Problems accessing community.kde.org with non-1500 mtu connection
Ben Cooksley
bcooksley at kde.org
Sun Jun 23 20:24:28 BST 2019
On Mon, 24 Jun 2019, 04:03 Fabian Bläse, <fabian at blaese.de> wrote:
> Hey Ben,
>
Hi Fabian,
> Imperva Cloud Application Security Support has responded to my last mail:
> > At the moment, we do not support PMTU.
> > Our networking team is working on implementing PMTU support for several
> months now. We only have an approximate ETA, it should be implemented
> sometimes in Q3.
> > We will keep you updated with the team's progress.
>
> Because IPv6 does not support fragmentation that means that their IPv6
> support is fundamentally broken at the moment.
> Let's hope that they get this fixed soon.
Thanks for sending through their response. Historically the timelines
they've provided have been pretty accurate, so sounds like this will be
fixed sometime in the next few months.
Until then there isn't much we can do unfortunately.
They'll likely inform you when they roll-out the fix (they did in my case
when they fixed a different IPv6 issue I had reported following several
user complaints which I had managed to reproduce)
> Due to most browsers quick fallback to IPv4, it should be possible to
> access your sites from all networks which still have IPv4 enabled. (If the
> IPv6 connections fails)
> We already have some (a tiny minority at the moment) IPv6 only networks
> which make use of NAT64/DNS64 however. In that scenario it might be
> possible that sites with broken PMTU are inaccessible.
>
> If you need any further information to debug this issue, just ask.
> I'll happily provide any information that helps fixing this issue.
>
Duly noted.
> Best regards,
> Fabian
>
Thanks,
Ben
>
> On 23.06.19 10:29, Ben Cooksley wrote:
> > On Sat, Jun 22, 2019 at 10:05 PM Fabian Bläse <fabian at blaese.de> wrote:
> >>
> >> Hey Ben,
> >
> > Hi Fabian,
> >
> >>
> >> sorry for the delay, I've been busy as well.
> >>
> >> Due to their enterprise-foo security rules, they seem to not be
> interested in this problem.
> >> I'm sorry that I don't have the time to discuss this with them any
> further.
> >
> > No worries. Their network setups have proven very unusual at times yes.
> >
> > I assume our services protected by them are still accessible normally
> > over IPv4 from your networks?
> >
> >>
> >> You might want to check if any firewalls are active on your services
> (if that is configurable) that might block ICMP(v6) messages.
> >> If not it looks like you have to contact them on your own. :-(
> >
> > Our systems don't have any such firewalls so those shouldn't be an issue.
> >
> > Chances are they'll request additional information (such as packet
> > captures) to diagnose the issue. Will you be in a position to provide
> > these if needed?
> >
> >>
> >> Regards,
> >> Fabian
> >
> > Cheers,
> > Ben
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-www/attachments/20190624/dbd71b23/attachment.html>
More information about the kde-www
mailing list