Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense + Sixxs + PPPoE

    Scheduled Pinned Locked Moved IPv6
    10 Posts 4 Posters 2.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • N
      narcissius
      last edited by

      Hello forum,

      I'll start off with some background information and hopefully enough information to shed some light on my problem.

      Running pfSense 2.2.3-RELEASE (i386)  on an ALIX board.

      My connection is VDSL2+ and my ISP uses PPPoE. I have bridged an intenio modem so the PPPoE connection is set up directly on my pfSense and everything if working fine in that regards.

      Sixxs is my tunnel broker. I have a working setup where I have a /64 routed to me. This is also working fine and my IPv6 DHCP Server is correctly providing clients with IPs from my subnet.

      So far, so good. And here's my problem:

      ICMP works fine, TCP does not. Web pages on IPv6 don't load. If I do packet traces I can see connections being initiated, but then nothing more. Chrome says "Waiting for …." (indicating the connection has been made, but then fails). If I apply the correct rules, people can connect to my IPv6 ip and load my index.html (an "It works!" page). However, if they try to download a generated 10MB file, it will fail after a short period of time.

      I can ping any ipv6 host. Any ipv6 host can ping me.

      My sixxs tunnel is set to MTU 1280 (minimum). I have tried replicating this MTU all over, with no luck. I have tried different MSS clampings, to no avail. I tried disabling scrub rules, no luck. I tried enabling/disabling the offloading rules, no luck.

      I have found some vague hints that there might be a bug in pfSense, where fragmented packets get dropped. Could this be something hitting me?

      Any other ideas to what I could try?

      1 Reply Last reply Reply Quote 0
      • demD
        dem
        last edited by

        Try forcing router advertisements to send 1280 for the MTU. Edit /var/etc/radvd.conf and change AdvLinkMTU to 1280. Then send a SIGHUP to radvd.

        1 Reply Last reply Reply Quote 0
        • N
          narcissius
          last edited by

          Thanks for your suggestion, but it had no effect. I even tried forcing the client MTU by settning it manually - still didn't help.

          1 Reply Last reply Reply Quote 0
          • H
            hda
            last edited by

            Force MTU 1492 on all LAN's with IPv6 using GUI menu [Interfaces] ?

            1 Reply Last reply Reply Quote 0
            • N
              narcissius
              last edited by

              I have tried that. And lower. Still no go.

              I have pretty much been at this for over a week. I have traversed google just about a million times. I have tried and retried all suggestions I have found there. Nothing has worked for me. I think I need some magic.

              Are there any spectacular test-cases I could try, to definitely nail my problem so I know 100% for sure what I am dealing with? I am guessing MTU (but nothing has helped when I have forced lower MTUs) or pfSense having trouble with segmentation or something (I have nothing other than old error reports, confirming this at least WAS a problem before).

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                Set MTU = 1452 and MSS = 1432 on your tunnel interface. Put whatever you did elsewhere back to defaults. The tunnel should be set to 1452 as well. Does not work? Move to https://www.tunnelbroker.net/ and forget this Sixxxxxxxs junk.

                1 Reply Last reply Reply Quote 0
                • N
                  narcissius
                  last edited by

                  @doktornotor:

                  Set MTU = 1452 and MSS = 1432 on your tunnel interface. Put whatever you did elsewhere back to defaults. The tunnel should be set to 1452 as well. Does not work? Move to https://www.tunnelbroker.net/ and forget this Sixxxxxxxs junk.

                  Tried that just now. Got tunnelbroker.net up and running in a matter of minutes, with working DHCP. Exactly the same symptoms, even though I set interface MTU/MSS pluss tunnel MTU…

                  1 Reply Last reply Reply Quote 0
                  • D
                    doktornotor Banned
                    last edited by

                    Talk to your ISP.

                    1 Reply Last reply Reply Quote 0
                    • N
                      narcissius
                      last edited by

                      Tried that as well actually.

                      They "don't support ipv6".

                      Fantastic ISP, I know.

                      1 Reply Last reply Reply Quote 0
                      • D
                        doktornotor Banned
                        last edited by

                        When they don't support it, they should at least stop breaking it.

                        Frankly, time to find a new ISP. This thing just works (pretty much everywhere when you drop the MTU to 1280) unless some lame ISP screws that intentionally or just by some clueless misconfiguration of their equipment.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.