Hi,
J’ai des erreurs réseaux - j’ai bien l’impression.
Sur mon serveur au Canada, j’ai un serveur Web HTTPS port TCP 443.
15:46:29 root@lab3w:~ # /root/firewall-ipv6-ovh-lab3w.sh stop
/root/firewall-ipv6-ovh-lab3w.sh Stop
+ POLICY ACCEPT : [OK]
15:58:38 root@lab3w:~ # ip6tables -L -vn
Chain INPUT (policy ACCEPT 32 packets, 3145 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 38 packets, 9620 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 25 packets, 2889 bytes)
pkts bytes target prot opt in out source destination
15:58:44 root@lab3w:~ # ifconfig
[...]
vmbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 158.69.126.137 netmask 255.255.255.0 broadcast 158.69.126.255
inet6 2607:5300:60:9389::cafe prefixlen 128 scopeid 0x0<global>
inet6 2607:5300:60:9389::1 prefixlen 128 scopeid 0x0<global>
inet6 fe80::ec4:7aff:fe02:5fa4 prefixlen 64 scopeid 0x20<link>
ether 0c:c4:7a:02:5f:a4 txqueuelen 1000 (Ethernet)
RX packets 855979029 bytes 315675890940 (293.9 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 905988982 bytes 548508697914 (510.8 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[...]
16:06:29 root@lab3w:~ # netstat -lantup | grep apache
tcp 0 0 158.69.126.137:80 0.0.0.0:* LISTEN 12569/apache2
tcp 0 0 158.69.126.137:443 0.0.0.0:* LISTEN 12569/apache2
tcp 0 0 158.69.126.137:7071 0.0.0.0:* LISTEN 12569/apache2
tcp 0 0 158.69.126.137:443 47.128.59.59:58830 ESTABLISHED 14965/apache2
tcp6 0 0 2607:5300:60:9389::1:80 :::* LISTEN 12569/apache2
tcp6 0 0 2607:5300:60:9389:::443 :::* LISTEN 12569/apache2
tcp6 0 0 2607:5300:60:9389::7071 :::* LISTEN 12569/apache2
J’essaie de récupérer des informations avec la commande NMAP mais çà me répond « serveur down » - si j’envoie « -Pn » (Traitez tous les hôtes comme si « online » – ignorez la découverte d’hôtes) - Il me trouve (haha).
Et retour de la commande « nmap » depuis un serveur en Allemagne :
16:00:12 root@vps:~ # nmap --script ssl-enum-ciphers -p 443 www.zw3b.eu -6
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-13 16:00 CET
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.56 seconds
16:00:19 root@vps:~ # nmap --script ssl-enum-ciphers -p 443 www.zw3b.eu -6 -Pn
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-13 16:00 CET
Nmap scan report for www.zw3b.eu (2607:5300:60:9389::1)
Host is up.
Other addresses for www.zw3b.eu (not scanned): 158.69.126.137
rDNS record for 2607:5300:60:9389::1: wan.ipv10.net
PORT STATE SERVICE
443/tcp filtered https
Nmap done: 1 IP address (1 host up) scanned in 4.10 seconds
16:05:11 root@vps:~ # host www.zw3b.fr
www.zw3b.fr has address 158.69.126.137
www.zw3b.fr has IPv6 address 2607:5300:60:9389::1
Retour de Google :
16:05:01 root@vps:~ # nmap --script ssl-enum-ciphers -p 443 www.google.com -6 -Pn
Starting Nmap 7.80 ( https://nmap.org ) at 2023-11-13 16:05 CET
Nmap scan report for www.google.com (2a00:1450:4001:80f::2004)
Host is up (0.0017s latency).
Other addresses for www.google.com (not scanned): 142.250.185.100
rDNS record for 2a00:1450:4001:80f::2004: fra16s49-in-x04.1e100.net
PORT STATE SERVICE
443/tcp open https
| ssl-enum-ciphers:
| TLSv1.0:
| ciphers:
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| TLSv1.1:
| ciphers:
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| compressors:
| NULL
| cipher preference: server
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
| TLSv1.2:
| ciphers:
| TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (ecdh_x25519) - A
| TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256 (ecdh_x25519) - A
| TLS_RSA_WITH_3DES_EDE_CBC_SHA (rsa 2048) - C
| TLS_RSA_WITH_AES_128_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_128_GCM_SHA256 (rsa 2048) - A
| TLS_RSA_WITH_AES_256_CBC_SHA (rsa 2048) - A
| TLS_RSA_WITH_AES_256_GCM_SHA384 (rsa 2048) - A
| compressors:
| NULL
| cipher preference: client
| warnings:
| 64-bit block cipher 3DES vulnerable to SWEET32 attack
|_ least strength: C
Nmap done: 1 IP address (1 host up) scanned in 0.93 seconds
La route IPv6 depuis l’Allemagne :
16:15:46 root@vps:~ # ip -6 r g 2607:5300:60:9389::1
2607:5300:60:9389::1 from :: via 2001:41d0:701:1100::1 dev vmbr0 src 2001:41d0:701:1100::6530 metric 1024 pref medium
Qu’en dites vous ?
J’ai trouvé l’erreur 
sorry 
16:23:56 root@lab3w:~ # ip -6 r g 2a00:1450:4001:80f::2004
2a00:1450:4001:80f::2004 from :: via 2607:5300:60:93ff:ff:ff:ff:fe dev vmbr0 src 2607:5300:60:9389::1 metric 1024 pref medium
16:24:26 root@lab3w:~ # ip -6 r g 2001:41d0:701:1100::6530
2001:41d0:701:1100::6530 from :: dev ppp0 src 2607:5300:60:9389:0:3:0:137 metric 1024 pref medium
J’allez en Allemagne à travers mon IPsec - Et que d’un côté. çà ne pouvez pas fonctionner.
Salutations.
Romain