On Tue, 08 Sep 2009, Allen Kistler wrote:
In case other 6to4 clients can't figure out why fp.o is beyond
reach over IPv6, here's some fixing I did to make access to fp.o over
6to4 work for me.
I hadn't had a problem with hanging connections to other IPv6 sites, but
I have for fp.o. I heard from Mike M on IRC that others had reduced
their MTU to get 6to4 to work with fp.o.
Starting there, my eventual solution was to put the following in the
mangle table in ip6tables on my 6to4 router (all one line, of course):
-A FORWARD -o tun6to4 -p tcp --tcp-flags SYN,RST SYN -j TCPMSS
6to4 has an MTU of 1480 for most people, but 1472 for DSL. Probably
something isn't generating an ICMP packet-too-big to send back to fp.o
when the link MTU drops. Alternatively the packet could be getting
dropped in transit or ignored by fp.o. Of course, clamping MSS in
ip6tables only works for TCP.
I also have 6to4 setup on my home machine. I'm no IPv6 expert (or networking
expert, really), but I believe two things should be happening here:
1. the packet too big ICMP message should be coming from your tunnel box
2. the MSS and path MTU should already be set even before it gets to this
point, in the router advertisement messages.
I suspect that since you have a smaller MTU than default, changing the MTU on
your tunnel interface should solve the #1 problem (ip -6 link set dev tun6to4 mtu
Changing your radvd.conf (if you're using radvd) to have "AdvLinkMTU 1472;"
should fix #2.
To verify the changes took effect, you can look for the router advertisement
message, seen via "tcpdump -nvs 1500 ip6":
16:18:48.435516 IP6 (hlim 255, next-header ICMPv6 (58) payload length: 64)
fe80::200:ff:fe00:0 > ff02::1: [icmp6 sum ok] ICMP6, router advertisement,
mtu option (5), length 8 (1): 1480
You can see this in "ip -6 route | grep default" in a client box:
default via fe80::200:ff:fe00:0 dev peth2 proto kernel metric 1024 expires
0sec mtu 1480 advmss 1420 hoplimit 64
(I should mention that curl over my 6to4 tunnel works fine with a mtu of 1480
getting the fedoraproject front page)