can`t support the quic in vultr

63 views
Skip to first unread message

贾连晨

unread,
Apr 9, 2021, 3:21:22 AM4/9/21
to OpenLiteSpeed Development
the quic problem confused me ,so i use vultr image flowing the guide  https://docs.litespeedtech.com/cloud/images/.

however i still can`t make  my web support the quic.

93B81F5A-693A-4D3B-A43A-AAC6DA8E5E5A.png
i have checked my setting  according to https://docs.litespeedtech.com/cp/cpanel/quic-http3/
in server
98247CB7-945D-4D85-919B-F86BEE569D4F.png
in virtual hosts
016ACBD2-853A-422A-8D33-FA1165BFE465.png
in listeners
40913104-D5D9-4852-BBF2-38A4C4EE8378.png
5183D76B-7D79-43B9-9FE9-3BC7CB86C721.png
(you can login in jialianchen.tk:7080,user:admin,password:654321 to check it in detail)
and my cert ie trusted.
22308AFB-3E8A-4934-A5D5-4C571A813CF2.png
and i had checked my 443 port
in client
```
$nc -z -v -u jialianchen.tk  443
```

in server
```
$tcpdump -i ens3  -A -s0 port 443 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
07:17:09.978729 IP 58.200.129.202.61062 > 66.42.41.167.vultr.com.443: UDP, length 1
E.....@.%.-m:...B*)...... .6X
```
i think i have checked all the settings,but it still doesn`t work.
F88EE01A-AAFB-402B-8667-63889FE34768.png
could you give me some advice?

贾连晨

unread,
Apr 9, 2021, 3:49:18 AM4/9/21
to OpenLiteSpeed Development
i try to use chrome://net-export/ to  recorde the detail ,
but i still can`t find the problem.

chrome-net-export-log.json

Eric

unread,
Apr 9, 2021, 4:05:20 AM4/9/21
to OpenLiteSpeed Development
Hi,

Seems they have firewall setup by default. 
`ufw status`
```
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
443/tcp                    ALLOW       Anywhere
7080/tcp                   ALLOW       Anywhere
22/tcp (v6)                ALLOW       Anywhere (v6)
22 (v6)                    DENY        Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
443/tcp (v6)               ALLOW       Anywhere (v6)
7080/tcp (v6)              ALLOW       Anywhere (v6)

```

Please run "ufw allow 443/udp" and it should just works.

贾连晨

unread,
Apr 9, 2021, 4:11:26 AM4/9/21
to OpenLiteSpeed Development
you are right!
i forget to check it!
thanks for your help!

Eric Leu

unread,
Apr 9, 2021, 4:22:26 AM4/9/21
to 贾连晨, OpenLiteSpeed Development
No problem 

--
You received this message because you are subscribed to a topic in the Google Groups "OpenLiteSpeed Development" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/openlitespeed-development/BTBW--1Pcjk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to openlitespeed-deve...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/openlitespeed-development/e79a57fa-6f41-4a4f-8d87-a799d399a6c3n%40googlegroups.com.

贾连晨

unread,
Apr 9, 2021, 5:02:49 AM4/9/21
to OpenLiteSpeed Development
but sadlly,i use the same setting in aws,it failed again.
this time the ufw is inactive.

in client
```
$ nc -z -v -u jialianchen.tk  443
Connection to jialianchen.tk port 443 [udp/https] succeeded!
```

in server
```
$sudo tcpdump -i eth0 -A -s0 port 443 and udp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:58:56.961705 IP 58.200.129.240.61712 > ip-172-31-10-96.ap-northeast-1.compute.internal.443: UDP, length 1
E.....@.....:.....
`.....  A.X
08:58:56.961754 IP 58.200.129.240.61712 > ip-172-31-10-96.ap-northeast-1.compute.internal.443: UDP, length 1
```

it seems the 443 port in udp had open?
i tried the chrome://net-export,could you give me some advice?
(and i think maybe `nc -z -v -u jialianchen.tk  443`is not the perfect way to test port 443, on the vultr  it just failed
chrome-net-export-log.json

Eric Leu

unread,
Apr 11, 2021, 10:08:11 PM4/11/21
to 贾连晨, OpenLiteSpeed Development
Hi,

It seems no UDP port 443 outgoing traffic from the server interface eth0. 
for example, 
Test client: validate your domain from https://http3check.net/
run this command from the server-side, tcpdump -i eth0 udp port 443 and dst 159.65.253.210

I guess you have a network-level firewall that blocked the traffic, please check your AWS firewall policy. 



Reply all
Reply to author
Forward
0 new messages