Another IPv6 weirdness with ISP
-
This one is driving me a little crazy, so apologies for the 'another ISP' thread, but I don't know where else to turn.
I'm with a UK ISP called IDNet who offer a /48 delegated IPv6 range.
My WAN interface uses DHCPv6 (PPPoE for IPv4) and I've got 'use IPv4 connectivity as parent interface' ticked.
My LAN is set up to use 'Track Interface' with a suitable Prefix ID set.
RA is set to 'Assisted'
( I'll apologise now for missing anything out!)My clients can get an address, they can ping both sides of the router, they can look up IPv6 DNS (pi-hole server, but I've tried other methods). Some sites connect just fine (ipv6.google.com), ifconfig.co will return my clients IPv6 address (Windows 10). So far so good.
But then there are other sites. If I go to test-ipv6.com, it reports issues. IPv6 tests fail after 15 seconds. One of my mail servers times out. Trying to get to forum.netgate.com times out.
I've wiped my pfsense (23.05) install and tried again, but with the same results. I believe the firewall to be OK ( a wildcard IPv4 rule and a wildcard IPv6 rule, both on the LAN side) - both have traffic counts which are reasonable.
I'm not even sure what to try next. I can look up a lot of the failing sites, and even do a TCP connection (to simulate the start of a web connection). I'm beginning to wonder if this is some sort of dual stack issue. But there again, none of this seems to make sense.
It feels like I've just missed something somewhere...
Help?!
-
-
@JKnott said in Another IPv6 weirdness with ISP:
What issues?
I knew I'd miss something.
IPv4 tests are OK. Any other test will time out after 15 seconds.
Opening one of the idividual tests in it's own tab will time out. -
Sounds like you don't have IPv6. When you go to ipv6.google.com, are you able to do anything?
-
@gromit1234 said in Another IPv6 weirdness with ISP:
they can look up IPv6 DNS (pi-hole server
via GUA or some link local address? You can look up a IPv6 address ie AAAA over IPv4..
-
@gromit1234 said in Another IPv6 weirdness with ISP:
If I go to test-ipv6.com, it reports issues
Ok, you didn't saw this one :
What you want to see and share is this one :
-
@gromit1234 said in Another IPv6 weirdness with ISP:
Help?!
Help offered - I'm also with iDNet (good idea going with a quality ISP over a cheap one) so can offer any settings you need.
๏ธ -
The physical WAN link (to my ONT) - Don't miss the 1508 MTU setting for PPPoE overhead:
Main LAN configuration:
Hope these help - if not just ask.
๏ธ -
@Gertjan You're right - I'd love to see those!
This is what I get:
If I I try one of the URLs which times out (e.g. the vm3 link) as an individual page, it still times out:
If I try a test-netconnection on port 443, it's OK:
-
@JKnott I get the usual Google page with ipv6.google.com. If I ask it what my IP is, it responds:
If I go to ifconfig.co, it tells me the same:
-
@RobbieTT
OMG - it was in there!
You're using FTTP (I think), but your point about MTU got me thinking....
The WAN was set to 1492 by the ISP. The LAN defaulted to 1500. I changed this to 1492 et voila!THANK YOU SO MUCH!
@JKnott @johnpoz @Gertjan Thank you for jumping in and helping. It was the MTU size which was killing packets... I finally got there!
-
@gromit1234 said in Another IPv6 weirdness with ISP:
@RobbieTT
OMG - it was in there!
You're using FTTP (I think), but your point about MTU got me thinking....
The WAN was set to 1492 by the ISP. The LAN defaulted to 1500. I changed this to 1492 et voila!THANK YOU SO MUCH!
No problem at all. It does not matter if you are on FTTP or not, the physical link on the WAN to your ADSL/VDSL2/G.fast modem should be 1508 MTU, allowing a normal 1500 MTU to traverse wearing the 8-byte PPPoE wrapper (ie as per my settings).
๏ธ
