Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

17 posts


#146854 31-May-2014 10:52
Send private message

Not sure if this is the best place to post this but the fritz box official forum is dead..

Anyway, here's the issue.

For IPv6 web browsing to work properly, you need to have ICMPv6 Type 2 forwarded to your internal devices. ICMP Type 2 is "Packet too big". IPv6 uses this ICMP type to achieve path MTU discovery, as IPv6 packets are not allowed to fragment.

If a hop on the route or the endpoint has an MTU that's smaller than the packet, the packet is dropped and an ICMP type 2 packet is sent back to the source IP with the node's MTU size. The source then resends a packet of that size until a packet finally reaches the destination, of a size that matches the smallest MTU on the path.

Still with me? That being the case, it's important to ensure ICMP type 2 packets can get into your network, otherwise your devices will never know their outbound packets are too big and the connection will fail.

On the fritz box, you can enable IPv6 port forwarding for your IPv6 hosts based on the interface address. You find this in Internet --> Allow access --> IPv6 tab. When you add a host from the drop down or type the interafce address in manually, you have an option for "Ping6", which is a bit of a misnomer because ping is just one type of many ICMP types, and this rule seems to allow all ICMP types through. (there's also a bug that means you have to save then re-enter to delete the port 80 rule)

Ok great, so we can forward ICMP type 2 through the fritz to our internal devices.

BUT, and it's a huge but, some operating systems, like Android 4.2 onwards, iOS and Linux use "privacy extensions", that is to say when you make an outbound connection, the interface address is NOT the EUI64 address that you can see in the Fritz Box IPv6 port forwarding. Furthermore, you can't manually add your privacy interface address because it changes every hour.

Therefore, your incoming ICMP type 2 packets are dropped by the fritz box, as there's no inbound rule that matches the outgoing interface address.

In Windows and Linux, turning this feature off is trivial. I think in Windows it's off by default.

You can root your Android device and turn it off, but it's a bit hacky and beyond the scope of most home users, and you certainly don't want to be doing this to every android device that comes into your network. iOS you're stuffed whatever.

The issue this causes, is that some websites don't respond or respond sporadically. In my home network, with IPv6 on, I basically can't access Facebook on any mobile devices because of this. Visit a site like and you can see the issue in the report.

Devices with Privacy extensions switched off don't suffer from this as long as you've forwarded "ping6" in the fritz boz as described above.

I am certainly not the only one who's experiencing this. I expect many Snap customers with Fritz boxes will be using IPv6 without even knowing it and will be having issues with IPv6 enabled sites like Facebook.

I would be very surprised if the fritz box developers aren't aware of this issue.

When setting up IPv6 on an enterprise network, using an enterprise grade firewall you have to create a rule like "from any ip6 address, to any ip6 address, allow icmp type2" in both directions across all your interfaces.

You just can't do this in the Fritz Box.

I can't be the only one who's struck this, so I must be missing something. Help please!

Create new topic
BDFL - Memuneh
65596 posts

Uber Geek

Lifetime subscriber

  #1056997 31-May-2014 11:15
Send private message

Moved this to the LAN/Routers forum as it's not a Snap specific post, it seems.

17 posts


  #1057013 31-May-2014 11:52
Send private message

I guess not, but there won't be many in NZ using a Fritz box with IPv6 who are not on Snap.


3885 posts

Uber Geek


  #1057071 31-May-2014 13:45

Thanks for this splodge.
Im on Snap UFB using an Edge Router Lite instead of the fritz box. Haven't bothered setting up IPv6 yet due to all the threads saying it causes problems and the only fix being suggested being "turn off IPv6" Now when I get round to setting it up I know what to do to get IPv6 working properly.

17 posts


  #1057154 31-May-2014 17:09
Send private message

Ok, so I have found a suitable workaround for this issue.

In the Fritz box, go Internet --> Account Information --> IPv6 tab and scroll to the bottom. Click Set MTU manually and leave it at 1280 bytes and click Apply. This now sets the MTU size of the client machines via Router Advertisement to be 1280, the smallest possible MTU, so your client devices will never create a condition that causes a packet too big ICMP message to be returned.

It's not ideal that you have to effectively break a fundamental rule of IPv6 and create unnecessary overhead with a small MTU to get IPv6 working properly on a Fritz Box, but it is what it is I guess. Snap should be setting this option for all users by default until such time as AVM release a properly IPv6 compatible firmware.

84 posts

Master Geek


  #1057448 1-Jun-2014 11:27
Send private message

Have you tried using tracepath6 (linux) to see if you can 'get away' with a larger value than the min spec you've set ?

'That VDSL Cat'
11692 posts

Uber Geek


  #1057453 1-Jun-2014 11:44
Send private message

this is an interesting work around indeed..

#include <std_disclaimer>


Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.


457 posts

Ultimate Geek

  #1057577 1-Jun-2014 15:11
Send private message

Interesting indeed.

Just as interesting was when I went to apply this workaround. Though the MTU options were not selected, the greyed out MTU value was already 1280.

Time to hit up some sites I been having issues with....

 Click to see full size




17 posts


  #1057661 1-Jun-2014 18:39
Send private message

nickt: Have you tried using tracepath6 (linux) to see if you can 'get away' with a larger value than the min spec you've set ?

You'er always going to end up finding MTUs of 1280 on the IPv6 Internet. 1280 MTU is the standard for any tunnelled IPv6 over IPv4 type setup.

Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Withings launches three new devices to help monitor heart health from home
Posted 13-Feb-2020 20:05

Auckland start-up Yourcar matches new car buyers with dealerships
Posted 13-Feb-2020 18:05

School gardens go high tech to teach kids the importance of technology
Posted 13-Feb-2020 11:10

Malwarebytes finds Mac threats outpace Windows for the first time
Posted 13-Feb-2020 08:01

Amazon launches Echo Show 8 in Australia and New Zealand
Posted 8-Feb-2020 20:36

Vodafone New Zealand starts two year partnership with LetsPlay.Live
Posted 28-Jan-2020 11:24

Ring launches indoor-only security camera
Posted 23-Jan-2020 17:26

New report findings will help schools implement the digital technologies curriculum content
Posted 23-Jan-2020 17:25

N4L to upgrade & support wireless internet inside schools
Posted 23-Jan-2020 17:22

Netflix releases 21 Studio Ghibli works
Posted 22-Jan-2020 11:42

Vodafone integrates eSIM into device and wearable roadmap
Posted 17-Jan-2020 09:45

Do you need this camera app? Group investigates privacy implications
Posted 16-Jan-2020 03:30

JBL launches headphones range designed for gaming
Posted 13-Jan-2020 09:59

Withings introduces ScanWatch wearable combining ECG and sleep apnea detection
Posted 9-Jan-2020 18:34

NZ Police releases public app
Posted 8-Jan-2020 11:43

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.