• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPV6 tunnel - ping works but TCP / browsing doesn't

Started by RossNicol, April 13, 2023, 12:23:37 PM

Previous topic - Next topic

RossNicol

Hi,

I'm trying to get IPV6 working for the machines on my lan using an HE tunnel using a Raspberry Pi as the local endpoint.

The problem is that although I can get the tunnel to establish, the machines on the LAN all get addresses in the HE prefix, and pinging ipv6.google.com works from all of them, any attempt to browse using ipv6 fails and running the various checkers don't pick up my IPV6 address. Also if I try and install something on one of the PIs I have, it fails saying it can't access a site - quoting the IPV6 address, so presumably the same problem.

I've done some research and came across a few posts that suggest that this could be down to a bug in the Broadcom chipset in my router and I need to turn off flow cache, but I've also had someone say that because the PI is the endpoint then the router chipset isn't relevant.

Can anyone help?

For info, I'm in the UK using Vodafone full fibre internet, using a Raspberry PI4 as the tunnel endpoint. The PI is behind the router using NAT. I have a static IP from Vodafone and the PI is assigned a specific reserved address by the DHCP on the router.

The various configs etc are :

On the Raspberry PI :

he-ipv6 in /etc/network/interfaces.d

auto he-ipv6
iface he-ipv6 inet6 v4tunnel
        address 2001:xxx:1f1c:yyy::2
        netmask 64
        endpoint 216.66.88.98
        local 192.168.66.77
        ttl 255
        gateway 2001:xxx:1f1c:yyy::1

up ip addr add 2001:xxx:1f1d:yyy::1/64 dev wlan0

ifconfig wlan0

wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.66.77  netmask 255.255.255.0  broadcast 192.168.66.255
        inet6 fe80::7b20:a60f:cd65:73cc  prefixlen 64  scopeid 0x20<link>
        inet6 2001:xxx:1f1d:yyy::1  prefixlen 64  scopeid 0x0<global>
        ether dc:a6:32:4c:4b:36  txqueuelen 1000  (Ethernet)
        RX packets 1836894  bytes 970491418 (925.5 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 1098147  bytes 852685368 (813.1 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

radvd.conf

interface wlan0
{
  IgnoreIfMissing on;
  AdvManagedFlag off;
  AdvSendAdvert on;
  MinRtrAdvInterval 3;
  MaxRtrAdvInterval 10;
  AdvOtherConfigFlag on;
  AdvLinkMTU 1480;
  prefix 2001:xxx:1f1d:yyy::/64
  {
  AdvOnLink on;
  AdvAutonomous on;
  AdvRouterAddr on;
  };
};

route -6

localhost/128                  [::]                       U    256 2     0 lo
tunnel588721.tunnel.tserv1.lon2.ipv6.he.net/128 [::]      U    1024 1    0 he-ipv6                                                           
2001:xxx:1f1c:yyy::/64         [::]                       Un   256 2     0 he-ipv6                                                                       
2001:xxx:1f1d:yyy::/64         [::]                       U    256 1     0 wlan0
fe80::/64                      [::]                       Un   256 1     0 he-ipv6                                                                           
fe80::/64                      [::]                       U    256 1     0 wlan0
[::]/0               tunnel588721.tunnel.tserv1.lon2.ipv6.he.net UGH 1024 4     0 he-ipv6                                                                             
localhost/128                  [::]                       Un   0   5     0 lo
2001:xxx:1f1c:yyy::/128        [::]                       Un   0   3     0 he-ipv6                                                                             
tunnel588721-pt.tunnel.tserv1.lon2.ipv6.he.net/128 [::]   Un   0   5     0 he-ipv6                                                                           
2001:xxx:1f1d:yyy::/128        [::]                       Un   0   3     0 wlan0
2001:xxx:1f1d:yyy::1/128       [::]                       Un   0   3     0 wlan0
fe80::/128                     [::]                       Un   0   3     0 he-ipv6                                                                           
fe80::/128                     [::]                       Un   0   3     0 wlan0
fe80::c0a8:424d/128            [::]                       Un   0   5     0 he-ipv6                                                                             
fe80::7b20:a60f:cd65:73cc/128  [::]                       Un   0   4     0 wlan0
ff00::/8                       [::]                       U    256 1     0 he-ipv6                                                                             
ff00::/8                       [::]                       U    256 5     0 wlan0
[::]/0                         [::]                       !n   -1  1     0 lo

Windows 11 client:

ipconfig

Wireless LAN adapter WiFi:

   Connection-specific DNS Suffix  . : broadband
   IPv6 Address. . . . . . . . . . . : 2001:xxx:1f1d:yyy:e4de:254f:6be3:6bbc
   Temporary IPv6 Address. . . . . . : 2001:xxx:1f1d:yyy:c063:996f:d09b:1ca8
   Link-local IPv6 Address . . . . . : fe80::b03f:933c:907:2ce9%2
   IPv4 Address. . . . . . . . . . . : 192.168.66.87
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::7b20:a60f:cd65:73cc%2
                                       192.168.66.250
route -6 print

 If Metric Network Destination      Gateway
  2    291 ::/0                     fe80::7b20:a60f:cd65:73cc
  1    331 ::1/128                  On-link
  2    291 2001:xxx:1f1d:yyy::/64   On-link
  2    291 2001:xxx:1f1d:yyy:c063:996f:d09b:1ca8/128
                                    On-link
  2    291 2001:xxx:1f1d:yyy:e4de:254f:6be3:6bbc/128
                                    On-link
  2    291 fe80::/64                On-link
  2    291 fe80::b03f:933c:907:2ce9/128
                                    On-link
  1    331 ff00::/8                 On-link
  2    291 ff00::/8                 On-link

Any help appreciated.

Thanks

RossNicol

Hi again,

Sorry for replying to my own post, but I've had a reply in the Vodafone forum where I'd posted as well which appears to have solved the problem.

I'd left the MTU of the tunnel at it's defaults, but was advised to set it at 1452 at both ends, and sure enough, this seems to have solved the problem, with all the tests now working fine, and ipv6 only sites accessible without any problems.

I've taken the tunnel down to do some fine tuning, including firewalling the IPV6 side (I'd left it open for testing) but looks like the issue is solved.

Just wanted to report back here in case it helps anyone else.

Ross