IPv4 Connection Refused to Open Build Service from RackNerd Los Angeles DC-03 - IPv6 Works

English Open Build Service (OBS)
1

Hello OpenSUSE Community,

I’m experiencing IPv4 connectivity issues to Open Build Service from my RackNerd VPS in Los Angeles DC-03 datacenter.

Issue Summary

  • Service: Open Build Service (api.opensuse_org, build.opensuse_org)
  • Problem: IPv4 connection refused on port 443, IPv6 works normally
  • VPS Provider: RackNerd, Los Angeles DC-03
  • Last Working: Before 2025-10-17 15:00 UTC

Error Details

IPv4 Test (Fails):

username@hostname:~$ curl -v -4 "api opensuse org"
*   Trying 195.135.223.221:443...
* connect to 195.135.223.221 port 443 failed: Connection refused
* Failed to connect to api.opensuse_org port 443 after 320 ms: Connection refused

IPv6 Test (Successful):

username@hostname:~$ curl -v -6 "api opensuse org"
*   Trying 2a07:de40:b250:131:10:151:131:20:443...
* Connected to api.opensuse_org (2a07:de40:b250:131:10:151:131:20) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: CN=obs-login.opensuse_org
*  start date: Oct  6 23:53:08 2025 GMT
*  expire date: Jan  4 23:53:07 2026 GMT
*  subjectAltName: host "api.opensuse_org" matched cert's "api.opensuse_org"
*  issuer: C=US; O=Let's Encrypt; CN=E7
*  SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* Using Stream ID: 1 (easy handle 0x55b64cae4790)
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET / HTTP/2
> Host: api.opensuse_org
> user-agent: curl/7.81.0
> accept: */*
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
< HTTP/2 401 
< date: Sat, 18 Oct 2025 18:15:17 GMT
< server: Apache
< www-authenticate: Basic realm="Use your SUSE developer account"
< vary: accept-language,accept-charset
< strict-transport-security: max-age=31536000
< accept-ranges: bytes
< content-type: text/html; charset=utf-8
< content-language: en
< 
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
  "URL.dtd">
<html xmlns="URL" lang="en" xml:lang="en">
<head>
<title>Authentication required!</title>
<link rev="made" href="mailto:%5bno%20address%20given%5d" />
<style type="text/css"><!--/*--><![CDATA[/*><!--*/ 
    body { color: #000000; background-color: #FFFFFF; }
    a:link { color: #0000CC; }
    p, address {margin-left: 3em;}
    span {font-size: smaller;}
/*]]>*/--></style>
</head>

<body>
<h1>Authentication required!</h1>
<p>


    This server could not verify that you are authorized to access
    the URL "/".
    You either supplied the wrong credentials (e.g., bad password), or your
    browser doesn't understand how to supply the credentials required.

  </p>
<p>


    In case you are allowed to request the document, please
    check your user-id and password and try again.

</p>
<p>
If you think this is a server error, please contact
the <a href="mailto:%5bno%20address%20given%5d">webmaster</a>.

</p>

<h2>Error 401</h2>
<address>
  <a href="/">api.opensuse_org</a><br />
  <span>Apache</span>
</address>
</body>
</html>

* Connection #0 to host api.opensuse_org left intact

Network Diagnostics

Traceroute to [api opensuse org](api opensuse org) (IPv4):

username@hostname:~$ sudo traceroute -T "api.opensuse_org"
traceroute to api.opensuse_org (195.135.223.221), 30 hops max, 60 byte packets
 1  23-95-183-61-host.colocrossing.com (23.95.183.61)  0.915 ms  0.882 ms  0.889 ms
 2  * * *
 3  10.9.6.1 (10.9.6.1)  0.502 ms 10.9.5.161 (10.9.5.161)  0.558 ms 10.9.4.37 (10.9.4.37)  0.773 ms
 4  lax-b6-link.ip.twelve99.net (62.115.197.40)  0.465 ms lax-b6-link.ip.twelve99.net (62.115.197.42)  0.454 ms lax-b6-link.ip.twelve99.net (62.115.162.226)  0.467 ms
 5  lax-b22-link.ip.twelve99.net (62.115.112.246)  0.807 ms  0.855 ms  0.903 ms
 6  lax-bb2-link.ip.twelve99.net (62.115.140.156)  0.834 ms  0.649 ms *
 7  * * lax-bb2-link.ip.twelve99.net (62.115.140.156)  0.696 ms
 8  dls-bb2-link.ip.twelve99.net (62.115.140.247)  158.511 ms * ash-bb2-link.ip.twelve99.net (62.115.137.38)  59.272 ms
 9  atl-bb2-link.ip.twelve99.net (62.115.143.236)  160.752 ms * *
10  ffm-bb2-link.ip.twelve99.net (62.115.122.139)  150.209 ms ash-bb2-link.ip.twelve99.net (62.115.137.132)  62.669 ms prs-bb2-link.ip.twelve99.net (62.115.140.106)  141.771 ms
11  ash-bb2-link.ip.twelve99.net (62.115.137.132)  63.059 ms ffm-bb2-link.ip.twelve99.net (62.115.122.139)  150.335 ms  150.269 ms
12  prag-b4-link.ip.twelve99.net (62.115.124.29)  161.167 ms  159.663 ms  158.480 ms
13  prag-b5-link.ip.twelve99.net (62.115.127.83)  156.314 ms  159.387 ms prag-b4-link.ip.twelve99.net (62.115.124.29)  160.671 ms
14  quantcom-ic-379457.ip.twelve99-cust.net (62.115.33.243)  160.929 ms prag-b5-link.ip.twelve99.net (62.115.127.83)  158.798 ms  159.487 ms
15  cz-prg-bbr6-et-4-0-0.quantcom.cz (82.119.246.10)  159.081 ms cz-prg-p2vez-4hunge-0-7-0-7.quantcom.cz (82.119.246.237)  156.507 ms prag-b5-link.ip.twelve99.net (62.115.127.83)  158.867 ms
16  cz-prg-bbr6-et-4-0-0.quantcom.cz (82.119.246.10)  161.962 ms cz-prg-p2vez-4hunge-0-7-0-7.quantcom.cz (82.119.246.237)  158.743 ms  158.569 ms
17  195.135.223.5 (195.135.223.5)  158.738 ms cz-prg-bbr6-et-4-0-0.quantcom.cz (82.119.246.10)  161.646 ms 88.208.74.89 (88.208.74.89)  159.624 ms
18  88.208.74.89 (88.208.74.89)  158.587 ms cz-prg-bbr6-et-4-0-0.quantcom.cz (82.119.246.10)  162.738 ms 195.135.223.5 (195.135.223.5)  162.432 ms
19  195.135.223.221 (195.135.223.221)  157.065 ms  159.967 ms 88.208.74.89 (88.208.74.89)  158.766 ms

Questions

  1. Are there recent firewall or ACL changes that might block specific IP ranges from RackNerd Los Angeles?
  2. Are other users from RackNerd or Los Angeles datacenters experiencing similar IPv4 connectivity issues?
2

Additional note: Due to forum restrictions limiting new users to posting only two links, I have performed a global replacement on certain domains and links below.