Summary: | Community, Forum, Userbase, and Techbase timeout on IPv6 | ||
---|---|---|---|
Product: | [Websites] www.kde.org | Reporter: | Sean O'Connell <sean> |
Component: | general | Assignee: | kde-www mailing-list <kde-www> |
Status: | RESOLVED NOT A BUG | ||
Severity: | normal | CC: | denis.revin |
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Other | ||
OS: | Linux | ||
URL: | https://community.kde.org/Main_Page | ||
Latest Commit: | Version Fixed In: | ||
Sentry Crash Report: |
Description
Sean O'Connell
2016-05-01 14:48:02 UTC
This occurs with certain providers of IPv6 unfortunately - your provider (or their upstream) has defects in their setup of IPv6 which make Incapsula hosted sites inaccessible over IPv6. Numerous tests we've performed indicate that PMTUD is functioning correctly with Incapsula. Please take this up with your internet service provider. Hello, dear admins. I have same issue as Sean, and I don't think that its provider problem. Let me explain. When you trying access to community.kde.org DNS returns 2a02:e980:e::da and that's wrong: ---------------------- [dut@void ~]$ openssl s_client -connect 2a02:e980:e::da:443 CONNECTED(00000003) write:errno=104 --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 320 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated --- ----------------------------- After some debugging with dns and ssl tools i've found that community.kde.org must return 2a02:e980:15::da ('e' must be changed to '15'). After that all works fine. Same issue with forum.kde.org and so on: [dut@void ~]$ wget https://forum.kde.org/ --2016-08-27 19:53:35-- https://forum.kde.org/ Resolving forum.kde.org (forum.kde.org)... 2a02:e980:e::22, 192.230.77.34 Connecting to forum.kde.org (forum.kde.org)|2a02:e980:e::22|:443... connected. Unable to establish SSL connection. [dut@void ~]$ wget --header="Host: forum.kde.org" https://[2a02:e980:e::22]/ --2016-08-27 19:55:38-- https://[2a02:e980:e::22]/ Connecting to [2a02:e980:e::22]:443... connected. Unable to establish SSL connection. [dut@void ~]$ wget --no-check-certificate --header="Host: forum.kde.org" https://[2a02:e980:15::22]/ --2016-08-27 19:56:08-- https://[2a02:e980:15::22]/ Connecting to [2a02:e980:15::22]:443... connected. WARNING: certificate common name ‘incapsula.com’ doesn't match requested host name ‘2a02:e980:15::22’. HTTP request sent, awaiting response... 200 OK Cookie coming from 2a02:e980:15::22 attempted to set domain to forum.kde.org Cookie coming from 2a02:e980:15::22 attempted to set domain to forum.kde.org Cookie coming from 2a02:e980:15::22 attempted to set domain to forum.kde.org Cookie coming from 2a02:e980:15::22 attempted to set domain to kde.org Cookie coming from 2a02:e980:15::22 attempted to set domain to kde.org Length: unspecified [text/html] Saving to: ‘index.html’ index.html [ <=> ] 58.04K 122KB/s in 0.5s 2016-08-27 19:56:11 (122 KB/s) - ‘index.html’ saved [59438] Can you, please, try to check it? Thanks. Sean, for temporary workaround you can just add forum.kde.org community.kde.org and so on to /etc/hosts with appropriate ipv6 addresses. |