search

oerdnj / deb.sury.org

Public bugreports for anything ppa:ondrej/*
800 stars 26 forks source link

Unable to connect to packages.sury.org from my Debian VPS while connection from home isp works fine #2137

Closed juozaspo closed 1 month ago

juozaspo commented 1 month ago

Frequently asked questions

Describe the bug I'm unable to connect to Debian packages repository server from my Debian VPS (IP: 80.209.228.178), while connecting from my home ISP (IP: 78.63.212.187) works fine. Other sites such as main site works, only Debian package repository is broken. Happens since this morning.

To Reproduce Steps to reproduce the behavior:

  1. Try to connect from any affected network, not sure if any exists, Fail to do so
  2. Try to connect from any other unaffected isp, se it succeed

Your understanding of what is happening There's an issue with connection from my Debian VPS, not sure why, like ip/range/etc being blocked or similar where it shouldn't be.

What steps did you take to resolve issue yourself before reporting it here Try later, try to connect using home isp.

Expected behavior No connection issues while trying to update Debian packages on my Debian VPS

Distribution (please complete the following information):

Package(s) (please complete the following information): Any Debian php package from packages.sury.org

Additional context W: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease Could not connect to packages.sury.org:443 (195.238.127.98), connection timed out

seraphyn commented 1 month ago

Work as intended from my different networks and VPS Have tried to dig it, have you ping the site etc?

Bildschirmfoto 2024-05-21 um 07 38 47
oerdnj commented 1 month ago

You need to start with debugging your network connection from the place where you can't connect. So far, this is in the "it doesn't work" bugreport category, and I can't really work with that.

I would suggest to contact your Debian VPS provider first.

juozaspo commented 1 month ago

Unfortunately I'm even unable to ping deb.sury.org while still able to ping sury.org from the vps and I administer the vps server myself. Unless there's an underlying issue caused by my VPS provider I'm not sure if I could do anything, I'll ask my vps provider first and update if there's any news. Checked traceroute, failure is after MELBICOM.balt-ix.net, maybe some firewall is misconfigured or blocking ranges, as changin ip didn't help.

oerdnj commented 1 month ago

Checked traceroute, failure is after MELBICOM.balt-ix.net, maybe some firewall is misconfigured or blocking ranges, as changin ip didn't help.

That looks like broken peering. You need to work with the VPS provider on that.

juozaspo commented 1 month ago

It appears the address was blocked on provider side because of supposed attacks against the servers they host. After unblocking it should take some time for issue to solve itself. The firewall provider thought deb.sury.org would attack servers while it usually shouldn't be the case untless hosting woult be compromised, probably large scale connection from/to there at some time might be flagged as an attack, also rough response translation from Lithuanian to English using google is listed below.

Hello,

we can see that the IP address 195.238.127.98 (deb.sury.org) has been globally blocked by our firewall. We have done the unblocking of this IP address in the node, the result will be visible today at ~9 pm.

The reason for the IP blocking is an attack against one of our servers. However, at the moment, the server administrators do not see anything wrong, so they did the unblocking, but the result will have to wait a little while.

Have a nice day.

insp1re1 commented 3 weeks ago

which isp? i cant seem to connect to it either for weeks.

juozaspo commented 3 weeks ago

The isp of the vps is UAB Interneto vizija, a server hosting service based in Lithuania, updating from my vps server works fine. Your should check your isp if it is not blocking connections to the target server on your side, it was the case fo me.

insp1re1 commented 3 weeks ago

i managed to connect by using tor and torsocks to update apt, not ideal but works fine this way.

w3box commented 2 weeks ago

I am dealing with a similar problem. I can't connect to packages.sury.org due to timeout.

Could not connect to packages.sury.org:443 (146.59.69.202), connection timed out

The VPS provider assures me that they do not block the connection on their side. I have no problem with another VPS from the same provider.

Could I ask for verification that on the packages.sury.org side, my server's IP (185.25.150.118) has not been blocked for some reason?

oerdnj commented 2 weeks ago

I am not blocking any IP addresses.

insp1re1 commented 2 weeks ago

You must be fella

On Fri, 14 Jun 2024, 12:14 Ondřej Surý, @.***> wrote:

I am not blocking any IP addresses.

— Reply to this email directly, view it on GitHub https://github.com/oerdnj/deb.sury.org/issues/2137#issuecomment-2167802190, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD6RWTNZDVYNHPRG7OQRIVDZHLF7DAVCNFSM6AAAAABIA4T2T2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRXHAYDEMJZGA . You are receiving this because you commented.Message ID: <oerdnj/deb.sury. @.***>

oerdnj commented 2 weeks ago

@insp1re1 Thank you for letting me know what I am doing. You must surely know it better.

insp1re1 commented 2 weeks ago

I know a lot are having issues. But you don't care, basta.

On Fri, 14 Jun 2024, 12:32 Ondřej Surý, @.***> wrote:

@insp1re1 https://github.com/insp1re1 Thank you for letting me know what I am doing. You must surely know it better.

— Reply to this email directly, view it on GitHub https://github.com/oerdnj/deb.sury.org/issues/2137#issuecomment-2167829172, or unsubscribe https://github.com/notifications/unsubscribe-auth/BD6RWTKDQTN5PQWLDQ5RA53ZHLIDVAVCNFSM6AAAAABIA4T2T2VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZDCNRXHAZDSMJXGI . You are receiving this because you were mentioned.Message ID: <oerdnj/deb. @.***>