"No route to host" with ssl but not with telnet
- by Clemens Bergmann
I have a strange problem with connecting to a https site from one of my servers.
When I type:
telnet puppet 8140
I am presented with a standard telnet console and can talk to the Server as always:
Connected to athena.hidden.tld.
Escape character is '^]'.
GET / HTTP/1.1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<br />
Reason: You're speaking plain HTTP to an SSL-enabled server port.<br />
Instead use the HTTPS scheme to access this URL, please.<br />
<blockquote>Hint: <a href="https://athena.hidden.tld:8140/"><b>https://athena.hidden.tld:8140/</b></a></blockquote></p>
<hr>
<address>Apache/2.2.16 (Debian) Server at athena.hidden.tld Port 8140</address>
</body></html>
Connection closed by foreign host.
But when I try to connect to the same host and port with ssl:
openssl s_client -connect puppet:8140
It is not working
connect: No route to host
connect:errno=113
I am confused. At first it sounded like a firewall problem but this could not be, could it? Because this would also prevent the telnet connection.
As Firewall I am using ferm on both servers.
The systems are debian squeeze vm-boxes.
[edit 1]
Even when I try to connect directly with the IP address:
openssl s_client -connect 198.51.100.1:8140 #address exchanged
connect: No route to host
connect:errno=113
Bringing down the firewalls on both hosts with
service ferm stop
is also not helping.
But when I do
openssl s_client -connect localhost:8140
on the server machine it is connecting fine.
[edit 2]
if I connect to the IP with telnet it also is not working.
telnet 198.51.100.1 8140
Trying 198.51.100.1...
telnet: Unable to connect to remote host: No route to host
The confusion might come from IPv6. I have IPv6 on all my hosts. It seems that telnet uses IPv6 by default and this works.
For example:
telnet -6 puppet 8140
works but
telnet -4 puppet 8140
does not work. So there seems to be a problem with the IPv4 route. openssl seems to only (or by default) use IPv4 and therefore fails but telnet uses IPv6 and succeeds.