Er hangt enkel een pfsense tussen waarbij er niets naar buiten worden geblokkeerd.
Pfsense staat wel ingesteld als prefer ipv6. In dat geval werkt de website niet.
Als ik de optie aanzet "Prefer to use IPv4 even if IPv6 is available" dan werkt de website wel.
Ondertussen niet meer.
Als ik op fpsense curl gebruik, dan werkt de website wel.
Code: Selecteer alles
Shell Output - curl -v https://navigator.emis.vito.be/rubriekenlijst -I
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 2001:6a8:a50:8007::91:443...
* Connected to navigator.emis.vito.be (2001:6a8:a50:8007::91) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /usr/local/share/certs/ca-root-nss.crt
* CApath: none
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [15 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [3174 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [36 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [36 bytes data]
* SSL connection using TLSv1.3 / TLS_CHACHA20_POLY1305_SHA256
* ALPN, server accepted to use h2
* Server certificate:
* subject: C=BE; ST=Antwerpen; O=Vlaamse Instelling voor Technologisch Onderzoek; OU=SNB; CN=navigator.emis.vito.be
* start date: Oct 15 00:00:00 2021 GMT
* expire date: Oct 15 23:59:59 2022 GMT
* subjectAltName: host "navigator.emis.vito.be" matched cert's "navigator.emis.vito.be"
* issuer: C=NL; O=GEANT Vereniging; CN=GEANT OV ECC CA 4
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
} [5 bytes data]
* Using Stream ID: 1 (easy handle 0x8014d0800)
} [5 bytes data]
> HEAD /rubriekenlijst HTTP/2
> Host: navigator.emis.vito.be
> user-agent: curl/7.80.0
> accept: */*
>
{ [5 bytes data]
< HTTP/2 200
< date: Sun, 13 Feb 2022 15:22:50 GMT
< expires: Thu, 19 Nov 1981 08:52:00 GMT
< cache-control: no-store, no-cache, must-revalidate
< pragma: no-cache
< set-cookie: secure_session_id=e78b03e20dfa7f75eaac1c30007fdf837d3604f1; path=/; HttpOnly
< content-type: text/html; charset=UTF-8
< strict-transport-security: max-age=16070400; includeSubDomains
< set-cookie: TS01993249=01c3c24a21cf4619167001419e195824613ac1c2ca1e380a2f754e9c637c390f8a3506fa172148300cb420003252417cea8b26f1affee63f2be74ea823deec59444a1b1899; Path=/; Domain=.navigator.emis.vito.be; Secure; HTTPOnly
<
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
* Connection #0 to host navigator.emis.vito.be left intact
HTTP/2 200
date: Sun, 13 Feb 2022 15:22:50 GMT
expires: Thu, 19 Nov 1981 08:52:00 GMT
cache-control: no-store, no-cache, must-revalidate
pragma: no-cache
set-cookie: secure_session_id=e78b03e20dfa7f75eaac1c30007fdf837d3604f1; path=/; HttpOnly
content-type: text/html; charset=UTF-8
strict-transport-security: max-age=16070400; includeSubDomains
set-cookie: TS01993249=01c3c24a21cf4619167001419e195824613ac1c2ca1e380a2f754e9c637c390f8a3506fa172148300cb420003252417cea8b26f1affee63f2be74ea823deec59444a1b1899; Path=/; Domain=.navigator.emis.vito.be; Secure; HTTPOnly