"No route to host" with ssl but not with telnet

Posted by Clemens Bergmann on Server Fault See other posts from Server Fault or by Clemens Bergmann
Published on 2012-11-30T05:44:49Z Indexed on 2012/12/04 17:09 UTC
Read the original article Hit count: 365

Filed under:
|
|
|

I have a strange problem with connecting to a https site from one of my servers.

When I type:

 telnet puppet 8140

I am presented with a standard telnet console and can talk to the Server as always:

Connected to athena.hidden.tld.
Escape character is '^]'.
GET / HTTP/1.1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://athena.hidden.tld:8140/"><b>https://athena.hidden.tld:8140/</b></a></blockquote></p>
<hr>
<address>Apache/2.2.16 (Debian) Server at athena.hidden.tld Port 8140</address>
</body></html>
Connection closed by foreign host.

But when I try to connect to the same host and port with ssl:

openssl s_client -connect puppet:8140

It is not working

connect: No route to host
connect:errno=113

I am confused. At first it sounded like a firewall problem but this could not be, could it? Because this would also prevent the telnet connection.

As Firewall I am using ferm on both servers. The systems are debian squeeze vm-boxes.

[edit 1]

Even when I try to connect directly with the IP address:

openssl s_client -connect 198.51.100.1:8140 #address exchanged
connect: No route to host
connect:errno=113

Bringing down the firewalls on both hosts with

service ferm stop

is also not helping.

But when I do

openssl s_client -connect localhost:8140

on the server machine it is connecting fine.

[edit 2]

if I connect to the IP with telnet it also is not working.

telnet 198.51.100.1 8140
Trying 198.51.100.1...
telnet: Unable to connect to remote host: No route to host

The confusion might come from IPv6. I have IPv6 on all my hosts. It seems that telnet uses IPv6 by default and this works. For example:

telnet -6 puppet 8140

works but

telnet -4 puppet 8140

does not work. So there seems to be a problem with the IPv4 route. openssl seems to only (or by default) use IPv4 and therefore fails but telnet uses IPv6 and succeeds.

© Server Fault or respective owner

Related posts about linux

Related posts about ssl