So today I logged into my machine and was trying to do some maintenance work. I noticed that my container is struggling to establish any SSL traffic. SSL handshake is failing.
HTTP traffic works, I can ping servers just fine. I think this just started with LXD 3.16.
Initially after disabling lxd sudo snap disable lxd and then sudo snap enable lxd I am able to get ssl traffic to work for a short amount of time and then it goes off again. Any clue on how I would go about resolving this?
I tried with Ubuntu Disco and Alpine 3.10 container both getting the same results.
On the host I’m able to access all SSL traffic just fine, it’s just inside the container that it’s failing.
Ah, I didn’t know you were on a fan bridge, so that does make things a bit different.
Try to unset the MTU property so things go back to the previous behavior:
lxc network unset lxdbr0 bridge.mtu
restart the container
Then show both:
ifconfig lxdbr0 from the host
ifconfig eth0 in the container
Normally the MTU on both should line up as it’s advertised by dnsmasq to the container.
If that’s the case, then the issue is fragmentation going out of the host, which can likely be worked around with a tiny bit of iptables MSS mangling.
I have already unset the bridge.mtu and restarted the container. I’m curious how it can just start to happen all of a sudden, it was working fine and then it just stopped.
Confirmed this is a bug in LXD 3.16 (although it appears to have existed in some form before that but only when devices were hotplugged into a container, rather than started on boot).