Hurricane Electric's IPv6 Tunnel Broker Forums

General IPv6 Topics => IPv6 Basics & Questions & General Chatter => Topic started by: mclovin on October 04, 2020, 01:43:07 PM

Title: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: mclovin on October 04, 2020, 01:43:07 PM
My IPv6 tunnel recently stopped working. I can PING, but TCP connections hangs. The tunnel works if I change the endpoint to my server. If I create a tunnel between my home computer and the server, I get the same problem. Thus I think it's a problem with my ISP provided home router. When I receive TCP packets (usually the SYN-ACK response) thru the tunnel, wireshark complains "Expert Info (Error/Malformed): Bogus IPv6 version" because the first 4 bytes of the IPv6 header have been zeroed! I tracerouted from my server to my home computer with one of the packets that gets corrupted, and all the routers including my home router have the correct header in the ICMP reply, so I think the corruption happens inside my network. My home router has a public IP and does NAT. There is no CGNAT.

Does anyone know why my router would do this? I thought it might be NAT trying to rewrite the TCP checksum, and assuming that the TCP header directly follows the IPv4 header, but it's the wrong offset and size. If the router assumes that the TCP header directly follows the IPv4 header, it tries to set source and destination port to zero, which doesn't make sense?
Title: Re: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: mikma on October 04, 2020, 03:31:48 PM
My home router has a public IP and does NAT.

The IPv6 tunnels use protocol 41 which can't be used with (many-to-one) NAT since protocol 41 doesn't use port numbers in the outer packet. (One-to-one NAT should work if it's supported in the router and can be configured for protocol 41.)
Title: Re: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: cholzhauer on October 04, 2020, 06:57:55 PM
Which router do you have?
Title: Re: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: mclovin on October 04, 2020, 10:52:05 PM
My home router has a public IP and does NAT.

The IPv6 tunnels use protocol 41 which can't be used with (many-to-one) NAT since protocol 41 doesn't use port numbers in the outer packet. (One-to-one NAT should work if it's supported in the router and can be configured for protocol 41.)
I think the router does NAT based only on the (source IP, destination IP) tuple.

Which router do you have?
Inteno EG400. I think it runs a modified OpenWRT.
Title: Re: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: ajyip6 on October 08, 2020, 02:27:10 PM
"I can PING, but TCP connections hangs" sounds very much like the problem I describe in the "Tunnel Problems" thread in the "Questions & Answers" forum in the "Tunnelbroker.net Specific Topics" section. There is no solution there either, but it would be interesting to know if your diagnostics are comparable with my diagnostics

Andy
Title: Re: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: mclovin on October 10, 2020, 03:21:06 AM
"I can PING, but TCP connections hangs" sounds very much like the problem I describe in the "Tunnel Problems" thread in the "Questions & Answers" forum in the "Tunnelbroker.net Specific Topics" section. There is no solution there either, but it would be interesting to know if your diagnostics are comparable with my diagnostics

Andy
My wget looks the same as yours. If you run wireshark (or maybe tcpdump) it should be quite easy to see if it's the same problem.
Title: Re: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: ajyip6 on October 10, 2020, 08:25:34 AM
I've added some tshark captures, though I don't think these show the same as you.

Sad thing is we're probably about 10 years to late for these forums to have enough traffic to help us  :(

Andy
Title: Re: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel
Post by: mclovin on October 10, 2020, 11:51:33 AM
I fixed the problem by replacing the ISP provided router now.