Hi All!
I wanted to thank everyone for their help with the google issue I’m having. It is not resolved but I’ve made some discoveries. It looks like a fair number of the ampr.org sites that come up on google may in fact be done via BGP. Rob’s is and the others that I did a traceroute on, terminate on an address that is not 44. But that said, I now think this is a 100% Google issue. I don’t know what kind of stupidity they are up to but Yandex and Bing, have no problems indexing my site. I have read of others having similar issues. Bing and Yandex actually use Google’s same system for verification and they crawl just fine.
73 Roger VA7LBB
On May 9, 2019, at 02:09, Rob Janssen pe1chl@amsat.org wrote:
Now that I know where to look.. PMTU has caused me a lot of headache lately. I believe it could be the problem. Sending large packets to 44.135.179.28 yields no reply. tracepath does send back need to frag, but when TTL expires at amprgw.ucsd.edu. I believe amprgw.ucsd.edu should send back need-to-frag for higher TTLs as well.
That is always a bit tricky, often those packets *are* sent back but they are blocked somewhere closer to the client, and/or the TCP stack of the system does not process them in a reasonable way.
It is possible to work around that by adjusting the MSS of a TCP SYN passing the point where outgoing MTU is smaller than incoming MTU (incidentally something that I invented and implemented in NET in 1995, but later almost any router and routing software started to support it) so as a result the TCP segments sent by the endpoints will be smaller and won't need to be fragmented.
Roger can do that on his own server, e.g. like this:
iptables -t mangle -A INPUT -p tcp --syn -j TCPMSS --set-mss 1400 iptables -t mangle -A OUTPUT -p tcp --syn -j TCPMSS --set-mss 1400
Or on a router/gateway along the path (using FORWARD instead of INPUT/OUTPUT).
However, I'm not convinced that this is the problem as the site works OK for me over internet. Why wouldn't it work for Google then?
Rob