ERR_TUNNEL_CONNECTION_FAILED

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

ERR_TUNNEL_CONNECTION_FAILED

Ralf Hildebrandt
I'm getting "ERR_TUNNEL_CONNECTION_FAILED" errors in Chrome when
connecting to https://securefiles.laborberlin.com/

Squid logs:

1601906504.874      0 141.42.231.251 NONE_NONE/500 0 CONNECT securefiles.laborberlin.com:443 - HIER_NONE/- - accessRule=- -
1601906505.047      0 141.42.231.251 NONE_NONE/500 0 CONNECT securefiles.laborberlin.com:443 - HIER_NONE/- - accessRule=- -
1601906505.225      0 141.42.231.251 NONE_NONE/500 0 CONNECT securefiles.laborberlin.com:443 - HIER_NONE/- - accessRule=- -

The squid process should be able to resolve the hostname...

I explicitly set an dns_nameservers entry, like this:
dns_nameservers 141.42.5.156 141.42.5.157

Testin on the squid machine:

# dig +short @141.42.5.156 securefiles.laborberlin.com
607748248.dracoon.cloud.
# dig +short @141.42.5.156 607748248.dracoon.cloud
213.95.134.242

# dig +short @141.42.5.157 securefiles.laborberlin.com
607748248.dracoon.cloud.
# dig +short @141.42.5.157 607748248.dracoon.cloud
213.95.134.242

So what is the reason for the NONE_NONE/500 error?


Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
[hidden email]
https://www.charite.de
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: [ext] ERR_TUNNEL_CONNECTION_FAILED

Ralf Hildebrandt
* Ralf Hildebrandt <[hidden email]>:
> I'm getting "ERR_TUNNEL_CONNECTION_FAILED" errors in Chrome when
> connecting to https://securefiles.laborberlin.com/

And Firefox!

> # dig +short @141.42.5.156 607748248.dracoon.cloud
> 213.95.134.242

https://607748248.dracoon.cloud/
ist working ok!

Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
[hidden email]
https://www.charite.de
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: [ext] ERR_TUNNEL_CONNECTION_FAILED

Ralf Hildebrandt
In reply to this post by Ralf Hildebrandt
> 1601906504.874      0 141.42.231.251 NONE_NONE/500 0 CONNECT securefiles.laborberlin.com:443 - HIER_NONE/- - accessRule=- -
> 1601906505.047      0 141.42.231.251 NONE_NONE/500 0 CONNECT securefiles.laborberlin.com:443 - HIER_NONE/- - accessRule=- -
> 1601906505.225      0 141.42.231.251 NONE_NONE/500 0 CONNECT securefiles.laborberlin.com:443 - HIER_NONE/- - accessRule=- -

cache.log is more verbose with a similar domain (iris.charite.de):
2020/10/05 17:45:37| DNS error while resolving iris.charite.de: No valid address records

# dig +short @141.42.5.157 iris.charite.de
charite.science-it.ch.

# dig +short @141.42.5.157 charite.science-it.ch
iris.science-it.ch.
35.180.69.77

Huh? No valid address records?



Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netzwerk

Campus Benjamin Franklin (CBF)
Haus I | 1. OG | Raum 105
Hindenburgdamm 30 | D-12203 Berlin

Tel. +49 30 450 570 155
[hidden email]
https://www.charite.de
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users
Reply | Threaded
Open this post in threaded view
|

Re: [ext] ERR_TUNNEL_CONNECTION_FAILED

Alex Rousskov
On 10/5/20 11:46 AM, Ralf Hildebrandt wrote:

> 2020/10/05 17:45:37| DNS error while resolving iris.charite.de: No valid address records

> # dig +short @141.42.5.157 iris.charite.de
> charite.science-it.ch.

By "valid address records" Squid means "valid A or AAAA address
records". The above response does not contain such records.

Squid does not do DNS recursion, CNAME resolution, etc. Make sure your
resolver does all that.


HTH,

Alex.
_______________________________________________
squid-users mailing list
[hidden email]
http://lists.squid-cache.org/listinfo/squid-users