IPv6 Only PPPoE with AFTR/GIF Tunnel for IPv4 Connectivity (Deutsche Giganetz)

[jobraun2]

Hey, so I just got my new Fiber Connection from Deutsche Giganetz - provider is mentioned a few times for older releases of OPNsense on the forum.

I've some really strange issues that I would like to share, but first my Config:

The provider requires PPPoE on VLAN 7 on IPv6 and a GIF Tunnel (AFTR / RFC6333 https://www.lacnic.net/innovaportal/file/5522/1/ds-lite-en.pdf)

VLAN Config / PPPoE Config:

You cannot view this attachment.

WAN Config:

You cannot view this attachment.

So far good so good - working IPv6 Connectivity, with Track Interface also from LAN.



Now the tricky part configuring Legacy IP:

You cannot view this attachment.

Created a GIF Device, assigned it to a new Interface - tunnel comes up and I've IPv4 Connectivity. (Same AFIR that FritzBox automatically configures, with Tunnel IPs from RFC)

From a device in LAN I'm able to do ping and traceroute:

Code Select Expand

C:\Users\user>ping 1.1

Ping wird ausgeführt für 1.0.0.1 mit 32 Bytes Daten:
Antwort von 1.0.0.1: Bytes=32 Zeit=3ms TTL=57
Antwort von 1.0.0.1: Bytes=32 Zeit=4ms TTL=57
Antwort von 1.0.0.1: Bytes=32 Zeit=4ms TTL=57
Antwort von 1.0.0.1: Bytes=32 Zeit=4ms TTL=57

Ping-Statistik für 1.0.0.1:
    Pakete: Gesendet = 4, Empfangen = 4, Verloren = 0
    (0% Verlust),
Ca. Zeitangaben in Millisek.:
    Minimum = 3ms, Maximum = 4ms, Mittelwert = 3ms

C:\Users\user>tracert 1.1

Routenverfolgung zu one.one.one.one [1.0.0.1]
über maximal 30 Hops:

  1    <1 ms    <1 ms    <1 ms  OPNsense.localdomain [192.168.1.1]
  2     2 ms     2 ms     2 ms  100.83.142.141
  3     7 ms     3 ms     3 ms  100.83.140.62
  4     3 ms     3 ms     2 ms  100.83.140.234
  5     3 ms     2 ms     2 ms  100.83.140.33
  6     6 ms     4 ms     *     de-cix-frankfurt.as13335.net [80.81.193.129]
  7    39 ms     8 ms    18 ms  162.158.84.137
  8     4 ms     3 ms     3 ms  one.one.one.one [1.0.0.1]

From my understanding everything should be fine at this point - however it isn't.

Webpages that only support IPv4 are still broken in a really strange way - most webpages do not work, but there are also some exceptions:

For example, GitHub over HTTP works (returns redirect to HTTPS), Github over HTTPS does run into a timeout, a server that I started at netcup for testing works via IPv4.

On the firewall itself I can do a curl to https://github.com perfectly fine without any issues.

I don't see anything blocked in the livelog and there are only any rules, as I installed a new firewall for testing this.


This issue is soo strange that I'm out of ideas - with the FritzBox provided by GigaNetz everything is fine ...

I tried configuring an Outbound NAT for the Interface attached to the GIF Device, however that didn't help.

Would appriciate any ideas :)

[franco]

I'm leaning towards MTU issue but someone more versed in this can surely help here.

Just nice to see IPv6-only PPPoE is up and running after working on it for 25.1.  ;)


Cheers,
Franco

[jobraun2]

Something I also played around with - did some more try and error, adding 1452 MSS to the gif Interface and everything starts to work:

Seems to work - in case sombody has a better suggestion - I volunteer to test ;)


You cannot view this attachment.

[franco]

This seems like the right thing to do. The IPv6 header was not accounted for so packets were too big!


Cheers,
Franco