Hello everybody We are still having issues with the MTU detection. At the moment, we are translating on our Internet-Router and internal Loadbalancers are unaware or unable to talk back to the webserver, if the MTU is smaller than usual. This happens usually with Tunnelbrokers or some (self built) Firewall/Routers. Hope, we will bring IPv6 deeper into our network until Q2/2020 and fix that nasty issue with that. If Nico could try to look into his MTU and perhaps share it's hardware specs? I am connecting with EdgeRouter Pro and through INIT7/Fiber7. :~$ curl -6 -l -v https://sbb.ch * Rebuilt URL to: https://sbb.ch/ * Trying 2a00:4bc0:ffff:ffff::c296:f58e... * TCP_NODELAY set * Connected to sbb.ch (2a00:4bc0:ffff:ffff::c296:f58e) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/certs/ca-certificates.crt CApath: /etc/ssl/certs * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 * ALPN, server accepted to use http/1.1 * Server certificate: * subject: jurisdictionC=CH; jurisdictionST=Bern; serialNumber=CHE-102.909.703; businessCategory=Private Organization; C=CH; ST=Bern; L=Bern; O=Schweizerische Bundesbahnen SBB; OU=IT; CN=www.sbb.ch * start date: Jul 25 14:52:45 2019 GMT * expire date: Jul 25 14:52:45 2021 GMT * subjectAltName: host "sbb.ch" matched cert's "sbb.ch" * issuer: C=CH; O=SwissSign AG; CN=SwissSign EV Gold CA 2014 - G22 * SSL certificate verify ok. Regards, Urs Urs Müller Schweizerische Bundesbahnen SBB Senior Architekt IT Operations Management - Service Design Lindenhofstrasse 1 - Worblaufen, 3000 Bern 65 urs.bf.mueller(a)sbb.ch / www.sbb.ch   -----Ursprüngliche Nachricht----- Von: swinog-bounces(a)lists.swinog.ch <swinog-bounces(a)lists.swinog.ch> Im Auftrag von Silvan M. Gebhardt Gesendet: Montag, 21. Oktober 2019 09:59 An: Benoit Panizzon <benoit.panizzon(a)imp.ch> Cc: swinog <swinog(a)lists.swinog.ch> Betreff: Re: [swinog] SBB partially reachable via IPv6 SBB is a test case for proper MTU. Check your MTU ;) ----- Ursprüngliche Mail ----- Von: "Benoit Panizzon" <benoit.panizzon(a)imp.ch> An: "swinog" <swinog(a)lists.swinog.ch> Gesendet: Montag, 21. Oktober 2019 07:40:15 Betreff: Re: [swinog] SBB partially reachable via IPv6 Works for me: $ telnet sbb.ch https Trying 2a00:4bc0:ffff:ffff::c296:f58e... Connected to sbb.ch. $ openssl s_client -connect sbb.ch:https CONNECTED(00000003) depth=2 C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2 verify return:1 depth=1 C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22 verify return:1 depth=0 jurisdictionC = CH, jurisdictionST = Bern, serialNumber = CHE-102.909.703, businessCategory = Private Organization, C = CH, ST = Bern, L = Bern, O = Schweizerische Bundesbahnen SBB, OU = IT, CN = www.sbb.ch verify return:1 --- Certificate chain 0 s:jurisdictionC = CH, jurisdictionST = Bern, serialNumber = CHE-102.909.703, businessCategory = Private Organization, C = CH, ST = Bern, L = Bern, O = Schweizerische Bundesbahnen SBB, OU = IT, CN = www.sbb.ch i:C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22 1 s:C = CH, O = SwissSign AG, CN = SwissSign EV Gold CA 2014 - G22 i:C = CH, O = SwissSign AG, CN = SwissSign Gold CA - G2 Mit freundlichen Grüssen -Benoît Panizzon- -- I m p r o W a r e A G - Leiter Commerce Kunden ______________________________________________________ Zurlindenstrasse 29 Tel +41 61 826 93 00 CH-4133 Pratteln Fax +41 61 826 93 01 Schweiz Web http://www.imp.ch ______________________________________________________ _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog _______________________________________________ swinog mailing list swinog(a)lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog

Good late morning, All fixed by now - I was notified that ipv6/https was unreachable due to maintenance at SBB last night. curl -6 -I -v https://sbb.ch as well as a real browser now work again. Thanks everyone for the fast response! Sunny greetings from Glarus, Nico p.s.: MTU on my test boxes was 9000 and 1500, both had the same issue yesterday. Müller Urs (IT-OM-SDP-SDN) <urs.bf.mueller(a)sbb.ch> writes: -- Modern, affordable, Swiss Virtual Machines. Visit www.datacenterlight.ch