Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HTTP3 - QUIC connection could not be established #466

Open
stanthewizzard opened this issue Aug 7, 2024 · 5 comments
Open

HTTP3 - QUIC connection could not be established #466

stanthewizzard opened this issue Aug 7, 2024 · 5 comments

Comments

@stanthewizzard
Copy link

Hello

I have an issu with sslh.

With this settings:

pidfile:"/var/run/sslh.pid";
user: "nobody";

verbose:0;
numeric:false;
on_timeout:"tls";
listen:
(
    { host: "0.0.0.0"; is_udp: true; port: "443" },
    { host: "0.0.0.0"; port: "443" }
);

protocols:
(
     { name: "openvpn";                 host: "0.0.0.0"; port: "1194"; },
     { name: "tls";                     host: "192.168.0.30"; is_udp: true; port: "443"; regex_patterns: [  "\x51\x30\x35\x30" ]; },
     { name: "tls";                     host: "192.168.0.30"; port: "443"; },
);

Using https://http3check.net/

I got
QUIC connection could not be established

HTTP/1.1 200 OK
Alt-Svc: h3=":443"; ma=2592000
Content-Encoding: gzip
Content-Security-Policy: default-src 'self'; frame-src 'none'; object-src 'none'; style-src 'self' 'nonce-DeFXWWkg7pcGQhdd781ggpOuXU6at7qP'; frame-ancestors 'none'; base-uri 'self'
Content-Type: text/html; charset=utf-8
Date: Wed, 07 Aug 2024 09:23:37 GMT
Permissions-Policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), sync-xhr=(), xr-spatial-tracking=(), interest-cohort=()
Referrer-Policy: no-referrer;
Strict-Transport-Security: max-age=31536000;
Vary: Accept-Encoding
X-Content-Type-Options: nosniff;
X-Dns-Prefetch-Control: off
X-Frame-Options: SAMEORIGIN;
X-Robots-Tag: none;
X-Xss-Protection: 1; mode=block;
Content-Length: 557

Thanks for help

@yrutschle
Copy link
Owner

I don't know QUIC and the RFCs are too long for me to delve into right now, but it does not look like QUIC is simply "TLS over UDP", so the TLS probe would not work.

That said, if you're not share UDP 443 with another protocol, why not simply have your Web server listen to UDP 443, while sslh listens to TCP 443?

@stanthewizzard
Copy link
Author

stanthewizzard commented Aug 16, 2024

Good idea !

EDIT:
on FW (opnsense)
IP UDP directly to caddy ... HTTP3 is OK !
IP TCP to sshl ... also working
Very clever and I didn't have the idea
THANK YOU !!!!

@JoshuaPettus
Copy link

I'll do that myself, but if you ever do come up with a specific probe, that would be better

@stanthewizzard
Copy link
Author

you do that yourself ?

@JoshuaPettus
Copy link

Lol appologies, it was late when I saw this and responded. I mean to say yrutschle's solution does indeed work for the time being, but of course means I cant leverage udp for coturn or something else as well.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants