Hello,
I'm currently looking into a problem with ip6 traffic in gue tunneling/encapsulation over an ip6 network.
I don't exactly know where to ask, but since it seems that this problem only affects the Edge Router X and not my workstation PC, I assume that this problem is rooted somewhere in the ERX platform support by OpenWRT. I further assume that the problem lies somewhere in the kernel because all operations involving the ip tunnel are handled in kernel and it doesn't seem like userspace is involved at all. The router is running the master branch from the OpenWRT git repository with the 4.14.121 kernel. My workstation is running the 4.19.46 kernel.
This is the script I use to set up the tunneling:
# To be executed on the router
export systemA='2a06:redacted::163'
export systemB='2a06:redacted::21'
ip fou add port 9191 gue -6
ip link add name fou type ip6tnl \
remote "$systemB" local "$systemA" \
encap gue encap-dport 9191 encap-sport 9191 mode any
ip link set up dev fou
ip addr add 'fe80::1' dev fou
# To be executed on the workstation
export systemA='2a06:redacted::163'
export systemB='2a06:redacted::21'
ip fou add port 9191 gue -6
ip link add name fou type ip6tnl \
remote "$systemA" local "$systemB" \
encap gue encap-dport 9191 encap-sport 9191 mode any
ip link set up dev fou
ip addr add 'fe80::2' dev fou
This works and the interfaces are allocated properly. When I try to ping the workstation from the ERX device now it seems that the packets sent by the router have the wrong UDP checksum though. This is taken from wireshark:
Internet Protocol Version 6, Src: 2a06:redacted::163, Dst: 2a06:redacted::21
0110 .... = Version: 6
.... 0000 0000 .... .... .... .... .... = Traffic Class: 0x00 (DSCP: CS0, ECN: Not-ECT)
.... .... .... 1101 0000 1111 0000 0001 = Flow Label: 0xd0f01
Payload Length: 124
Next Header: Destination Options for IPv6 (60)
Hop Limit: 64
Source: 2a06:redacted::163
Destination: 2a06:redacted::21
Destination Options for IPv6
Next Header: UDP (17)
Length: 0
[Length: 8 bytes]
Tunnel Encapsulation Limit
PadN
User Datagram Protocol, Src Port: 9191, Dst Port: 9191
Source Port: 9191
Destination Port: 9191
Length: 116
Checksum: 0x2272 incorrect, should be 0xec0d (maybe caused by "UDP checksum offload"?)
[Checksum Status: Bad]
[Stream index: 69]
[Timestamps]
Data (108 bytes)
Data: 00290000600d0f0100403a40fe8000000000000000000000…
[Length: 108]
Packets sent from my workstation are fine though and have the correct checksum. It also seems that this only affects the traffic that goes through this tunnel since any other UDP traffic has a correct checksum. What's the problem here and how do I fix this?