Would really appreciate a bit more of a breakdown on how I might approach this problem.
>wget -P C:\Users\name\Desktop\brdc http://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz
--2022-05-01 17:47:05-- http://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz
Resolving cddis.nasa.gov (cddis.nasa.gov)... 198.118.199.52
Connecting to cddis.nasa.gov (cddis.nasa.gov)|198.118.199.52|:80... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz [following]
--2022-05-01 17:47:05-- https://cddis.nasa.gov/archive/gnss/data/daily/2021/001/21p/BRDC00IGS_R_20210010000_01D_MN.rnx.gz
Connecting to cddis.nasa.gov (cddis.nasa.gov)|198.118.199.52|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://urs.earthdata.nasa.gov/oauth/authorize?client_id=gDQnv1IO0j9O2xXdwS8KMQ&response_type=code&redirect_uri=https%3A%2F%2Fcddis.nasa.gov%2Fproxyauth&state=aHR0cDovL2NkZGlzLm5hc2EuZ292L2FyY2hpdmUvZ25zcy9kYXRhL2RhaWx5LzIwMjEvMDAxLzIxcC9CUkRDMDBJR1NfUl8yMDIxMDAxMDAwMF8wMURfTU4ucm54Lmd6 [following]
--2022-05-01 17:47:05-- https://urs.earthdata.nasa.gov/oauth/authorize?client_id=gDQnv1IO0j9O2xXdwS8KMQ&response_type=code&redirect_uri=https%3A%2F%2Fcddis.nasa.gov%2Fproxyauth&state=aHR0cDovL2NkZGlzLm5hc2EuZ292L2FyY2hpdmUvZ25zcy9kYXRhL2RhaWx5LzIwMjEvMDAxLzIxcC9CUkRDMDBJR1NfUl8yMDIxMDAxMDAwMF8wMURfTU4ucm54Lmd6
Resolving urs.earthdata.nasa.gov (urs.earthdata.nasa.gov)... 198.118.243.33
Connecting to urs.earthdata.nasa.gov (urs.earthdata.nasa.gov)|198.118.243.33|:443... connected.
Unable to establish SSL connection.

How can I troubleshoot Docker pull failing with HTTP 503 error?

I’ve used docker some in the past , I’m trying to introduce it at a new environment, but cannot get docker pull working. Keeps failing with 503 response.
What I could use help with is finding the underlying cause of this issue, so I can have the net/it admins fix whatever it is, be it firewall, ssl, proxy authentication, (all the usual suspects running docker/windows in a corporate network, ya know.)
Where can I look to see the root cause of pull failures to help them out? Also any specific diagnostic tests I could run to help figure this out would help.
I am able to hit registry-1.docker.io in general:
e.g.
curl https://registry-1.docker.io/v2/
{“errors”:[{“code”:“UNAUTHORIZED”,“message”:“authentication required”,“detail”:null}]}
I’ve poked through the logs in %localappdata%/docker, but have not been able to find anything.
the only thing I found at all was in dockerd.log:
2021-08-19T13:59:06Z dockerd time=“2021-08-19T13:59:06.656666400Z” level=debug msg="pulling blob “sha256:9da81141e74e38839836e81c2691d3c7ac54bf34272e5d4a636fc032150506a4"”
2021-08-19T13:59:06Z dockerd time=“2021-08-19T13:59:06.994330700Z” level=info msg=“Download failed, retrying (1/5): received unexpected HTTP status: 503 Service Unavailable”
Which does not really help. I know docker registry is not down, so this is not really a 503 from docker.
System info
OS: Windows 10 19043, WSL2 enabled (VM with virtualization enabled, if that matters)
Docker version 20.10.7, build f0df350
repro steps:
docker run -d -p 80:80 docker/getting-started
Unable to find image ‘docker/getting-started:latest’ locally
latest: Pulling from docker/getting-started
540db60ca938: Retrying in X seconds (repeats countdown a few times with increasing wait times )
0ae30075c5da: Retrying in X seconds
9da81141e74e: Retrying in X seconds
b2e41dd2ded0: Waiting
7f40e809fb2d: Waiting
758848c48411: Waiting
23ded5c3e3fe: Waiting
38a847d4d941: Waiting
docker: received unexpected HTTP status: 503 Service Unavailable. (finally)
See ‘docker run --help’.
Thanks.
JS
Answering my own question: I ran docker through fiddler, by setting the docker proxy to localhost:8888. Inspecting the body of the 503 response in fiddler, I was able to see the cause: The corporate firewall rules were blocking executable file transfers.

GnuTLS error -15 on vsftpd

I am using ubuntu server with vsftpd service, connecting over SSL. When connecting using Filezilla randomly getting below error.
Error: GnuTLS error -15: An unexpected TLS packet was received.
Error: GnuTLS error -15: An unexpected TLS packet was received.
Error: Failed to retrieve directory listing
It will be okay after restarting vsftpd service and will again showing after some days. tried reinstalling vsftpd service and regenerated certificate.
Here is my /etc/vsftpd.conf`
rsa_private_key_file=/etc/ssl/private/vsftpd.key
rsa_cert_file=/etc/ssl/private/vsftpd.pem
ssl_ciphers=HIGH
pasv_enable=YES
pasv_max_port=12110
pasv_min_port=12099
port_enable=YES
pasv_address=<ip>
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=NO
ssl_sslv2=NO
ssl_sslv3=NO
require_ssl_reuse=NO
allow_writeable_chroot=YES
pasv_promiscuous=YES
I have tried both active and passive mode and using ec2 instance and ports are opened on security groups. Tried same time different ISP ips and different location( not a local firewall issue).
Added the line seccomp_sandbox=NO on /etc/vsftpd.conf file solved my issue.

How to debug and fix intermittent SSL 'connection reset by peer' error?

We are having an occasional (1 in 100) error appear on our client (CentOS) when connecting to a server (Windows/IIS) over HTTPS.
The error is: SSL: Connection reset by peer.
Running openssl s_client -connect example.com:443 -prexit works 99% of the time but sometimes returns write:errno=104 confirming the connection reset issue.
Interestingly the handshake is a different (smaller) size when the connection is reset and fails but I cannot see how to actually see the handshake.
A successful connection is: SSL handshake has read 5308 bytes and written 319 bytes
A failed connection is: SSL handshake has read 5249 bytes and written 198 bytes
The same protocol (TLS) and cipher is used at all times.
Server side, the error in Windows Event log is: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 20. The Windows SChannel error state is 960.
Fatal error code 20 is Received a record with an incorrect MAC. This message is always fatal..
Can anyone help debug this further? As it's only an occasional issue I am struggling to think why it would happen. Thanks!
Not an application error, but most likely a low level error in the infrastructure. Not specific to SSL but to connection oriented sockets. Packet TTL expiring, network route changing or many others. Well written socket code will alway retry a few times before failing. This is very hard to debug becuase it is often not repeatable over short time periods.
Many years ago this error was making me crazy. Did everything I could to track it down, even wrote a monitor to walk the network graph of the system to make sure each node of the graph was functional and responding properly. About a year later the problem disappeared when a switch on the subnet was replaced. The switch was close to the application not to the nodes on the graph in the datacenter.

Notepad++ NppFTP [SFTP] Connection failed : Error reading socket

Does anyone know why I am unable to connect to my server using the Notepad++ NppFTP plugin with SFTP?
I have a CentOS 6.4 server with SSH on port 22.
When I try and connect using NppFTP I get the following output:
[NppFTP] Everything initialized
Connecting
[SFTP] Connection failed : Error reading socket
Unable to connect
Disconnected
This used to work when I had my SSH port set to 3264 but when I changed the SSH port back to 22 NppFTP stopped working. All the settings for the profile are correct including the right IP, username, password and port (22).
I can connect with SFTP using FileZilla and WinSCP successfully with these same SFTP details and I can connect with SSH using PuTTY.
I can connect with SFTP to other servers using NppFTP so I believe there is an issue in my server config I'm just not sure where or what.
I looked at the access logs but found no attempt at a connection from NppFTP, I turned the firewall off and still nothing.
In the end I got in touch with my server company and it turns out it was a problem on their end. This is what they had to say:
"This was caused by an IPS rule inspecting the network packets coming into the infrastructure, which helps identify brute force attacks."
Very strange, but after they made the change NppFTP can now connect successfully.