PfSense + Sixxs + PPPoE
-
Hello forum,
I'll start off with some background information and hopefully enough information to shed some light on my problem.
Running pfSense 2.2.3-RELEASE (i386) on an ALIX board.
My connection is VDSL2+ and my ISP uses PPPoE. I have bridged an intenio modem so the PPPoE connection is set up directly on my pfSense and everything if working fine in that regards.
Sixxs is my tunnel broker. I have a working setup where I have a /64 routed to me. This is also working fine and my IPv6 DHCP Server is correctly providing clients with IPs from my subnet.
So far, so good. And here's my problem:
ICMP works fine, TCP does not. Web pages on IPv6 don't load. If I do packet traces I can see connections being initiated, but then nothing more. Chrome says "Waiting for …." (indicating the connection has been made, but then fails). If I apply the correct rules, people can connect to my IPv6 ip and load my index.html (an "It works!" page). However, if they try to download a generated 10MB file, it will fail after a short period of time.
I can ping any ipv6 host. Any ipv6 host can ping me.
My sixxs tunnel is set to MTU 1280 (minimum). I have tried replicating this MTU all over, with no luck. I have tried different MSS clampings, to no avail. I tried disabling scrub rules, no luck. I tried enabling/disabling the offloading rules, no luck.
I have found some vague hints that there might be a bug in pfSense, where fragmented packets get dropped. Could this be something hitting me?
Any other ideas to what I could try?
-
Try forcing router advertisements to send 1280 for the MTU. Edit /var/etc/radvd.conf and change AdvLinkMTU to 1280. Then send a SIGHUP to radvd.
-
Thanks for your suggestion, but it had no effect. I even tried forcing the client MTU by settning it manually - still didn't help.
-
Force MTU 1492 on all LAN's with IPv6 using GUI menu [Interfaces] ?
-
I have tried that. And lower. Still no go.
I have pretty much been at this for over a week. I have traversed google just about a million times. I have tried and retried all suggestions I have found there. Nothing has worked for me. I think I need some magic.
Are there any spectacular test-cases I could try, to definitely nail my problem so I know 100% for sure what I am dealing with? I am guessing MTU (but nothing has helped when I have forced lower MTUs) or pfSense having trouble with segmentation or something (I have nothing other than old error reports, confirming this at least WAS a problem before).
-
Set MTU = 1452 and MSS = 1432 on your tunnel interface. Put whatever you did elsewhere back to defaults. The tunnel should be set to 1452 as well. Does not work? Move to https://www.tunnelbroker.net/ and forget this Sixxxxxxxs junk.
-
Set MTU = 1452 and MSS = 1432 on your tunnel interface. Put whatever you did elsewhere back to defaults. The tunnel should be set to 1452 as well. Does not work? Move to https://www.tunnelbroker.net/ and forget this Sixxxxxxxs junk.
Tried that just now. Got tunnelbroker.net up and running in a matter of minutes, with working DHCP. Exactly the same symptoms, even though I set interface MTU/MSS pluss tunnel MTU…
-
Talk to your ISP.
-
Tried that as well actually.
They "don't support ipv6".
Fantastic ISP, I know.
-
When they don't support it, they should at least stop breaking it.
Frankly, time to find a new ISP. This thing just works (pretty much everywhere when you drop the MTU to 1280) unless some lame ISP screws that intentionally or just by some clueless misconfiguration of their equipment.
