• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

Weird issue with Google services

Started by eduperez, June 15, 2015, 06:27:37 AM

Previous topic - Next topic

eduperez

I have been using the HE tunnel broker for a time, and everything seems to be working perfectly, except for one issue that I do not know how to debug. I have a OpenWRT router, that manages the tunnel, and a Linux box, running the GNOME Desktop. I haven't noticed any problem to reach any server while the tunnel is open; however, all GNOME's connections to Google's services seem to time-out quite frequently. For example, some day I can open my mailboxes at Google from Evolution, and some day Evolution cannot identify itself because of network errors; in those cases, disabling the HE tunnel fixes the issue.

The weird part is that, even when Evolution seems to be having issues, I can reach accounts.google.com from a browser; so it does not seem like a network error. But it also does not seem like a problem at Evolution, as most of the times it can authenticate itself properly. Any hints on how to debug what is wrong here, please?

kriteknetworks


evantkh


eduperez

Quote from: kriteknetworks on June 15, 2015, 06:40:24 AM
tcpdump the connection(s).

I will, next time it starts failing again; thanks for the pointer.

Quote from: evantkh on June 16, 2015, 05:14:09 PM
Are you blocking ICMPv6?

The router is a OpenWRT box, and it is configured to allow the INPUT of the following ICMPv6 types:

echo-request
echo-reply
destination-unreachable
packet-too-big
time-exceeded
bad-header
unknown-header-type
router-solicitation
neighbour-solicitation
router-advertisement
neighbour-advertisement

and FORWARDING these ICMPv6 types:

echo-request
echo-reply
destination-unreachable
packet-too-big
time-exceeded
bad-header
unknown-header-type

however, both rules impose a limit of 1000 packets per second.

The client is a Linux (Fedora 21) box, it is configured to allow "dhcpv6-client", and all ICMPv6 types except for "source-quench".

evantkh

Then check the MTU configuration on tunnelbroker.net tunnel configuration and your openwrt router. Make sure they have the same value.

eduperez

Quote from: evantkh on June 17, 2015, 05:10:06 AM
Then check the MTU configuration on tunnelbroker.net tunnel configuration and your openwrt router. Make sure they have the same value.

My tunnel is configured at tunnelbroker.net with the default MTU value (1480), and there was no value specified at the OpenWRT end; however, the interface was being created with a MTU of only 1280. I changed the configuration on my end, and now the tunnel has a MTU of 1480. So far, everything seems to be working, I will wait a couple of days, and see if the problem reproduces.

May thanks!

eduperez

Just as a follow-up, and for future reference:

Changing the MTU to 1480 solved most of the issues, but I still had intermittent connectivity problems with some sites. However, I later discovered that some sites (like "connect.facebook.net", for example) were completely blocked: I could establish a connection, but there was no traffic at all. Then I realized that my internet connection goes through a PPPoE tunnel, and has a MTU of 1492; thus, I had to reduce the MTU of the HE link down to 1472.

So far, I have not experienced any problem at all.