6in4 IPv6 stops working after a while on AX88U

toaruScar

Regular Contributor
I bought an AX-88U to replace my old router.
I use 6in4 provided by HE's tunnelbroker to enable IPv6 on my LAN.
I have been using HE's 6in4 for a long time with my old router and it was able to go on for months without interruption.
Now with my new AX88U, IPv6 connection stops working after 3-5 hours after booting up.

When IPv6 fails, all clients can't ping hosts outside lan. Using tcpdump, I can see that ICMPv6 echo requests arrive at br0 but no 6in4 packet leaves eth0 (the WAN port). Newly joined client can still get advertised IPv6 addresses.
The router can ping outside hosts, it can also ping gateway. But it can not establish TCP connections over IPv6. It would send out a SYN, and receive SYN/ACK, but fail to respond with an ACK, resulting many retransmissions and ultimately a timeout.

I have ping6 running on one host and all off a sudden ICMPv6 echo reply just stops coming in.

I tried disabling flow cache and/or runner, both are HW acceleration provided by the chip which is known to cause some problem in the past, but that doesn't help.

I tried turning off AiProtection and firewalls for both IPv6 and IPv4. Doesn't help.

I tried disabling reverse path filter in the kernel, doesn't help.

Nothing happens in the log when IPv6 stops working.

I have factory reset the router and enabled only 6in4 but it only postpones the inevitable.
I have tried both latest stock and Merlin.

I played with MTU but it doesn't help. I do not use PPPoE to get online anyway. It also works for hours so it's unlikely the MTU.

I tried toggling IPv6 and it doesn't help.

Only reboot helps.

I'm at my wit's end.
 
Last edited:

ColinTaylor

Part of the Furniture
It's a requirement for using HE's 6in4 service. It's not used for "normal" DDNS purposes. As well as verifying your IP address with HE it inserts a firewall rule on the router.

 

toaruScar

Regular Contributor
I understand that the pourpose of a tunnelbroket.ent "DDNS" is to report the IPv4 address of my router so HE's 6in4 server could authenticate my traffic, but my IPv4 address does not change, and is already reported to HE. So I don't think any further update is necessary. My old router does not periodically report its IPv4 address and 6in4 works fine on it.

I also understand that the only rule in the script is to allow ICMP on WAN from a specific host. But I have already disabled IPv4 firewall, so all ICMPs are welcome and will be responded to. So I think I have met the requirements for using HE's 6in4, without using the DDNS function.

So I think I've done all of what the script is trying to achieve, and therefore not enabling DDNS could be ruled out for now. But I will still try it. You never know.
 

ColinTaylor

Part of the Furniture
I also understand that the only rule in the script is to allow ICMP on WAN from a specific host. But I have already disabled IPv4 firewall, so all ICMPs are welcome and will be responded to.
My suspicion was that you were blocking incoming pings either by the firewall or by a third-party script. If that's not the case you should be OK.

BTW I hope you meant that you have enabled ping from WAN have not actually disabled the entire firewall?
 

toaruScar

Regular Contributor
My suspicion was that you were blocking incoming pings either by the firewall or by a third-party script. If that's not the case you should be OK.

BTW I hope you meant that you have enabled ping from WAN have not actually disabled the entire firewall?
The IPv4 ping is working fine all the time. Router can ping outside, outside can ping router, clients can ping outside.

I disabled all firewalls via webGUI. I want to rule out possible casues. The router's only client now is a raspberry pi 4. Nothing to lose.
 

ColinTaylor

Part of the Furniture
I disabled all firewalls via webGUI. I want to rule out possible casues. The router's only client now is a raspberry pi 4. Nothing to lose.
The router's firewall is primarily there to stop the router exposing its own services to the internet, not so much to protect LAN clients.
 

ColinTaylor

Part of the Furniture
Were you able to fix this problem?
 

toaruScar

Regular Contributor
It seems that this has something to to with torrenting. I'm seeding lots of downloads on my local server. Whenever I restart all my tasks, IPv6 will fail.
 

toaruScar

Regular Contributor
It seems that this problem is caused by booting up the router with 6in4 enabled.
If I disable 6in4, then do a reboot, then re-enable 6in4, 6in4 would work indefinitely.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top