[horde] Clients with multiple IP addresses being forcibly logged out

Arjen de Korte arjen+horde at de-korte.org
Fri Aug 26 09:59:15 UTC 2016 

Citeren Ole Wolf <wolf at blazingangles.com>:

> Quoting Arjen de Korte <arjen+horde at de-korte.org>:
>
>>> Obviously, 'happy eyeballs' (RFC 6555) isn't working for you.  
>>> Which browser is this? Usually, HE should make sure that you have  
>>> consistent IPv4 or IPv6 connections, not both intermingled. Either  
>>> you have a broken HE implementation, or your IPv6 connection is  
>>> unstable. Note that the latter can also be caused by a too short  
>>> SLAAC interval, causing the IPv6 address to change within a  
>>> session. Currently Horde can't cope with that. I already wrote an  
>>> enhancement request, but this is not implented yet (as far as I  
>>> knowl.
>>
>>> I realize it's a security feature, but here's the problem:   
>>> multiple client IP addresses is a valid setup (e.g., caused by  
>>> IPv4 aliases, multiple network cards, or multiple IPv6 addresses),  
>>> so how do I resolve this? Is there a configuration option in Horde  
>>> that I can't find that allows me to disable the IP address  
>>> verification?
>>>
>
> I originally thought it was the SLAAC interval, too, but the IP  
> change is between IPv4 and IPv6 addresses. I'd have expected the  
> connection to always use the IPv6 address if available, but  
> apparently it doesn't.
>
> I'm using the most recent release of the Chrome Browser for Linux  
> (and Windows, for that matter) as of this writing, but it's been  
> happening for a few years.

I have been running Horde in a dual stacked environment for a bit over  
two years now and have to admit, I have never seen this behavior here.  
Most IPv6 connections are from the LAN though, so the connection to  
the server Horde is running on is rock solid. This might be the reason  
why our browsers (mostly Mozilla Firefox) never need to fallback to  
IPv4. If the difference in RTT for the IPv4 and IPv6 connection is in  
the order of the preference used by Chrome (300 ms if memory serves,  
https://irtf.org/anrw/2016/anrw16-final9.pdf), HE will fail to provide  
a consistent IPv4 or IPv6 connection. Unless you experience a lot of  
packet loss on your IPv6 connection, this would be my guess what is  
happening.

More information about the horde mailing list