Project

General

Profile

Actions

Bug #14290

closed

ICMPv6 Path MTU Discovery breaks with NPT

Added by Philip S over 1 year ago. Updated 8 months ago.

Status:
Resolved
Priority:
Normal
Category:
Routing
Target version:
Start date:
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
24.03
Release Notes:
Default
Affected Version:
Affected Architecture:

Description

I have the following setup:

Tunnel via HE.net
Internal Prefix on LAN: 2001:db8:1::1/64
Routed /48 from HE: 2001:db8:2::/48

NPt is setup on GIF interface like this:
Internal Prefix: 2001:db8:1::/48
External Prefix: 2001:db8:2::/48
MTU Set to 1452 on HE and local tunnel interface, LAN interface set to 1500

I check test-ipv6.com and see it complains about MTU issues, I then test pmtu with tracepath from a linux machine while watching tcpdump for icmp6 I see no packet to large messages
when I disable NPt I immediately get the correct ICMPv6 too large replies, same when I have tracepath running while changing config on the tunnel interface and hit apply

but as soon as NPt is enabled, no more ICMPv6 too large messages

pfSense 23.01-RELEASE (arm) on SG-3100

Actions

Also available in: Atom PDF