Problem with IPv6 tunneling

[Bugaboo]

Problem: Bought a new AC86U router and set up IPv6 6in4 tunnel using Hurricane Electric tunnel broker as described in the wiki. But when I enable tunnel by updating my dynamic IP address to the tunnel service, most of the connections to the sites fail after timeout. Ping to the both IPv6 and IPv4 sites is ok.

I thought that it might be MTU issue. I've tried to determine it and played with different values in the IPv6 page settings and in tunnel setting on the HE site. Problem exists even with the minimum value of 1280 bytes. And, of course, test at http://test-ipv6.com completely fails, as it no ipv6 is configured on my machine.

On my previous router (AC66U) the same tunnel, with the same settings works perfectly. All tests at test-ipv6.com are passed and sites open without any problems. MTU is configured to 1480.

AC86U Firmware 384.5
AC66U Firmware 380.70

Any ideas?

 

[Bugaboo]

Update: I noticed that ssh sessions from the router to the ipv6 host establish successfully through the tunnel, whereas same connection from the lan PC fails. Capturing packets on the local machine revealed that tcp sessions do not establish. Running tcpdump on the router shows the same picture. I had also turned on logging of dropped packets to eliminate firewall issues, but found nothing suspicious.

I though it might be configuration issue and compared ip6tables, routing and dnsmasq settings with my working AC66u. No significant difference, except that AC86 doesn't send DHCPv6 reply packet, whereas AC66 does. Don't think that is related to my issue, but looks strange.

What's next?
1. Will try to find why packets are lost and connections do not establish.
2. Think over what's the difference between AC86 and AC66 in the routing subsytem? Issue in the firmware? smth related to the hardware?

 

[Seannon]

what tunneling service are you using? I'm on the latest firmware, and the setup was the easiest of any router I've set up, just copy/paste the values from the broker site to the config page...
I'll help if I can...

Seannon

 

[Bugaboo]

what tunneling service are you using? I'm on the latest firmware, and the setup was the easiest of any router I've set up, just copy/paste the values from the broker site to the config page...
I'll help if I can...

Seannon

I'm using Hurricane Electric https://tunnelbroker.net/

Update:
Finally I managed to overcome it. I discovered that someone was having the same issue - https://ttlexpired.co.uk/2016/02/12/ipv6-tunnel-and-failing-tcp-sessions/. But in my case running tcpdump doesn't fix it. I thought it might be some HW tech that drops packets, so I disabled both packet runner and flow cache by setting values in the nvram. Unfortunately it didn't help. A while ago I realized that the problem is caused by reverse path filter, so I turned it off with:

for i in /proc/sys/net/ipv4/conf/*/rp_filter ; do

  echo 0 > $i
done

and the tunnel fixed!