Some (mirrored?) websites don't load
bsduck could it be not installation of mozilla-rootcert ?
βOnly the paranoid survive.β
β Harold Finch
NetBSD VPS , NetBSD , OS108
I ran # mozilla-rootcerts install which indeed installed the certificates, so they were not, however after reboot I tried to open the websites again but it was still not working. I'm giving up for now.
Someone in the #netbsd irc told me I should install mozilla-rootcerts-openssl when I had trouble connecting to Github and that did indeed solve the problem.
bsduck I always find it advisable to let a reliable NTP server adjust the system time properly at boot; you don't need a ntpd daemon running in background in order to do that, but can use ntpdate(8), which is included in base.
I finally found out where the problem is: IPv6.
I activated network.dns.disableIPv6 in Firefox and now it loads everything fine.
That clock thing was probably unrelated (no idea if the bug is still there, I don't use Xfce anymore).
Anyway: is there a way to disable IPv6 system-wide? I couldn't find any.
- Edited
bsduck Anyway: is there a way to disable IPv6 system-wide? I couldn't find any.
Before doing this, see if your ISP (and their dinky little router boxes) already support IPv6:
Add these to /etc/rc.conf
dhcpcd=YES
dhcpcd_flags="-6"This will try to get your home router to assign your NetBSD machine an IPv6 address (assuming here that you have a static IPv4 addr.). If the router/ISP doesn't support IPv6 (my current one doesn't), then those lines are still OK--keep 'em.
Then, try:
$ ping6 -nc10 google.comWhat's the output?
I already had
dhcpcd=YES
dhcpcd_flags="-qM wm0"from default installer configuration.
I tried removing those flags and running dhcpcd with just -6 instead. That doesn't make a difference, sites that don't load (such as freebsd.org) still don't load in Firefox if I don't use network.dns.disableIPv6 and still do if I do.
ping6 seems fine:
PING6(56=40+8+8 bytes) 2001:1715:4e20:851:9e38:9b22:1686:dae0 --> 2a00:1450:400a:808::200e
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=0 hlim=61 time=9.932 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=1 hlim=61 time=8.927 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=2 hlim=61 time=8.917 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=3 hlim=61 time=8.983 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=4 hlim=61 time=8.935 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=5 hlim=61 time=8.921 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=6 hlim=61 time=8.916 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=7 hlim=61 time=8.930 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=8 hlim=61 time=8.931 ms
16 bytes from 2a00:1450:400a:808::200e, icmp_seq=9 hlim=61 time=8.936 ms
--- google.com ping6 statistics ---
10 packets transmitted, 10 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 8.916/9.033/9.932/0.317 msSo I think I do have proper IPv6.
Anyway: dhcpcd_flags="-4" is what I was looking for.
Everything works fine that way, and not only in Firefox.
Thank you!
bsduck So I think I do have proper IPv6.
Anyway:
dhcpcd_flags="-4"is what I was looking for.
Everything works fine that way, and not only in Firefox.
Cool. Though, it's a shame to not use IPv6 when you clearly have it (ICMPv6 bi-dir is OK; routing works).
I was going to suggest checking your firewall(s) (both on the ISP router and elsewhere--if you have it) to see if the other sorts of IPv6 traffic was being blocked...but, this is your show...
Hope issue is solved otherwise you can :
echo ipv6addrctl=YES >> /etc/rc.conf
echo ipv6addrctl_policy=ipv4_prefer >> /etc/rc.conf
βOnly the paranoid survive.β
β Harold Finch
NetBSD VPS , NetBSD , OS108