Hurricane Electric's IPv6 Tunnel Broker Forums

Advanced search  

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Author Topic: Home router zeroes first 4bytes of tunneled IPv6 header, breaking v6 tunnel  (Read 322 times)

mclovin

  • Newbie
  • *
  • Posts: 5

My IPv6 tunnel recently stopped working. I can PING, but TCP connections hangs. The tunnel works if I change the endpoint to my server. If I create a tunnel between my home computer and the server, I get the same problem. Thus I think it's a problem with my ISP provided home router. When I receive TCP packets (usually the SYN-ACK response) thru the tunnel, wireshark complains "Expert Info (Error/Malformed): Bogus IPv6 version" because the first 4 bytes of the IPv6 header have been zeroed! I tracerouted from my server to my home computer with one of the packets that gets corrupted, and all the routers including my home router have the correct header in the ICMP reply, so I think the corruption happens inside my network. My home router has a public IP and does NAT. There is no CGNAT.

Does anyone know why my router would do this? I thought it might be NAT trying to rewrite the TCP checksum, and assuming that the TCP header directly follows the IPv4 header, but it's the wrong offset and size. If the router assumes that the TCP header directly follows the IPv4 header, it tries to set source and destination port to zero, which doesn't make sense?
Logged

mikma

  • Newbie
  • *
  • Posts: 4

My home router has a public IP and does NAT.

The IPv6 tunnels use protocol 41 which can't be used with (many-to-one) NAT since protocol 41 doesn't use port numbers in the outer packet. (One-to-one NAT should work if it's supported in the router and can be configured for protocol 41.)
Logged

cholzhauer

  • Hero Member
  • *****
  • Posts: 2736

Which router do you have?
Logged

mclovin

  • Newbie
  • *
  • Posts: 5

My home router has a public IP and does NAT.

The IPv6 tunnels use protocol 41 which can't be used with (many-to-one) NAT since protocol 41 doesn't use port numbers in the outer packet. (One-to-one NAT should work if it's supported in the router and can be configured for protocol 41.)
I think the router does NAT based only on the (source IP, destination IP) tuple.

Which router do you have?
Inteno EG400. I think it runs a modified OpenWRT.
Logged

ajyip6

  • Newbie
  • *
  • Posts: 12

"I can PING, but TCP connections hangs" sounds very much like the problem I describe in the "Tunnel Problems" thread in the "Questions & Answers" forum in the "Tunnelbroker.net Specific Topics" section. There is no solution there either, but it would be interesting to know if your diagnostics are comparable with my diagnostics

Andy
Logged

mclovin

  • Newbie
  • *
  • Posts: 5

"I can PING, but TCP connections hangs" sounds very much like the problem I describe in the "Tunnel Problems" thread in the "Questions & Answers" forum in the "Tunnelbroker.net Specific Topics" section. There is no solution there either, but it would be interesting to know if your diagnostics are comparable with my diagnostics

Andy
My wget looks the same as yours. If you run wireshark (or maybe tcpdump) it should be quite easy to see if it's the same problem.
Logged

ajyip6

  • Newbie
  • *
  • Posts: 12

I've added some tshark captures, though I don't think these show the same as you.

Sad thing is we're probably about 10 years to late for these forums to have enough traffic to help us  :(

Andy
Logged

mclovin

  • Newbie
  • *
  • Posts: 5

I fixed the problem by replacing the ISP provided router now.
Logged