Most HTTPS connections through Librem5 Wifi Hotspot don't work
Most websites don’t work (unable to connect, specifically to complete TLS handshake) when I try to access them from a computer connecting to the Librem5 wi-fi hotspot (the Librem5 itself using a 4G connection). But all those sites load instantly when trying on the phone. The issue has been happening since August 2022. When I was using it in July 2022 it was working fine…
I am reporting this to the gnome-control-center project because I saw other issues related to the Wi-Fi Hotspot here (although they are not the same issue, as I am able to connect to the hotspot and get an IP address). However it might not be the right project because the issue occurs if I use nmcli to enable the hotspot. If that's the case, could you tell me which might be a more suitable project to report the issue?
Steps:
- Enable Wi-Fi hotspot on the Librem5, using the corresponding option in the top-right of the gnome-control center Wi-Fi page.
- Connect another device to that hotspot
- Attempt loading https://puri.sm
Expected Result:
it should load fine
Actual Result:
It starts the TLS handshake and then times out.
Additional Details:
Some websites like https://en.wikipedia.org works fine. https://puri.sm does not:
$ curl -v https://puri.sm/
* Trying 138.68.253.24:443...
* Connected to puri.sm (138.68.253.24) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* SSL connection timeout
* Closing connection 0
curl: (28) SSL connection timeout(about five minutes pass between that Client hello (1) and the SSL connection timeout).
Wireshark on my laptop shows the following when running that curl https://puri.sm command:
It fails the same way no matter which computer connects to the hotspot (tried Windows, Linux and Android).
ip link show on my computer connecting to the home wi-fi shows exactly the same as when connected to the Librem5 hotspot:
...
wlp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
...ip link show on the Librem 5 when it’s in hotspot mode shows:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: usb0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN mode DEFAULT group default qlen 1000
link/ether 36:4f:fa:c6:6c:a8 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DORMANT group default qlen 1000
link/ether 88:da:1a:7c:75:6c brd ff:ff:ff:ff:ff:ff
4: lxcbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
link/ether 00:16:3e:00:00:00 brd ff:ff:ff:ff:ff:ff
7: wwan0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1464 qdisc pfifo_fast state UNKNOWN mode DEFAULT group default qlen 1000
link/none A forums.puri.sm user said the computers trying to use the hotspot appear to fail calculating the PMTU properly. He said:
So you might wonder whether it’s the Librem 5 that is blocking (or, perhaps more accurately, failing to forward) the ICMP error packets.
Extremely rarely (I would say less than 1% of the times) it works, and then it works completely. All websites load fine. But then the next attempt (after a reconnect) fails.
I have reflashed my Librem5 to the stock image in hope to fix this issue, but it didn't improve things.