Weird SSL errors on school wifi

qwerasdf · November 16, 2023, 5:20am

I’m using nixOS 23.05 stoat.
Yesterday internet was working fine.
Now at school, wifi can connect, ping works fine but 95 percent of the time connections will fail with an ssl error. sometimes it randomly works for a few seconds. nobody else has the same issue on my wifi. I connected to a hotspot from my phone and it worked just fine. running sudo systemctl restart NetworkManager occasionally makes the SSL error go away for 30 seconds. The wifi on my laptop doesn’t work so i’m using a usb wifi adapter. it has been working perfectly fine the past couple days. here it is:
Bus 003 Device 002: ID 0bda:8179 Realtek Semiconductor Corp. RTL8188EUS 802.11n Wireless Network Adapter
pls help

Edit: thought it might be an issue witht the wifi network not trusting me. but using macchanger to change my mac address doesn’t change the issue

Edit 2: rolling back to previous generations when wifi did work also doesn’t fix the issue

Shawn8901 · November 16, 2023, 5:39am

It could be useful if you post the actual error that you are receiving, beside just phrasing out “SSL error”, often they contain quite useful information

qwerasdf · November 16, 2023, 6:19am

I don’t know what you mean. i guess when trying to download nix packages it would say it can’t cause of “SSL error (35)”. im not sure what you mean, theres no one “error message” as different applications handle it differently. but basically each program displays some variation of “can’t connect: ssl error, connection refused.”. If i reload a page enough, it randomly works for a few seconds. sometimes it just starts working great for a few hours but then the problem returns.

Mic92 · November 16, 2023, 10:27am

Your network might intercept the connections.
You can checkout out if https works in general like this:

$ curl -v -I http://www.wikipedia.org/
*   Trying [2a02:ec80:300:ed1a::1]:80...
* Connected to www.wikipedia.org (2a02:ec80:300:ed1a::1) port 80
> HEAD / HTTP/1.1
> Host: www.wikipedia.org
> User-Agent: curl/8.4.0
> Accept: */*
> Accept-Encoding: deflate, gzip, br, zstd
>
< HTTP/1.1 301 Moved Permanently
HTTP/1.1 301 Moved Permanently
< content-length: 0
content-length: 0
< location: https://www.wikipedia.org/
location: https://www.wikipedia.org/
< server: HAProxy
server: HAProxy
< x-cache: cp3070 int
x-cache: cp3070 int
< x-cache-status: int-tls
x-cache-status: int-tls
< connection: close
connection: close

<
* Closing connection

nixinator · November 16, 2023, 12:20pm

yep, sounds like redirection, inception and transparent proxying …

If you still get this errors, then a VPN can really help get a stable connection to the resources you need.

Tailscale or Headscale seems a sane VPN system… i’ve had great success with tinc and zerotier (great for playing LAN games over the internet the use UDP… ).

if you have a box in the cloud , you can even roll your own solutions with a shadow socks proxy and ssh! very simple!

There are many VPN solutions out there…

so have a play… however if you keep getting these errors, sometimes it just better to switch to another network, if you can.

good luck!