Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange IPv6 connection problem

    Scheduled Pinned Locked Moved IPv6
    1 Posts 1 Posters 26 Views 1 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A Offline
      Alphaphi-by
      last edited by

      Hi all,

      today I would like to seek help for a connection problem which I was not able to solve for a while now. The description below is all about IPv6. V4 works fine.

      This is my setup:

                      internet
                    ^
                    |
              +---------+
              |  pppoe0 |
              |         |
              |   igb0  |
              +---------+
                    |
                    v
                 LAN/Wifi

      In the LAN, there are Windows, Linux and Android clients.

      Android Clients don't have any problem.

      Windows and Linux clients do have problems with a few websites, but not all.

      • Example for a problematic site: https://www143.your-server.de
      • Example for a working site: htps://ipv6.google.com or test-ipv6.com (10/10 points there)

      On the problematic site, the client just gets a timeout, for example:

      raspi$ time curl -6 -sS --max-time 10 https://www143.your-server.de
curl: (28) Connection timed out after 10001 milliseconds

real    0m10,066s
user    0m0,165s
sys     0m0,043s

      If I do the exact same call on the pfsense itself, it works without problems:

      /root: time curl -6 -sS --max-time 10 https://www143.your-server.de > /dev/null
0.068u 0.015s 0:00.13 53.8%     194+237k 0+0io 0pf+0w

      In my understanding this tells me that there must be a problem on the client (not likely) or on the pfSense (most likely). From the ISP (Dt. Telekom) onwards all works fine as we see.

      I took network traces on the raspi. What I see there is that the TCP handshake is OK (small packets), and I think also the get request goes out OK (packet no. 4 with length 591).
      raspi-failed.png

      When I take a trace on pppoe0 and make a working curl-call in the pfsense, I see the same packets going in and out, but then a couple of big packets come in, which contain the payload I guess (packets 6 and 7)
      pfSense-pppoe0-success.png

      Now all of this looks not very exciting. ICMP "Packet too big" is dropped by some paranoid filter, IPv6 black hole, that's it.
      BUT first of all: I don't see any such ICMP packet coming in on pppoe0. There is no ICMP traffic at all on pppoe0 when I run the curl call on the raspi.
      Secondly: I just don't have no firewall rule that would block ICMP.

      I suspect that the pfSense is misbehaving. The reason for this is that I played around with NPt. And I read somewhere that "Packet too big" messages get lost when NPt is active. However, I disabled NPt completely and deleted any related config. And anyway there are no packet-too-big packets anyway, so none can get lost.

      If someone is interested I can provide the trace files.

      Does anyone here have any idea what steps I could take next?

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.