Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Weird issue with Google services  (Read 2325 times)

eduperez

  • Newbie
  • *
  • Posts: 5
Weird issue with Google services
« on: June 15, 2015, 06:27:37 AM »

I have been using the HE tunnel broker for a time, and everything seems to be working perfectly, except for one issue that I do not know how to debug. I have a OpenWRT router, that manages the tunnel, and a Linux box, running the GNOME Desktop. I haven't noticed any problem to reach any server while the tunnel is open; however, all GNOME's connections to Google's services seem to time-out quite frequently. For example, some day I can open my mailboxes at Google from Evolution, and some day Evolution cannot identify itself because of network errors; in those cases, disabling the HE tunnel fixes the issue.

The weird part is that, even when Evolution seems to be having issues, I can reach accounts.google.com from a browser; so it does not seem like a network error. But it also does not seem like a problem at Evolution, as most of the times it can authenticate itself properly. Any hints on how to debug what is wrong here, please?
Logged

kriteknetworks

  • Sr. Member
  • ****
  • Posts: 261
    • aRDy Music
Re: Weird issue with Google services
« Reply #1 on: June 15, 2015, 06:40:24 AM »

tcpdump the connection(s).
Logged

evantkh

  • Full Member
  • ***
  • Posts: 122
Re: Weird issue with Google services
« Reply #2 on: June 16, 2015, 05:14:09 PM »

Are you blocking ICMPv6?
Logged

eduperez

  • Newbie
  • *
  • Posts: 5
Re: Weird issue with Google services
« Reply #3 on: June 17, 2015, 04:53:09 AM »

tcpdump the connection(s).

I will, next time it starts failing again; thanks for the pointer.

Are you blocking ICMPv6?

The router is a OpenWRT box, and it is configured to allow the INPUT of the following ICMPv6 types:
Code: [Select]
echo-request
echo-reply
destination-unreachable
packet-too-big
time-exceeded
bad-header
unknown-header-type
router-solicitation
neighbour-solicitation
router-advertisement
neighbour-advertisement
and FORWARDING these ICMPv6 types:
Code: [Select]
echo-request
echo-reply
destination-unreachable
packet-too-big
time-exceeded
bad-header
unknown-header-type
however, both rules impose a limit of 1000 packets per second.

The client is a Linux (Fedora 21) box, it is configured to allow "dhcpv6-client", and all ICMPv6 types except for "source-quench".
Logged

evantkh

  • Full Member
  • ***
  • Posts: 122
Re: Weird issue with Google services
« Reply #4 on: June 17, 2015, 05:10:06 AM »

Then check the MTU configuration on tunnelbroker.net tunnel configuration and your openwrt router. Make sure they have the same value.
Logged

eduperez

  • Newbie
  • *
  • Posts: 5
Re: Weird issue with Google services
« Reply #5 on: June 17, 2015, 07:36:55 AM »

Then check the MTU configuration on tunnelbroker.net tunnel configuration and your openwrt router. Make sure they have the same value.

My tunnel is configured at tunnelbroker.net with the default MTU value (1480), and there was no value specified at the OpenWRT end; however, the interface was being created with a MTU of only 1280. I changed the configuration on my end, and now the tunnel has a MTU of 1480. So far, everything seems to be working, I will wait a couple of days, and see if the problem reproduces.

May thanks!
Logged

eduperez

  • Newbie
  • *
  • Posts: 5
Re: Weird issue with Google services
« Reply #6 on: July 30, 2015, 09:43:05 AM »

Just as a follow-up, and for future reference:

Changing the MTU to 1480 solved most of the issues, but I still had intermittent connectivity problems with some sites. However, I later discovered that some sites (like "connect.facebook.net", for example) were completely blocked: I could establish a connection, but there was no traffic at all. Then I realized that my internet connection goes through a PPPoE tunnel, and has a MTU of 1492; thus, I had to reduce the MTU of the HE link down to 1472.

So far, I have not experienced any problem at all.
Logged