Hurricane Electric IPv6 tunnel MTU

atownlede · January 17, 2022, 10:16pm

I've recently set up a 6in4 IPv6 tunnel via Hurricane Electric, following the guide at https://openwrt.org/docs/guide-user/network/ipv6/ipv6tunnel-luci
or https://openwrt.org/docs/guide-user/network/ipv6/ipv6_henet
It mostly works, but I have noticed what seems to be an MTU discrepancy.
The default MTU is showing in LuCI as 1280, and is not set in my config file, but the MTU as configured by the HE tunnel broker is 1480.
I think that's the likely cause of these ICMP6 complaints I see when watching the tunnel with tcpdump while experimenting to see if Verizon Wireless's WiFi calling works over pure IPv6 (addresses redacted)

14:14:36.169105 IP6 2001:VZW:IPV6::ADDR > 2001:IPHONE:HOME::ADDRESS: ESP(spi=0x0df106b2,seq=0xfe), length 1396
14:14:36.169335 IP6 2001:IFACE:ADDR::1 > 2001:VZW:IPV6::ADDR: ICMP6, packet too big, mtu 1280, length 1240

So:

I should configure the 6in4 with network.wan6.mtu='1480' to match? Or is it better to change the tunnel size at HE to 1280? If I'm going to run VPN ingress over this tunnel (at least for experiments--more likely that makes no long term sense, better to have the ingress over the native IPv4 from the ISP), does it matter which MTU I choose?
Do those wiki pages need an update to indicate that the MTU should be configured to match the tunnel (as seen on the tunnel's advanced tab at HE)?

root@LEDE:~# ifconfig 6in4-wan6
6in4-wan6 Link encap:IPv6-in-IPv4  
          inet6 addr: 2001:REDACTED::2/64 Scope:Global
          inet6 addr: fe80::REDACTED/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP  MTU:1280  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
root@LEDE:~# ubus call system board
{
	"kernel": "5.4.143",
	"hostname": "LEDE",
	"system": "ARMv7 Processor rev 0 (v7l)",
	"model": "Netgear Nighthawk X4S R7800",
	"board_name": "netgear,r7800",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.0",
		"revision": "r16279-5cc0535800",
		"target": "ipq806x/generic",
		"description": "OpenWrt 21.02.0 r16279-5cc0535800"
	}
}

root@LEDE:~# uci show network.wan6
network.wan6=interface
network.wan6.proto='6in4'
network.wan6.peeraddr='209.51.161.14'
network.wan6.ip6addr='2001:REDACTED::2/64'
network.wan6.ip6prefix='2001:REDACTED::/48'
network.wan6.tunnelid='REDACTED'
network.wan6.username='REDACTED'
network.wan6.password='REDACTED'

mikma · January 17, 2022, 10:28pm

Yes if possible, higher is better since it should mean higher throughput. (If you use pppoe or another type of link that reduces your MTU, then you need to use a lower MTU at HE. But it shouldn't be the case if your current configuration works.)

slh · January 18, 2022, 3:43am

In my case the necessary setting was option mtu '1424' (keep in mind the IPv6 mtu will be smaller, but at least 1280 bytes) - sadly I can't test it anymore (cgNAT).

system · January 28, 2022, 3:44am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.