我有一个 proxmox 集群,其中 pfsense 充当集群节点和虚拟机的防火墙和网关。虚拟机没有问题,但集群节点无法使用 SSL 浏览任何网站,这当然会破坏软件包更新等。
当我直接连接到 pfSense 使用的出站网关时,一切都正常。
我不知道从哪里开始解决这个问题。
例如运行 apt update:
Failed to fetch http://ftp.uk.debian.org/debian/dists/bullseye/InRelease Certificate verification failed: The certificate is NOT trusted.
curl -v https://ftp.uk.debian.org/debian/dists/bullseye/InRelease
* Trying 78.129.164.123:443...
* Connected to ftp.uk.debian.org (78.129.164.123) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS alert, unknown CA (560):
* SSL certificate problem: unable to get local issuer certificate
* Closing connection 0
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.
答案1
事实证明,这是由于特定子网的 NAT 规则冲突造成的。因此,这是一个路由问题,仅在该特定子网上的静态 IP 地址上出现。