I have been trying to make the Hurricane Electric IPv6 tunnel work on my Mikrotik RB2011 for a few days now. I had it working in the past but removed the configuration.
Now I am trying to configure it again and I have a strange issue. The tunnel gets setup correctly and I can Ping6 through it without issues and all of the UDP protocols work perfectly. When trying to make this work with TCP the session does not get stablished. I have been doing some packet captures and I am attaching three files; one for the client side, one from the server side and the last one from the ethernet interface in the router that creates the PPPoE session.
The TCP handshake starts normally and the TCP MSS is changed as per the Mangle rule in the IPv6 Firewall section. What happens is strange.
- In the client side I can see the SYN (client), SYN-ACK (server); ACK (client) correctly. After that there is a lot of retransmissions for the serverīs original SYN-ACK and the clients original ACK.
- In the server side I can only see the SYN (client) and SYN-ACK (server) but no ACK from the client. After that I can see a lot of retransmissions of the servers original SYN-ACK.
- In the pope facing ethernet port I can see SYN (client), SYN-ACK (server); ACK (client). However in the client ACKs (both original and retransmissions) the PPPoE session has an error in the sniffer capture that the payload length is incorrect/malformed.
So it is clear that the router is not forwarding the traffic contained in the PPPoE frames and it is dropping it.
I have played a lot with the TCP MSS settings, I am fairly certain that it is not the issue, and have removed any IPv6 Firewall rules.
If anyone can check my packet captures and give my any pointers it will be appreciated!