I suddenly discovered my 4G provider stopped using CGNAT, so I set up a tunnel to stockholm.
I'm running on pfSense, I have currently no deny rules, and have setup everything to allow (Naturally will change that later ;-) )
I can ping the server endpoint (IPv4+IPv6) from inside, so the tunnel appears to be up, however I can not ping any further.
With tcpdump on the GIF interface, I can see pfsense xxx:2 pinging the server xxx:1 and the reply coming back
If I ping anything else (or try anything else, like http or ssh) I see packets from pfsense xxx:2 to the destination, but nothing coming back
If I traceroute from outside to client (xxx:2), last jump is tserv1.sto1.he.net, 2001:470:0:11e::2, then no reply from next hop.
If I traceroute from outside to server (xxx:1), I get there. (I have a VPS in France)
To me it seems like a routing problem at sto1.he.net, but what do I know?
I changed tunnel to Berlin, and it worked right out of the box.
So something seemed tohave gone wrong in Stockholm, and Berlin seems to be nearer anyway.