В colo=HEL проблем нет.
А NL популярное направление у впнщиков, видимо решили подрезать.
Там anycast. Я не могу выбирать
На то и расчёт.
Ясно, вообщем полностью за варпом не скрыть VPSку. В моем случае по крайней мере
кстати, mtr добивает до mail.ru спокойно, при этом tls виснет после hello
о чем это говорит ? понятно о чем
3. 104.28.0.0 0.0% 2 36.8 37.3 36.8 37.7 0.7
4. 104.23.166.1 0.0% 2 36.9 38.2 36.9 39.5 1.9
5. (waiting for reply)
6. 77.41.170.58 0.0% 2 86.3 86.3 86.2 86.3 0.1
7. (waiting for reply)
8. mailru-gw.moscow.gldn.net 0.0% 2 77.6 77.6 77.6 77.7 0.1
9. (waiting for reply)
10. (waiting for reply)
11. (waiting for reply)
12. (waiting for reply)
13. (waiting for reply)
14. mail.ru 0.0% 1 130.3 130.3 130.3 130.3 0.0
colo=WAW
loc=PL
Summary
curl -v https://git.one-pix.com > /dev/null --interface wg0
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 0* Host git.one-pix.com:443 was resolved.
* IPv6: (none)
* IPv4: 82.146.51.244
* Trying 82.146.51.244:443…
* socket successfully bound to interface ‘wg0’
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1559 bytes data]
* SSL Trust Anchors:
* CAfile: /opt/etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [1210 bytes data]
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2044 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [78 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=git.one-pix.com
* start date: Jan 20 06:00:09 2026 GMT
* expire date: Apr 20 06:00:08 2026 GMT
* issuer: C=US; O=Let’s Encrypt; CN=E7
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* subjectAltName: “git.one-pix.com” matches cert’s “git.one-pix.com”
* SSL certificate verified via OpenSSL.
* Established connection to git.one-pix.com (82.146.51.244 port 443) from 172.16.0.2 port 52422
* using HTTP/1.x
} [5 bytes data]
> GET / HTTP/1.1
> Host: git.one-pix.com
> User-Agent: curl/8.18.0
> Accept: */*
>
* Request completely sent off
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
< HTTP/1.1 302 Found
< Server: nginx/1.29.3
< Date: Sat, 07 Mar 2026 13:40:22 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 103
< Connection: keep-alive
< Cache-Control: no-cache
< Content-Security-Policy:
< Location: https://git.one-pix.com/users/sign_in
< Nel: {“max_age”: 0}
< Permissions-Policy: interest-cohort=()
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Gitlab-Meta: {“correlation_id”:“01KK48E5EBSR5TSCVD7TJK7Y76”,“version”:“1”}
< X-Permitted-Cross-Domain-Policies: none
< X-Request-Id: 01KK48E5EBSR5TSCVD7TJK7Y76
< X-Runtime: 0.036372
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Strict-Transport-Security: max-age=63072000
< Referrer-Policy: strict-origin-when-cross-origin
<
{ [103 bytes data]
100 103 100 103 0 0 279 0 0
* Connection #0 to host git.one-pix.com:443 left intact
colo=KIX
loc=JP
Summary
curl -v https://git.one-pix.com > /dev/null --interface wg3
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 0* Host git.one-pix.com:443 was resolved.
* IPv6: (none)
* IPv4: 82.146.51.244
* Trying 82.146.51.244:443…
* socket successfully bound to interface ‘wg3’
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1559 bytes data]
* SSL Trust Anchors:
* CAfile: /opt/etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [1210 bytes data]
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2044 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [80 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=git.one-pix.com
* start date: Jan 20 06:00:09 2026 GMT
* expire date: Apr 20 06:00:08 2026 GMT
* issuer: C=US; O=Let’s Encrypt; CN=E7
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* subjectAltName: “git.one-pix.com” matches cert’s “git.one-pix.com”
* SSL certificate verified via OpenSSL.
* Established connection to git.one-pix.com (82.146.51.244 port 443) from 172.16.0.3 port 56922
* using HTTP/1.x
} [5 bytes data]
> GET / HTTP/1.1
> Host: git.one-pix.com
> User-Agent: curl/8.18.0
> Accept: */*
>
* Request completely sent off
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
0 0 0 0 0 0 0 0 00:01 0* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
< HTTP/1.1 302 Found
< Server: nginx/1.29.3
< Date: Sat, 07 Mar 2026 13:41:58 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 103
< Connection: keep-alive
< Cache-Control: no-cache
< Content-Security-Policy:
< Location: https://git.one-pix.com/users/sign_in
< Nel: {“max_age”: 0}
< Permissions-Policy: interest-cohort=()
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Gitlab-Meta: {“correlation_id”:“01KK48H3Q7PECXAEM36GKJDDB2”,“version”:“1”}
< X-Permitted-Cross-Domain-Policies: none
< X-Request-Id: 01KK48H3Q7PECXAEM36GKJDDB2
< X-Runtime: 0.020871
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Strict-Transport-Security: max-age=63072000
< Referrer-Policy: strict-origin-when-cross-origin
<
{ [103 bytes data]
100 103 100 103 0 0 68 0 00:01 00:01 68
* Connection #0 to host git.one-pix.com:443 left intact
Тесты gosuslugi.ru, ya.ru, mail.ru, ozon.ru (h2/h3) так же проходят нормально из этого ДЦ
Скрывать обычно смысла вообще нет, просто на клиенте все ру сервисы пускаются напрямую
А другого NL нету ? Чтобы окончательно убедиться, что проблема в AMS
Теперь уже есть, см соседнюю тему про скам
блоки непостоянные и именно с Нидерландов. DNS чекер постоянно не мог дойти до любых ру сайтов, в какие-то рандомные запросы проходило. Сейчас у меня WARP работает, час назад не работало (к рф серверам)
ip=2a09:bac5:5150:c8::14:2d2
colo=AMS
loc=RU
Примеры работают.
colo=AMS
loc=RU
Summary
curl -v https://git.one-pix.com > /dev/null --interface wg5
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 0* Host git.one-pix.com:443 was resolved.
* IPv6: (none)
* IPv4: 82.146.51.244
* Trying 82.146.51.244:443…
* socket successfully bound to interface ‘wg5’
* ALPN: curl offers h2,http/1.1
} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [1559 bytes data]
* SSL Trust Anchors:
* CAfile: /opt/etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [1210 bytes data]
* TLSv1.3 (IN), TLS change cipher, Change cipher spec (1):
{ [1 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [25 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [2044 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [79 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519MLKEM768 / id-ecPublicKey
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=git.one-pix.com
* start date: Jan 20 06:00:09 2026 GMT
* expire date: Apr 20 06:00:08 2026 GMT
* issuer: C=US; O=Let’s Encrypt; CN=E7
* Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using ecdsa-with-SHA384
* Certificate level 1: Public key type EC/secp384r1 (384/192 Bits/secBits), signed using sha256WithRSAEncryption
* Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha256WithRSAEncryption
* subjectAltName: “git.one-pix.com” matches cert’s “git.one-pix.com”
* SSL certificate verified via OpenSSL.
* Established connection to git.one-pix.com (82.146.51.244 port 443) from 172.16.0.3 port 56930
* using HTTP/1.x
} [5 bytes data]
> GET / HTTP/1.1
> Host: git.one-pix.com
> User-Agent: curl/8.18.0
> Accept: */*
>
* Request completely sent off
{ [5 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
< HTTP/1.1 302 Found
< Server: nginx/1.29.3
< Date: Sat, 07 Mar 2026 13:44:59 GMT
< Content-Type: text/html; charset=utf-8
< Content-Length: 103
< Connection: keep-alive
< Cache-Control: no-cache
< Content-Security-Policy:
< Location: Sign in · GitLab
< Nel: {“max_age”: 0}
< Permissions-Policy: interest-cohort=()
< X-Content-Type-Options: nosniff
< X-Download-Options: noopen
< X-Frame-Options: SAMEORIGIN
< X-Gitlab-Meta: {“correlation_id”:“01KK48PMMNYYHYJJFEE8PQBFXW”,“version”:“1”}
< X-Permitted-Cross-Domain-Policies: none
< X-Request-Id: 01KK48PMMNYYHYJJFEE8PQBFXW
< X-Runtime: 0.042854
< X-Ua-Compatible: IE=edge
< X-Xss-Protection: 1; mode=block
< Strict-Transport-Security: max-age=63072000
< Referrer-Policy: strict-origin-when-cross-origin
<
{ [103 bytes data]
100 103 100 103 0 0 222 0 0
* Connection #0 to host git.one-pix.com:443 left intact
ozon.ru - OK
ya.ru - OK
mail.ru - OK
gosuslugi.ru - OK
ip=2a09:bac1:61c0:38::3e4:48
ts=1772891264.000
visit_scheme=https
uag=curl/8.18.0
colo=AMS
sliver=none
http=http/3
loc=RU
tls=TLSv1.3
sni=plaintext
warp=on
gateway=off
rbi=off
kex=X25519MLKEM768
Маловероятно, но всё же можно попробовать уменьшить mtu.
У меня почему-то warp=off, хотя эт точно варп, по ip видно
h=engage.cloudflareclient.com
ip=104.28.251.139
ts=1772891396.000
visit_scheme=https
uag=curl/8.13.0
colo=AMS
sliver=none
http=http/2
loc=NL
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519
fl=996f72
h=rutracker.org
ip=104.28.200.198
ts=1772891511.000
visit_scheme=https
uag=curl/8.18.0
colo=AMS
sliver=none
http=http/3
loc=RU
tls=TLSv1.3
sni=plaintext
warp=on
gateway=off
rbi=off
kex=X25519MLKEM768
На другие сайты за КФ так же?
fl=128f325
h=engage.cloudflareclient.com
ip=104.28.232.204
ts=1772891568.000
visit_scheme=https
uag=curl/8.18.0
colo=ARN
sliver=005-tier1
http=http/2
loc=RU
tls=TLSv1.3
sni=plaintext
warp=off
gateway=off
rbi=off
kex=X25519MLKEM768
Да, с rutracker все аналогично
off нормально.
У меня с colo=HEL, loc=FI VK попросил нажать кнопку, что я не бот.
Ошибочка, правило маршрута слетело, воспроизвёл:
ip=2a09:bac5:4e21:c8::14:2b6
colo=AMS
loc=NL
Теперь сайты не открываются.
Все как у меня ? ozon mail vk DEAD, yandex avito ALIVE ?
Потому что обычно не engage используют для trace
https://cloudflare.com/cdn-cgi/trace