[www.kde.org] [Bug 354585] IPv6 connections to https://dot.kde.org fail

Jon Burgess via KDE Bugzilla bugzilla_noreply at kde.org
Fri Oct 30 00:56:29 UTC 2015


--- Comment #3 from Jon Burgess <jburgess777 at googlemail.com> ---
I can confirm a path MTU issue is the cause of the problem. Sniffing working
traffic to Google and Facebook show they both use an MSS clamp of 1410 bytes.
If I add a local iptables rule to force a similar MSS on my traffic to
dot.kde.org then it works as well:

$ sudo ip6tables -t mangle -A OUTPUT_direct -p tcp -d 2a02:e980:c::67
--tcp-flags SYN,RST SYN -j TCPMSS --set-mss 1410

$ wget -O /dev/null https://dot.kde.org
--2015-10-30 00:50:17--  https://dot.kde.org/
Resolving dot.kde.org (dot.kde.org)... 2a02:e980:c::67,
Connecting to dot.kde.org (dot.kde.org)|2a02:e980:c::67|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘/dev/null’

This suggests that there is probably a firewall blocking the ICMPv6 packets
from getting back to your web server, breaking path MTU discovery. If you don't
have control of this firewall then you might want to add a 1410 MSS clamp to
your web server to workaround this problem for anyone else in a similar
position to me.

You are receiving this mail because:
You are the assignee for the bug.

More information about the kde-www mailing list