0

I've tried the following:

Setting mtu to 1400

Downgrading vagrant to 1.8.7 and VirtualBox to 5.1.38

Turn off firewall on host (osx) and guest (Ubuntu)

Turn off iptables in guest os

Ping works, but anything that requires ssl handshake will fail including curl and file_get_contents in php times out

Examples:

vagrant@scotchbox:~$ openssl s_client -connect www.google.com:443 -prexit
CONNECTED(00000003)

But using curl:

vagrant@scotchbox:~$ curl -iv https://www.google.com
* Rebuilt URL to: https://www.google.com/
*   Trying 216.58.194.36...
* Connected to www.google.com (216.58.194.36) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 694 certificates in /etc/ssl/certs
* ALPN, offering http/1.1

It just hangs at this point.

PHP also has issues establishing handshakes:

Warning: file_get_contents(): SSL: Handshake timed out

DWils
  • 390
  • 1
  • 4
  • 16
  • Have you tried using wget? Also to ensure that its TLS that is causing the issue: use --insecure on your curl command to skip the cert check... – Bob Jul 30 '18 at 23:32
  • I've tried with -k and --insecure and it still hangs. Also `wget https://www.google.com` resolves and connects, then it just hangs there – DWils Jul 30 '18 at 23:55
  • Can you add --trace-ascii to the curl command so I can see more in depth what is occurring. (might be too much to add to the question above) and also what flavor of Linux are you using? What version of curl? Also if you give me any additional information on the vagrant setup I can replicate your build to troubleshoot it on my end. – Bob Jul 31 '18 at 00:19
  • Pretty much using scotchbox with no additional modifications. – DWils Jul 31 '18 at 16:35
  • https://github.com/scotch-io/scotch-box/issues/383 – DWils Jul 31 '18 at 16:36
  • All my vms seem to have this issue no matter what I put in my vagrant file, bridged or nat config – DWils Jul 31 '18 at 17:21
  • Just got finished deploying and setting this up on a windows machine - ran into some interesting problems along the way, but finally got it functional. I am going to move over to the mac side and see what types of issues I see. (do you care what version of virtualbox / vagrant I end up using?) – Bob Jul 31 '18 at 18:32
  • Just pulled down scotch onto my mac and setup everything via homebrew - didn't have any issues ... I wonder if there is an issue with your ca-bundle.crt also you can try and force curl to use TLS: curl --tlsv1.2 https://www.google.com – Bob Jul 31 '18 at 21:07
  • Much appreciated! I have the issue on my mac at work but I suspect the handshake is failing possibly due to the network. My windows machine at home didn't have this issue. – DWils Jul 31 '18 at 21:08

1 Answers1

1

I stumbled at the same problem yesterday. I am now working back a HTTPS proxy with its own certificate. The host laptops are configured with this certificate but the VirtualBox guests are not. And this is valid for all guests. The solution is simple:

  1. Find and export the proxy's certificate in your HOST browser. I use Firefox and this is really simple
  2. Transfer the certificate file to the guest
  3. Run: sudo cp /etc/pki/ca-trust/source/anchors/
  4. And finally run: sudo update-ca-trust.

(I don't know the commands if you are running a Windows guest.)

Jorge Soria
  • 11
  • 1
  • Interesting, I'll give it a go in a few. If it works I may reference this in a github issue with scotchbox and see if they can include it with their documentation. Much appreciated! – DWils Aug 01 '18 at 17:39
  • Looks like I don't have a proxy ca certificate available, so I can't test this method – DWils Aug 01 '18 at 18:49