Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 
956 posts

Ultimate Geek
+1 received by user: 346
Inactive user


  Reply # 1307907 19-May-2015 18:22
Send private message

Out of interest where did you enable MSS clamping on pfsense?



217 posts

Master Geek
+1 received by user: 10


  Reply # 1308066 19-May-2015 22:21
Send private message

Interfaces menu --> WAN - In the top section under your WAN device configuration.

I set this to 1460.





956 posts

Ultimate Geek
+1 received by user: 346
Inactive user


  Reply # 1308090 19-May-2015 22:53
Send private message

So obvious.. must've glanced over that so many times -_-

346 posts

Ultimate Geek
+1 received by user: 69


  Reply # 1308105 20-May-2015 03:02
Send private message

bonkas, I was wondering why you are having problems with the packet sizes, as IPv6 is supposed to handle that properly.  So is pfSense by any chance set up to drop ICMPv6 packets coming into your network?  Unlike IPv4, IPv6 requires quite a few ICMPv6 packet types in order to be able to work properly.  If you want full information on this, take a look at the relevant RFC:

  https://www.ietf.org/rfc/rfc4890.txt

But the absolute minimum ICPMv6 types needed (copied from the RFC) are:

 

   o  Destination Unreachable (Type 1) - All codes

 

o Packet Too Big (Type 2)

 

o Time Exceeded (Type 3) - Code 0 only

 

o Parameter Problem (Type 4) - Codes 1 and 2 only

 

In particular, if it is dropping Packet Too Big packets, then you are guaranteed to have packet size problems as MTU Path Discovery will not work, and IPv6 will never fragment packets when they are too big, they will just be dropped.



217 posts

Master Geek
+1 received by user: 10


  Reply # 1308159 20-May-2015 08:55
Send private message

pfsense blocks incoming ICMP traffic by default - This is something I had not thought of. I will try opening this up and see if anything changes.

I was not seeing any blocked ICMP traffic in the firewall logs either which is strange, like it being blocked further up the chain.





346 posts

Ultimate Geek
+1 received by user: 69


  Reply # 1308687 20-May-2015 17:56
Send private message

You probably need to allow IPv4 ICMP "Packet Too Big" packets in as wll now - modern TCP/IP stacks use MTU Path Discovery in IPv4 also, but they fall back to fragmenting packets if necessary.  I allow in pretty much the same IPv4 ICMP packets as I do for ICMPv6.



217 posts

Master Geek
+1 received by user: 10


  Reply # 1308708 20-May-2015 18:15
Send private message

I have allowed all ICMP traffic fo IPv4 and IPv6, I can get to facebook on my desktop now but many images, scrips are not loading. Websites such as geekzone are loading indefinately as it is failing to connect to the google ad services etc.







217 posts

Master Geek
+1 received by user: 10


  Reply # 1308830 20-May-2015 20:33
Send private message

Hmm Okay it was my PC being wierd. After adding the firewall rules and refreshing my network adaptor I get 10/10 for test.ipv6.com but same old issues of pages not fully loading, no facebook, google services, one drive not working etc etc.

I can only resolve this with mss clamping.

I have disable ipv6 again so I can get some work done.

Reading Many, many articles on the issue but have not come up with any solutions yet.

Can anyone else running pfsense through snap with IPv6 enabled let me know of your settings?





795 posts

Ultimate Geek
+1 received by user: 261

Trusted

  Reply # 1308899 20-May-2015 21:49
One person supports this post
Send private message

If MSS clamping solves the issue why not leave it on?



217 posts

Master Geek
+1 received by user: 10


  Reply # 1309852 22-May-2015 12:51
Send private message

Lorenceo: If MSS clamping solves the issue why not leave it on?


Although this appeared to resolve the issue. I was being yelled at by the missus when one of her "obscure" websites I would never visit wasnt working.

Easiest way out was to disable ipv6 for now and keep the peace at home :)

I will be away this weekend so wont be able to try again but I am still keen to get this working 100%, just gotta trackdown where the issue is to resolve this 100%.





141 posts

Master Geek
+1 received by user: 40


  Reply # 1309873 22-May-2015 13:28
Send private message

^ try dropping the segment size even lower, i'd start at 1420-1430 then tweak

266 posts

Ultimate Geek
+1 received by user: 26


  Reply # 1334625 1-Jul-2015 08:43
Send private message

Did you have any luck with this bonkas? I'm about to try and get this working with pfsense on WXC and was curious about your end result.



217 posts

Master Geek
+1 received by user: 10


  Reply # 1334684 1-Jul-2015 09:31
Send private message

sorceror: ^ try dropping the segment size even lower, i'd start at 1420-1430 then tweak


I haven't had a chance to try this.

Although changing the clamping and segment size seems to have resolved some websites.. Mobile Facebook, TVNZ On Demand, Spotify refuse to work at all - Among other obscure websites.

For now I have turned IPv6 off as the downtime testing this is a real inconvenience.

I will need some motivation to try again as everything is working with it off and I dont "need" IPv6 haha





1 | 2 | 3 | 4 
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Cove sells NZ's first insurance policy via chatbot
Posted 25-Jun-2018 10:04


N4L helping TAKA Trust bridge the digital divide for Lower Hutt students
Posted 18-Jun-2018 13:08


Winners Announced for 2018 CIO Awards
Posted 18-Jun-2018 13:03


Logitech Rally sets new standard for USB-connected video conference cameras
Posted 18-Jun-2018 09:27


Russell Stanners steps down as Vodafone NZ CEO
Posted 12-Jun-2018 09:13


Intergen recognised as 2018 Microsoft Country Partner of the Year for New Zealand
Posted 12-Jun-2018 08:00


Finalists Announced For Microsoft NZ Partner Awards
Posted 6-Jun-2018 15:12


Vocus Group and Vodafone announce joint venture to accelerate fibre innovation
Posted 5-Jun-2018 10:52


Kogan.com to launch Kogan Mobile in New Zealand
Posted 4-Jun-2018 14:34


Enable doubles fibre broadband speeds for its most popular wholesale service in Christchurch
Posted 2-Jun-2018 20:07


All or Nothing: New Zealand All Blacks arrives on Amazon Prime Video
Posted 2-Jun-2018 16:21


Innovation Grant, High Tech Awards and new USA office for Kiwi tech company SwipedOn
Posted 1-Jun-2018 20:54


Commerce Commission warns Apple for misleading consumers about their rights
Posted 30-May-2018 13:15


IBM leads Call for Code to use cloud, data, AI, blockchain for natural disaster relief
Posted 25-May-2018 14:12


New FUJIFILM X-T100 aims to do better job than smartphones
Posted 24-May-2018 20:17



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.