Text only | Text with Images

OPNsense Forum

English Forums => 25.1, 25.4 Production Series => Topic started by: dcrdev on July 09, 2025, 06:05:50 PM

Title: Infuriating problem & help - please
Post by: dcrdev on July 09, 2025, 06:05:50 PM
Ever since enabling dual stack on my network, I am encountering an infuriating problem where intermittently web pages will fail to load. This is particularly bad on YouTube - where every other video I click on I get Youtube's 'you are offline message'. When I look in the browser console - I simply see the message "the network connection was lost". Not sure what this means specifically, but I am fairly certain my connection is not dropping; this seems to be isolated to browsers only and continually pinging an address when this occurs results in no packet loss.

I really really tried to figure out what was going on with this - I ran a packet dump and filtered that down to the time/google's ip ranges. What I am able to observe is that for HTTP/3 traffic to google's servers at the time of the issues occurring - there are numerous tcp retransmissions. I am going to be the first to say that I am out of my depth on this one - something I had read suggested that this type of issue might be caused by MTU issues and retransmissions are a tell tale sign of this, but in the same sentence I read that under 1% of traffic in this state is normal?

Please help - I'm completely lost on this one and the problem is so infuriating.
Title: Re: Infuriating problem & help - please
Post by: meyergru on July 09, 2025, 07:03:20 PM
Does the problem go away when you disable IPv6?

Also, HTTP/3 uses a mix of TCP and UDP traffic. Depending on your firewall settings, you may experience problems when UDP is blocked or impaired.
Mind your, TCP will usually find out when the MTU is incorrect. UDP does not. So it might well be MTU problems.
Title: Re: Infuriating problem & help - please
Post by: dcrdev on July 10, 2025, 10:12:01 AM
Disabling ipv6 on the client-side does appear to fix the issue yes.

How would I know if UDP is impaired? On the blocked side - shouldn't be anything and there are no logs to suggest any traffic to these addresses is being blocked.

MTU-wise not sure how I diagnose that - it's set to 1500 and if I send a payload over that it appears to fragment correctly.
Title: Re: Infuriating problem & help - please
Post by: meyergru on July 10, 2025, 12:15:13 PM
The IPv6 MTU should be much loser, often 1280.

I would try some Public IPv6 test Sites for diagnosis.
Title: Re: Infuriating problem & help - please
Post by: dcrdev on July 10, 2025, 02:53:17 PM
Sorry I meant MTU on WAN is set to 1500

On LAN it's default/blank

"The IPv6 MTU should be much loser, often 1280."
Are you saying there is a seperate value for ipv6 vs ipv4? - I only see one opportunity to enter MTU on each interface and it's under general.

Re test sites:
https://test-ipv6.com - 10/10
https://ip6.biz - All green with the exception of reverse dns - which is not relevant

Text only | Text with Images