path MTU discovery problem



  • Hello!

    I have a gif interface with MTU 1452 set. When I send packages of 1452 bytes size it works out correctly:

    20:12:05.543941 IP6 2001:XXX::2 > 2a02:2e0:3fe:1001:7777:772e:2:85: ICMP6, echo request, seq 1, length 1412
    20:12:05.565816 IP6 2a02:2e0:3fe:1001:7777:772e:2:85 > 2001:XXX::2: ICMP6, echo reply, seq 1, length 1412

    But when i rais the size about 1 byte I expectedly get a "message to big" message:

    20:14:46.282562 IP6 2001:XXX::2 > 2a02:2e0:3fe:1001:7777:772e:2:85: ICMP6, echo request, seq 1, length 1413
    20:14:46.282917 IP6 2001:XXX::1 > 2001:XXX::2: ICMP6, packet too big, mtu 1452, length 1240

    The client learns the path mtu correctly and fragments the packages afterwards, but the fragments don't get past the pfsense router for some reason:

    20:16:12.338663 IP6 2001:XXX::2 > 2a02:2e0:3fe:1001:7777:772e:2:85: frag (0|1400) ICMP6, echo request, seq 1, length 1400
    20:16:12.338694 IP6 2001:XXX::2 > 2a02:2e0:3fe:1001:7777:772e:2:85: frag (1400|13)
    20:16:12.339201 IP6 2001:XXX::1 > 2001:XXX::2: ICMP6, destination unreachable, unreachable address 2a02:2e0:3fe:1001:7777:772e:2:85, length 69

    pfsense now tells me destination is unreachable but why???
    Does anyone have a clue what is going on here?