Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Connectivity Issues with MTU/MSS over 6RD

    Scheduled Pinned Locked Moved IPv6
    2 Posts 2 Posters 715 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      Hi

      I sucessfully confurgured my pfSense so that I have IPv6 connectivity trought my ISP.

      Settings on WAN:
      IPv4: DCHP
      IPv6: 6rd Tunnel

      6rd Prefix, 6RD Border relay and 6RD IPv4 Prefix length is filled out with the values for my ISP. Working correclty. WAN Interface get his IPv6 address.

      Settings on LAN:
      IPv4: static
      IPv6: Track Interface (WAN, Prefix ID 0)

      On DHCPv6/RA I've only set the "Router Mode" to "assisted".

      Some ICMPv6 roules inbound to wan address and to LAN network.
      ICMPv6 outbound rule.
      Rule for Traffic (ipv4 and ipv6) with ports 80, 443… and so on.

      Now the problem is, I can connect to ipv6 ips with Ping, ssh or http but some sites/hosts I can't connect to.

      What I found out... If i set the MSS value on WAN interface to 1232, then I can connect to all hosts i tested. I don't like to set this because it also applies to all IPv4 connectivites.

      So connected with ssh to my pfsense and noticed that I have now a new interface named "wan_stf" with the IPv6 address assigned to with a MTU 1280.

      wan_stf: flags=4041 <up,running,link2>metric 0 mtu 1280
        inet6 2a02:xxxx:xxxx:xxxx:: prefixlen 28
        nd6 options=1 <performnud>v4net 92.xx.xx.xx/32 -> tv4br 193.5.xx.x</performnud></up,running,link2>

      WAN interface:

      em0: flags=8a43 <up,broadcast,running,allmulti,simplex,multicast>metric 0 mtu 1500
        options=9b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum>ether 00:0c:29:xx:xx:xx
        hwaddr 00:0c:29:xx:xx:xx
        inet6 fe80::20c:29ff:xxxx:xxxx%em0 prefixlen 64 scopeid 0x1
        inet 92.xx.xx.xx netmask 0xfffffc00 broadcast 92.xx.xx.xx
        nd6 options=21 <performnud,auto_linklocal>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active</full-duplex></performnud,auto_linklocal></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum></up,broadcast,running,allmulti,simplex,multicast>

      Why it does only work if I set the MSS to 1232 on WAN interface?
      Do I have to configure some other stuff to get it work without special MSS settings on interface?

      If you need more infos about my config .. or some logs let me know. :)

      Thank you.

      1 Reply Last reply Reply Quote 0
      • D
        darkcrucible
        last edited by

        How do you change the MSS on an interface? Did you mean MTU?

        I'd suggest trying again with all ICMP for IPv6 allowed to/from LAN & WAN in the firewall.

        If you have a Linux machine, try the tracepath6 command to a hostname that's giving you trouble. Usually it will tell you where the MTU on the link changes. Ideally run the command from the otherside to you as well for even more information on the PMTU.

        And maybe increase the MTU of wan_stf to 1480 (but only if you're not using PPPoE). FreeBSD also seems to have MTUs per route.
        For example, these commands can help you see what routes there are along with the diagnostics->routes page:
        netstat -r -n
        route -6 get default

        BTW the 1232 I think comes from the (1280B MTU - 20B IPv4 6rd header - 28B tcp header)?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.