• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

IPv6 tunnel on ASUS RT-AC3100 has intermitent issues

Started by isdj, August 11, 2020, 10:39:55 AM

Previous topic - Next topic

isdj

Hello,

I recently configured my ASUS RT-AC3100 to use HE's IPv6 tunnel, but I'm experiencing a strange issue.  The tunnel works fine for a while (a few hours, based on what I've seen), but then it stops working for some use cases.  For example, I'm unable to browse the web and access IPv6-enabled websites.  However, I confirmed that I am still able to use ping6/traceroute6, for example.

My configurations is as follows:

Tunnel type: 6in4
Server IPv4 Address: 216.66.38.58
Client IPv6 Address: 2001:470:1c:XXX::X
IPv6 Prefix Length: 64
Server IPv6 Address: 2001:470:1c:XXX::X
Tunnel MTU: 1480
Tunnel TTL: 255

LAN Prefix Length: 64
LAN IPv6 Prefix: 2001:470:1d:XXX::

IPv6 DNS Server 1: 2001:470:20::2

I tried searching the web for similar issues, but could not find anything helpful.  I found something about protocol 41 packets and filtering rules, but my router doesn't have the option to tweak these things.

Has anyone experienced this?  I can provide more information if needed.

Thanks!

cholzhauer

I have my tunnel on an ASUS router (I forget the model, but it's probably older than yours) and haven't run into that issue.  The posts you're referring to probably have to deal with an over-eager router/firewall/NAT device cutting off the tunnel if there is no traffic for a certain period of time; the fix for that is *usually* to run a cron job that sends pings every so often to keep the tunnel up.

As for your issue, is there a firmware upgrade you can do?  Have you changed any settings from the default that might impact this?

isdj

Quote from: cholzhauer on August 11, 2020, 10:44:05 AM
I have my tunnel on an ASUS router (I forget the model, but it's probably older than yours) and haven't run into that issue.  The posts you're referring to probably have to deal with an over-eager router/firewall/NAT device cutting off the tunnel if there is no traffic for a certain period of time; the fix for that is *usually* to run a cron job that sends pings every so often to keep the tunnel up.

As for your issue, is there a firmware upgrade you can do?  Have you changed any settings from the default that might impact this?

Thanks for the reply.  I'm already running the latest stock firmware, and I haven't changed any specific settings to make the router automatically cut off the tunnel due to inactivity.  I read about the ping workaround, but what's interesting is that I can still ping an IPv6 host normally even when the connection seems to have been dropped.  And even after I ping6, I'm still unable to access IPv6 websites.  From what I've read elsewhere, the tunnel would be restablished after people pinged a host, for example (which is not my case).

On my computer, I had the IPv6 privacy extensions enabled, and I disabled them just to test, but that didn't solve the issue either.

isdj

Some more info:

- The router firewall is enabled (default), and I configured it to respond to ICMP Echo requests because of the tunnel.

- The IPv6 firewall is also enabled (default).

- URL filter, Keyword filter and Network Services filter are all disabled.

- I'm using a PPPoE connection with VLAN tagging (required by my ISP).

These are all the details I can think of that could perhaps impact the tunnel.

isdj

OK, I think I managed to solve the issue.  It was related to the MTU value I was using.  Because my ISP uses PPPoE, I have to take into account the extra bytes required by the protocol.

Right now, I'm using (on both ends -- router and he.net) an MTU of 1460.  It's been working flawlessly for a few days now (before it would stop working after a few hours), so I'm considering this as fixed.  Just a note in case someone faces the same problem.