Api.minecraftservices.com not letting me curl/connect to it from a container when wireguard is up
when wireguard is off, container can connect fine, when wireguard is up, i can only connect to it from outside a container but not inside, every other website ive tried works
46 Replies
Thanks for asking your question!
Make sure to provide as much helpful information as possible such as logs/what you tried and what your exact issue is
Make sure to mark solved when issue is solved!!!
/close
!close
!solved
!answered
Requested by progamingdk#0
first time trying out wireguard
/root # curl -v https://api.minecraftservices.com/ -o saved
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying 13.107.246.63:443...
Connected to api.minecraftservices.com (13.107.246.63) port 443
ALPN: curl offers h2,http/1.1
} [5 bytes data]
TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: none
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
0 0 0 0 0 0 0 0 --:--:-- 0:02:06 --:--:-- 0* Recv failure: Connection reset by peer
OpenSSL SSL_connect: Connection reset by peer in connection to api.minecraftservices.com:443
0 0 0 0 0 0 0 0 --:--:-- 0:02:06 --:--:-- 0
response from inside a container while wireguard is up
(wireguard is going from hetzner dedi to ovh vps)
(if i try and join the server the server does get the connection, but i get kicked because of authentication servers are unavailable)https://mclo.gs/Ru5VO3a a working curl inside the container, also while wireguard is up
if anyone needs more info feel free to ask
(its also not able to download mojang jars while its up)
Have you done a pcap to see where it gets denied at? Might help
will do when i attempt the setup again, decided to revert some of the changes to go for a scheduled maintenance tomorrow or sunday. Thanks for the reply
(all the wireguard stuff is still there, just modified the ips pterodactyl was using etc etc, makes for a easy resetup)
For safety reasons we do not allow executables to be sent as they might contain malware. If you're compiling for someone please DM them and as a reminder. We cannot verify if a compiled jar has not been tampered in any way
i cant share .pcaps?
sadge
@Mortis
😦
rename to pcap instead of pcap2
pcap.pcap2 is one where wireguard is down
(works)
pcap2.pcap2 is one where wireguard is up and it doesnt work
it is?
I guess 172.17.0.2 is the local IP of your server @ProGamingDk ?
dockers ip
pterodactyl uses 172.18.0.1
:NODDERS:
could you get a pcap from your wireguard instance too?
the wireguard server? sure
want me to listen to the wireguard interface or public?
Hmmmm
Both
alright 2 sec
(Include a connection attempt too fyi)
sure, i can connect to the server, but get kicked due to authentication servers being down
Right
yes
I want to see where the connection attempt fails
sure
mind if i dm em
kk
ok i look when I can, need to go soon
sure np!
thanks
From your public.pcap
Check frames 4620
"Destination unreachable"
yeah, whats weird is that it works fine on the vps
not sure what makes it only happen in containers while wireguard is up, but still works on all other sites ive tested, and works fully through terminal
Might be helpful?
Server Fault
Mysterious “fragmentation required” rejections from gateway VM
I've been troubleshooting a severe WAN speed issue. I fixed it, but for the benefit of others:
Via WireShark, logging, and simplifying the config I narrowed it down to some strange behaviour from a
could have something to do with it maybe?
(the mtu)
1420 is the mtu of the wg0 interface on both servers, but the mtu being 1500 for pterodactyl/docker might have something to do with it?
but so does eno1 so its weird
And check your wireguard.pcap for
(Both, actually)
it was the mtu
set it to 1440
POG
on the outwards pointing interface and its working
i did have to disable all ipv6
but eh
not a big issue
Nobody uses ipv6 anyways, no matter what @PresentMonkey says :p
well actually
Does @silent work in servers like this?
its being weird
no errors anymore but authentication servers are apparently still down and id is null
...
works now!
nvm
just needed another reboot
<3
gonna be fun to see how 100 mbits handles mcho.st
(speed limits of a ovh starter vps)