I have a Xiaomi MiWifi Mini running LEDE 17.0.1.4, and behind it I have two servers (Raspberry Pis) and my PC.
The PC and the servers are all connected to the router with Ethernet cables, but since the MiWifi Mini only has two lan ports (and one wan), I have added another lan port to the router with a USB to Ethernet adapter.
The native ports are listed as eth0.1 while the USB<->Ethernet port is listed as eth1, and I have added eth1 to the bridged lan. Server1 is connected to one of the native ports and server2 to the adapter port, while my PC is connected to the remaining native port.
I have had no problems with this setup, until I tried to establish an SSL connection from Server1 (native port) to Server2 (adapter port). SSL handshake negotiation with:
username@hostname:~ $ curl -vv https://192.168.X.XX
* Rebuilt URL to: https://192.168.X.XX/
* Trying 192.168.X.XX...
* TCP_NODELAY set
* Connected to 192.168.X.XX (192.168.X.XX) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
CApath: /etc/ssl/certs
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* Unknown SSL protocol error in connection to 192.168.X.XX:443
* Curl_http_done: called premature == 1
* stopped the pause stream!
* Closing connection 0
curl: (35) Unknown SSL protocol error in connection to 192.168.X.XX:443
I have no problems with SSL negotiation from PC > Server1/2, LEDE > Server 1/2, Server 2 > Server 1 or WAN > Server1/2/LEDE.
Only Server 1 > Server 2 fails.
I don't see anything in the NginX error logs on either server. I have ruled out firewall issues on the servers (by disabling them), but UFW did show and [AUDIT], when it was installed. Now I have clean installed sever2 without UFW, but the connection is still dropped.
Netdata on server1 does show a lot of dropped connections on eth0, when I attempt the SSL handshake, and I found out, that server2 tries a lot of connections to server1 from and to various ports (none of them are 443 though).
Is there an iptables wizzard around, that can help me troubleshoot? Thanks in advance