Trouble accessing certain websites

It looks someone has already documented this issue with the same router which I am using (RT-AX53U)

The fix was indeed lowering the MTU size to 1452 but on another post

It says its specific to OpenWRT build version 25.0.3 only, to be frank I want to avoid lowering down the MTU size and just leaving things as it is (default 1492)

This is the first time I am accessing this website: https://www.videolan.org/

When I do wget on my router I get timed out, same story when accessing it on my client devices so I am not sure if this so I am not sure if this issue was still present before 25.0.3.

But what's really odd is... I created a guest network using the OpenWRT guide and when accessing the same website on my guest network it loads up just fine? Can someone help me and pinpoint what is exactly causing this issue?

is the regular lan and the guest lan using the same DNSes ?

Yes. both use the router as a DNS server.

EDIT: Guest does not have IPv6 access however, would this be the cause?

and I assume you use the same device(s) to test this on both lans ?

Read 2nd thread you linked - MTU fixup is mostly no-op before current snapshot. Fix in thread.

I assume this is the fix? Also what do you mean by no-op?

EDIT: adding in tracepath results, there seems to be ipv6 connectivity issues from my ISP? even after the mentioned fix above?

root@OpenWrt:/etc/nftables.d# tracepath -4 -b www.videolan.org
 1?: [LOCALHOST]                      pmtu 1492
 1:  no reply
 2:  10.246.249.157 (10.246.249.157)                     895590.007ms
 3:  195.229.1.86 (195.229.1.86)                         731907.007ms
 4:  10.229.0.87 (10.229.0.87)                           342014.121ms
 5:  amsix-6k-1.routers.proxad.net (80.249.208.251)      123149.133ms asymm  6
 6:  bzn-9k-4-be1013.intf.routers.proxad.net (194.149.160.101) 343352.143ms asymm  7
 7:  bzn-9k-5-be1000.intf.routers.proxad.net (194.149.161.114) 387326.137ms
 8:  c4948-bzn-fdt.routers.proxad.net (212.27.40.58)     109012.135ms
 9:  goldeneye.videolan.org (213.36.253.2)               848657.138ms reached
     Resume: pmtu 1492 hops 9 back 10

root@OpenWrt:/etc/nftables.d# tracepath -6 -b www.videolan.org
 1?: [LOCALHOST]                      103863.000ms pmtu 1492
 1:  no reply
 2:  2001:8f8:3:9106::1 (2001:8f8:3:9106::1)             779852.006ms
 3:  2001:8f8:0:10:0:5:223:1 (2001:8f8:0:10:0:5:223:1)   61005.012ms
 4:  2001:8f8:0:10:0:21:62:a6 (2001:8f8:0:10:0:21:62:a6) 487057.116ms asymm  5
 5:  no reply
 6:  no reply
 7:  be5161.ccr41.par01.atlas.cogentco.com (2001:550:0:1000::8275:32e2) 812219.130ms asymm  8
 8:  no reply
 9:  2001:978:2:1b::88:2 (2001:978:2:1b::88:2)           294992.262ms asymm 14
10:  no reply
11:  2a01:e00:1e::5 (2a01:e00:1e::5)                     896940.256ms asymm 15
12:  c4948-fondation.intf.routers.proxad.net (2a01:e00:1:c::2) 174272.258ms asymm 16
13:  c4948-fondation.intf.routers.proxad.net (2a01:e00:1:c::2) 446307.254ms asymm 16
14:  ganesh.videolan.org (2a01:e0d:1:3:58bf:fa02:0:1)    755291.263ms asymm 18
15:  no reply
16:  no reply
17:  no reply
18:  no reply
19:  no reply
20:  no reply
21:  no reply
22:  no reply
23:  no reply
24:  no reply
25:  no reply
26:  no reply
27:  no reply
28:  no reply
29:  no reply
30:  no reply
     Too many hops: pmtu 1492
     Resume: pmtu 1492

Did you allow ICMPv6? That is not clearly documented that you need to allow specific icmpv6 in order to allow pmtu etc to function

It should be allowed on a stock OpenWRT install right?

image984×212 14.9 KB

There is a difference between forwarded mtu and local mtu handling.

Am I doing something wrong? I'm currently lost as to how to diagnose this issue...

No idea, ICMP reaches videolan infrastructure with your MTU.
Next try would be capturing web session with tcpdump/wireshark and trying to understand what breaks.
Can you access named websites bypassing OpenWRT?

I can't seem to when using mobile data on my phone when accessing the VLC page.

EDIT: On my offshore VPS it works fine, before resetting my OpenWRT I had this issue as well but I was playing around with VLAN IDs, IPTV thinking that something broke so I decided to just full reset my OpenWRT back to stock but it looks like I'm still facing this issue.

My guest interface for some reason can connect to the VLC page, before resetting my OpenWRT I had Wireguard setup on my home router and when I was connected to it even that allowed me to view the VLC page normally without any of these problems... I've setup Wireguard with IPv6 access as well so I am not exactly sure what's causing these issues... perhaps Wireguard's MTU was set much lower than 1492?

You can set pppoe-wan-s MTU to 1280 (ifconfig pppoe-wan mtu 1280) and try again.

Doing this seems to completely cut off my internet. Do I need to restart my interface?

Restart restores default back.

It seems like setting MTU to 1280 completely kills my internet... only way to regain connectivity was to restart it

It looks like there are many websites which are timing out now including forum.netgate.com, it shows blacklisted-ip

image839×117 4.02 KB

I doubt the nftables fix aids my issue? but lowering MTU seems to fix it... any idea what's exactly causing this? However, lowering it too low to 1280 just disconnects my internet.

EDIT: This seems to be a deeply routed IPv6 problem, disabling IPv6 all together fixes my issue but why and how...? if I don't disable IPv6 but lower MTU that fixes as well

I think those firewall rules should be ok.

One other suggestion: is the issue restricted to a windows laptop? I had the same, all other devices ipv6 it worked correctly. My guess was incorrect handling of windows for icmpv6 or something. I disabled ipv6 at one point, somehow that got fixed by a windows (driver?) update I think.

Issue seems to be persistent with other devices as well, not a Windows only issue. I want to blame my ISP here but I'm not sure if it's really an issue on their end or mine...

I have seen on fresh ip6 allocation that for first few weeks it was captcha loop everywhere.