[PVE-User] Possible MTU/PMTU/MSS issue with HE IPv6 tunnel over PPPoE DSL connection

Adam Hunt voxadam at gmail.com
Thu Aug 15 04:53:35 CEST 2013

So, I finally managed to get it up. My IPv6 tunnel that is. While I can
bring the tunnel up, test-ipv6.com gives me a passing grade, I can connect
to many sites via IPv6 (e.g. ipv6.google.com), and I've been able to ping
pretty much any v6 connected host without issue. The thing is I'm not able
to connect to all v6 sites (using my browser). Sites that I'm unable to
connect to include things that I "know" work such as pfsense.org,
doc.pfsense.org, freebsd.org, and others.

Below is a simplified diagram of my network. Aside from what's shown there
are a few wireless access points, some wireless clients, and various VMs
running on VMWare Workstation 9 on the Windows 7 workstation.

 (PPPoE, dyn IP)
   ZyXel Q100
VDSL modem/bridge
 pfSense 2.0-rc0
 10/100 ethernet
 (WRT54GS running
Windows 7 Workstaion

I did some chatting with a few people in #ipv6 (irc://irc.freenode.org/ipv6).
The prevailing theory is that my issues are related to an MTU mismatch. The
way I understand it is that PMTU is mandatory in IPv6. I'm not all that
familiar with tunneling to begin with and in this particular setup there
are more layers than I care for (PPPoE, and a 6in4 to HE).

Sigmund, my pfSense box, it's a Dell Latitude D620 laptop with an onboard
Broadcom gigabit NIC (bge driver) facing my LAN, and a DEC/Intel 21143
CardBus NIC (dc driver) on the WAN side attached to my DSL bridge which is
operating as a transparent bridge (RFC 1483). This setup has been up and
running flawlessly for months.

As for interfaces I have "CENTURYLINK" (aka WAN) connected to PPPOE0(dc0),
LAN connected to bge0, DSLBRIDGE (aka OPT1 that allows me to connect to the
DSL bridge's web interface) connected to bge0, and HEv6 connected to the
GIF tunnel.

Prior to my work on this tunnel all my MTUs have been untouched, left at
their default 1500 and everything has worked fine. After discovering the
issue of not being able to connect to some sites via v6 I started playing
around with the MUTs on various interfaces. Occasionally I was able to
successfully connect via v6 to some of the sites that I had previously been
unable to browse to. If memory serves things worked when I set the MTU on
my HEv6 interface to the minimum allowed for IPv6 1280. The part that
confuses the hell out of me is that it wouldn't work all the time.
Sometimes I could connect, the next time the connection timed out.

I'm pretty new to IPv6. I'm entirely unfamiliar with PMTU and MSS so at a
certain point I'm just making random changes and seeing what happens (I
kind of feel like a kid with a fork and an electrical outlet).

Is there anyone out there that might be able to give me some idea of where
I should go from here? I'd appreciate any help that you can give.

Thanks for your time.

