Tunnel fails with icmp(v4) port unreachable errors

[xeocode]

I set up a linux machine on a public non-NATed address with a tunnel using the iproute2 commands. Everything looks fine. When I run ping6 ipv6.google.com however I get no responses.

When I run tcpdump I see icmp proto 41 port 0 unreachable errors coming from the he.net tunnel endpoint.

Looking into it further with wireshark I see the embedded outgoing packets have ttl 248 and the tunnel endpoint is hop 8 from me so I think it made it either to he.net or to the border router one hop before -- not sure.

One thing jumps out at me though. When the packet leaves my workstation it has a DSCP of 0. When it comes back in the error it has a DSCP of 0x6. (QoS min-latency + max-bandwidth). Experimenting with ping -t it seems this is being added by the ISP router one hop away from me.

Do he.net's tunnel end-points freak out if they see an invalid DSCP? I haven't noticed any problems generally with ipv4 and I seem to be able to ping he.net's tunnel endpoint with an ipv4 ping so I would guess not, but it's the only thing I can spot that looks odd.