Sixxs + pfSense + PPPoE ISP
Shadow Hawkins on Sunday, 21 June 2015 08:47:26
Hello forum,
I am trying to get my Sixxs connection working properly with my pfSense router/firewall and my new VDSL PPPoE ISP connection.
Some background: At my old home I had a fiber connection and my sixxs/ipv6 setup was working perfectly with the same router/firewall in question. After having moved homes only VDSL was available to me. My ISP uses PPPoE for the session negotiation.
I have successfully set up my pfSense to initiate the PPPoE connection and IPv4 is working dandy.
I have updated my Sixxs settings to reflect the new network. My subnets are being transported, RAs are working fine and clients are being provided IPv6. I can even ping ipv6 sites perfectly.
# ping6 ipv6.google.com
PING ipv6.google.com(arn09s05-in-x0e.1e100.net) 56 data bytes
64 bytes from arn09s05-in-x0e.1e100.net: icmp_seq=1 ttl=49 time=47.5 ms
I am however not able to initiate TCP connections properly. Connections happen, but are extremely slow and can take minutes to load, if they don't time out. I have checked with tcpdump (and taken in the fact that this setup was working before) and traffic DOES pass, so this is not a firewall issue.
After googling and looking around, I believe my problem is related to the new PPPoE connection and MTU sizes. I might be missing the target, so please let me know if I am looking in the wrong place.
Anyway, I have tried to change the MTU size on my client (tried different sizes) and I have tried to modify the MTU size of my Sixxs interface in pfSense. My sixxs tunnel is set to the default 1280 size.
Are there any suggestions to what I could try to make this work properly?
Sixxs + pfSense + PPPoE ISP
Jeroen Massar on Sunday, 21 June 2015 09:23:25 I am however not able to initiate TCP connections properly.
That indicates an MTU issue.
After googling and looking around, I believe my problem is related to the new PPPoE connection and MTU sizes.
PPPoE is typically at an MTU of 1480. Check your interface to be sure.
My sixxs tunnel is set to the default 1280 size.
1280 should do the trick as that is less than 1480 and also the minimum for IPv6.
Are there any suggestions to what I could try to make this work properly?
Check that the actual running configuration is correct.
Then check with tracepath6 that things are going correctly too.
Then remember that Google drops ICMPv6 (pings are handled by a special box) and thus does not handle ICMPv6 PTB and that they force it to some random value they magically selected. Hence, testing against Google is a bad idea. Other "cloud" providers have the same problem (facebook seems to do it correctly though)
Sixxs + pfSense + PPPoE ISP
Shadow Hawkins on Sunday, 21 June 2015 10:42:08
Jeroen Massar wrote:
That indicates an MTU issue.
Good - that means I am not completely missing the point here! :)
PPPoE is typically at an MTU of 1480. Check your interface to be sure.
I did not touch the MTU of my interface. I presume that means the PPPoE connection will negotiate it?
Check that the actual running configuration is correct.
Then check with tracepath6 that things are going correctly too.
Then remember that Google drops ICMPv6 (pings are handled by a special box) and thus does not handle ICMPv6 PTB and that they force it to some random value they magically selected. Hence, testing against Google is a bad idea. Other "cloud" providers have the same problem (facebook seems to do it correctly though)
I have tried rebooting the pfSense box and all, so the configuration should be the correct one.
I tried a tracepath6 to facebook.com, and got the following
$ tracepath6 facebook.com
1?: [LOCALHOST] 0.073ms pmtu 1280
1: gw-265.osl-01.no.sixxs.net 44.655ms asymm 2
1: gw-265.osl-01.no.sixxs.net 31.755ms asymm 2
2: sixxs-oslo-demarc0.cust.ip6.p80.net 21.438ms
3: 2002-sixxs.cr0-r23.ver-osl.no.ip6.p80.net 22.403ms
4: gi6-3.no.osl.hmg9.cr0.port80.se 21.400ms
5: 2a01:2b0:0:2c::1 28.643ms asymm 9
6: 2a01:2b0:0:40::1 31.909ms asymm 10
7: 2a01:2b0:0:44::1 32.314ms asymm 11
8: no reply
9: no reply
10: no reply
11: no reply
...continue...
till
31: no reply
Too many hops: pmtu 1280
Resume: pmtu 1280
To me this would indicate that I have successfully left my own network though.. correct?
I tried the same towards google.com (despite that being a poor test according to previous post)
$ tracepath6 google.com
1?: [LOCALHOST] 0.023ms pmtu 1280
1: gw-265.osl-01.no.sixxs.net 20.537ms asymm 2
1: gw-265.osl-01.no.sixxs.net 20.923ms asymm 2
2: sixxs-oslo-demarc0.cust.ip6.p80.net 22.940ms
3: 2002-sixxs.cr0-r23.ver-osl.no.ip6.p80.net 21.625ms
4: gi6-3.no.osl.hmg9.cr0.port80.se 22.181ms
5: 2a01:2b0:0:2c::1 28.369ms asymm 9
6: sejar0001-rc3.ip-only.net 66.521ms asymm 8
7: 2a01:2b0:0:18::2 59.526ms
8: no reply
9: no reply
10: no reply
Same result.
Any further ideas?
Sixxs + pfSense + PPPoE ISP
Jeroen Massar on Sunday, 21 June 2015 15:33:48 Good - that means I am not completely missing the point here! :)
Well, it is just a 'most likely reason', does not actually have to be the problem.
I did not touch the MTU of my interface. I presume that means the PPPoE connection will negotiate it?
Likely. Your system should tell you what the values are.
I have tried rebooting the pfSense box and all, so the configuration should be the correct one.
A reboot does not resolve broken configurations.
You need to check the actually running configurations.
I tried a tracepath6 to facebook.com, and got the following
Showing that they filter ICMPv6 at one point too... very useful for diagnosis.
31: no reply Too many hops: pmtu 1280 Resume: pmtu 1280
Your first hop indicates 1280, thus the rest will be 1280 too.
Any further ideas?
Does www.sixxs.net work?
As then it is not the connectivity, but the filtering of ICMPv6 PTBs which is hurting you.
That is, one likely possibility.
Sixxs + pfSense + PPPoE ISP
Shadow Hawkins on Sunday, 21 June 2015 15:42:02
Jeroen Massar wrote:
Does www.sixxs.net work?
As then it is not the connectivity, but the filtering of ICMPv6 PTBs which is hurting you.
That is, one likely possibility.
No IPv6 sites seem to work :(
Sixxs + pfSense + PPPoE ISP
Shadow Hawkins on Sunday, 21 June 2015 16:28:03
Kristoffer Milligan wrote:
Jeroen Massar wrote:
Doing a tcpdump on my test machine I tried to access ipv6.google.com from my browser and I saw these:
Does www.sixxs.net work?
As then it is not the connectivity, but the filtering of ICMPv6 PTBs which is hurting you.
That is, one likely possibility.
No IPv6 sites seem to work :(
18:18:02.481908 IP6 (hlim 64, next-header TCP (6) payload length: 32) 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.38520 > arn09s05-in-x0e.1e100.net.http: Flags [F.], cksum 0xafa0 (incorrect -> 0x5846), seq 1190742789, ack 1853549693, win 191, options [nop,nop,TS val 7784397 ecr 1422970217], length 0
18:18:02.483472 IP6 (hlim 64, next-header TCP (6) payload length: 40) 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.38530 > arn09s05-in-x0e.1e100.net.http: Flags [S], cksum 0xafa8 (incorrect -> 0xf3db), seq 451279862, win 12200, options [mss 1220,sackOK,TS val 7784398 ecr 0,nop,wscale 6], length 0
18:18:02.483648 IP6 (hlim 64, next-header TCP (6) payload length: 40) 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.38531 > arn09s05-in-x0e.1e100.net.http: Flags [S], cksum 0xafa8 (incorrect -> 0x1096), seq 2781893712, win 12200, options [mss 1220,sackOK,TS val 7784398 ecr 0,nop,wscale 6], length 0
Some packets have incorrect checksums, others are OK.
18:18:02.529170 IP6 (hlim 49, next-header TCP (6) payload length: 20) arn09s05-in-x0e.1e100.net.http > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.38520: Flags [R], cksum 0x0ea6 (correct), seq 1853549693, win 0, length 0
18:18:02.530281 IP6 (hlim 49, next-header TCP (6) payload length: 40) arn09s05-in-x0e.1e100.net.http > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.38531: Flags [S.], cksum 0xef5b (correct), seq 4035029217, ack 2781893713, win 28560, options [mss 1410,sackOK,TS val 1423110731 ecr 7784398,nop,wscale 7], length 0
Are these an indication of something that is wrong?
At least this will also show packets are travelling through the network and not being blocked by firewall etc.
It might also be worth mentioning that sixxs sees me online, I can ping6 any host and everything seems to work fine apart from TCP.
Thanks a bunch for taking the time to look at this.
Sixxs + pfSense + PPPoE ISP
Jeroen Massar on Sunday, 21 June 2015 18:06:14 Doing a tcpdump on my test machine I tried to access ipv6.google.com from my browser and I saw these:
Don't test against Google or Facebook or any other such CDN/load-balanced setup.
They do all kind of tricks with their networks that make debugging very tricky as you might not be talking to the same host all the time.
Some packets have incorrect checksums, others are OK. [..]
Are these an indication of something that is wrong?
Not always. The Network Card itself might 'speed up' things and then checksums suddenly are useless.
See for instance https://wiki.wireshark.org/CaptureSetup/Offloading
It might also be worth mentioning that sixxs sees me online
What part states 'online'?
I can ping6 any host and everything seems to work fine apart from TCP.
Sounds a lot like an MTU/PTB issue.
Check if with wireshark you see ICMPv6 PTBs at all. You should be seeing them on your host.
Are you maybe firewalling things away?
Sixxs + pfSense + PPPoE ISP
Shadow Hawkins on Monday, 22 June 2015 06:50:12
Jeroen Massar wrote:
Don't test against Google or Facebook or any other such CDN/load-balanced setup.
They do all kind of tricks with their networks that make debugging very tricky as you might not be talking to the same host all the time.
Duly noted. I am experiencing the same behaviour to ALL IPv6 enabled sites though.
What part states 'online'?
I stand corrected. Sixxs does not 'state' me online. The ping plotter is happy with me though, and I am not receiving notifications about being offline.
Sounds a lot like an MTU/PTB issue.
Check if with wireshark you see ICMPv6 PTBs at all. You should be seeing them on your host.
Are you maybe firewalling things away?
My firewall should be getting PTBs, or my test machine?
I can definitely see ICMP requests coming in and being replied to from sixxs. When I attempt to access ipv6 enabled sites, I can trace the traffic and see that it moves through my entire network.
I followed this guide, https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker , to connect with Sixxs .
In short, everything seems OK, apart from not working! There is no firewall stopping outgoing IPv6.
I have no idea what further to test I'm afraid.
Sixxs + pfSense + PPPoE ISP
Jeroen Massar on Monday, 22 June 2015 07:03:58 My firewall should be getting PTBs, or my test machine?
Your firewall should be forwarding/routing the packets thus should be seeing them.
But as your 'test machine' is the source of a packet it also should see them.
Of course, if your firewall blocks it either way then it won't work.
I can definitely see ICMP requests coming in and being replied to from sixxs.
You are likely thinking of Echo Requests. ICMP does a lot more than that.
When I attempt to access ipv6 enabled sites, I can trace the traffic and see that it moves through my entire network.
I followed this guide, https://doc.pfsense.org/index.php/Using_IPv6_with_a_Tunnel_Broker , to connect with Sixxs .
A guide does not mean it matches running configuration; let alone that that guide is even remotely correct.
For instance that guide mentions enabling IPv4 ICMP, which is quite meaningless for a static proto-41 tunnel. Now of course one should always enable ICMP, but that they explicitly state that one has to enable it kind of also means that it otherwise is off, that while ICMP is a required part to make IP work, especially because of MTU.
In short, everything seems OK, apart from not working! There is no firewall stopping outgoing IPv6.
Are you sure? Many locations can have firewalling-alike rules.
Also running Config might not match Configured Config...
Hence: check everything.
Sixxs + pfSense + PPPoE ISP
Shadow Hawkins on Monday, 22 June 2015 08:13:48
Jeroen Massar wrote:
Hence: check everything.
I am in the process. Also, I found this. I did a packet capture whilst performing a test with test-ipv6.com, and found the following traffic communication:
10:10:24.356988 IP6 2a00:1450:400f:804::200e.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104: tcp 0
10:10:24.357831 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 0
10:10:24.358561 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:24.556800 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37094 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:24.602423 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:24.790472 IP6 2a00:1450:400f:804::200e.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104: tcp 0
10:10:24.791141 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 0
10:10:24.910877 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35413 > 2001:470:1:18::119.80: tcp 1384
10:10:25.050408 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37094 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:25.086773 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59645 > 2001:470:1:18::1280.80: tcp 1208
10:10:25.090393 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:26.042513 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37094 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:26.066434 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:26.197335 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35434 > 2001:470:1:18::119.80: tcp 0
10:10:26.197687 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 0
10:10:26.197851 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35436 > 2001:470:1:18::119.80: tcp 0
10:10:26.198489 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35437 > 2001:470:1:18::119.80: tcp 0
10:10:26.378995 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35434: tcp 0
10:10:26.379715 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35434 > 2001:470:1:18::119.80: tcp 0
10:10:26.380210 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35437: tcp 0
10:10:26.380816 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35437 > 2001:470:1:18::119.80: tcp 0
10:10:26.382701 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435: tcp 0
10:10:26.383268 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 0
10:10:26.385446 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35436: tcp 0
10:10:26.386071 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35436 > 2001:470:1:18::119.80: tcp 0
10:10:26.455522 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 0
10:10:26.465375 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35426 > 2001:470:1:18::119.80: tcp 383
10:10:26.501952 IP6 2a00:1450:400f:804::200e.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110: tcp 0
10:10:26.502638 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 0
10:10:26.503145 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:26.512079 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35429 > 2001:470:1:18::119.80: tcp 377
10:10:26.540489 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35411 > 2001:470:1:18::119.80: tcp 373
10:10:26.589505 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35405 > 2001:470:1:18::119.80: tcp 379
10:10:26.613454 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59644 > 2001:470:1:18::1280.80: tcp 1208
10:10:26.613706 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59644 > 2001:470:1:18::1280.80: tcp 789
10:10:26.635634 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35415 > 2001:470:1:18::119.80: tcp 380
10:10:26.661949 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 1384
10:10:26.662026 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 608
10:10:26.750443 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:26.790903 IP6 2a00:1450:400f:804::200e.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104: tcp 0
10:10:26.791643 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 0
10:10:26.822393 IP6 2a00:1450:400f:804::200e.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110: tcp 0
10:10:26.823982 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 0
10:10:27.026555 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35426 > 2001:470:1:18::119.80: tcp 383
10:10:27.051008 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35429 > 2001:470:1:18::119.80: tcp 377
10:10:27.102521 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35411 > 2001:470:1:18::119.80: tcp 373
10:10:27.150536 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35405 > 2001:470:1:18::119.80: tcp 379
10:10:27.174783 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59644 > 2001:470:1:18::1280.80: tcp 1208
10:10:27.198514 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35415 > 2001:470:1:18::119.80: tcp 380
10:10:27.222891 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 1384
10:10:27.246422 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:27.419711 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435: tcp 0
10:10:27.419861 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35436: tcp 0
10:10:27.419965 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35434: tcp 0
10:10:27.420504 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 0
10:10:27.420665 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35436 > 2001:470:1:18::119.80: tcp 0
10:10:27.420991 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35434 > 2001:470:1:18::119.80: tcp 0
10:10:27.488330 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35421 > 2001:470:1:18::119.80: tcp 0
10:10:27.488483 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59647 > 2001:470:1:18::1280.80: tcp 0
10:10:27.819679 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35437: tcp 0
10:10:27.820405 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35437 > 2001:470:1:18::119.80: tcp 0
10:10:28.022479 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37104 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:28.030456 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37094 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:28.050468 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35421 > 2001:470:1:18::119.80: tcp 0
10:10:28.050673 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59647 > 2001:470:1:18::1280.80: tcp 0
10:10:28.134528 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35429 > 2001:470:1:18::119.80: tcp 377
10:10:28.158596 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35426 > 2001:470:1:18::119.80: tcp 383
10:10:28.234556 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35411 > 2001:470:1:18::119.80: tcp 373
10:10:28.238449 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 174
10:10:28.282501 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35405 > 2001:470:1:18::119.80: tcp 379
10:10:28.306761 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59644 > 2001:470:1:18::1280.80: tcp 1208
10:10:28.330517 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35415 > 2001:470:1:18::119.80: tcp 380
10:10:28.354854 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 1384
10:10:28.814403 IP6 2a00:1450:400f:804::2003.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39494: tcp 0
10:10:28.818008 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39494 > 2a00:1450:400f:804::2003.443: tcp 0
10:10:28.822167 IP6 2a00:1450:400f:804::200e.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110: tcp 0
10:10:28.822839 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.37110 > 2a00:1450:400f:804::200e.443: tcp 0
10:10:28.840165 IP6 2a00:1450:400f:804::2003.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39493: tcp 0
10:10:28.840866 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39493 > 2a00:1450:400f:804::2003.443: tcp 0
10:10:29.082204 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35421: tcp 0
10:10:29.082377 IP6 2001:470:1:18::1280.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59647: tcp 0
10:10:29.083013 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35421 > 2001:470:1:18::119.80: tcp 0
10:10:29.083211 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.59647 > 2001:470:1:18::1280.80: tcp 0
10:10:29.141224 IP6 2a00:1450:400f:804::2003.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39495: tcp 0
10:10:29.141969 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39495 > 2a00:1450:400f:804::2003.443: tcp 0
10:10:29.146159 IP6 2a00:1450:400f:804::2003.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39497: tcp 0
10:10:29.146877 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39497 > 2a00:1450:400f:804::2003.443: tcp 0
10:10:29.239658 IP6 2a00:1450:400f:804::2003.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39496: tcp 0
10:10:29.240425 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39496 > 2a00:1450:400f:804::2003.443: tcp 0
10:10:29.246890 IP6 2a00:1450:400f:804::2003.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39499: tcp 0
10:10:29.247803 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39499 > 2a00:1450:400f:804::2003.443: tcp 0
10:10:29.263250 IP6 2a00:1450:400f:804::2003.443 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39498: tcp 0
10:10:29.263929 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.39498 > 2a00:1450:400f:804::2003.443: tcp 0
10:10:29.419700 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435: tcp 0
10:10:29.419881 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35436: tcp 0
10:10:29.419993 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35434: tcp 0
10:10:29.420632 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35435 > 2001:470:1:18::119.80: tcp 0
10:10:29.420772 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35436 > 2001:470:1:18::119.80: tcp 0
10:10:29.421007 IP6 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35434 > 2001:470:1:18::119.80: tcp 0
10:10:29.819707 IP6 2001:470:1:18::119.80 > 2001:16d8:ee92:d449:4a07:8ada:9173:a8fd.35437: tcp 0
2001:16d8:ee92:d449:4a07:8ada:9173:a8fd is my test machine.
What are these TCP 0 packets? Does this make any sense to you ?
Sixxs + pfSense + PPPoE ISP
Jeroen Massar on Monday, 22 June 2015 08:53:32 What are these TCP 0 packets?
Likely 0 length data packets, which happens for instance when TCP initiation happens.
Hard to really say, normally there is more detail to it.
Does this make any sense to you ?
No, as there is not enough information. You need to turn up verbosity a LOT.
Better is to just dump to a file and then run wireshark over it, then you get nice informational details about what might be happening.
But instead of going the tcpdump route, really check your firewalling setup first.
Or heck, temporarily bypass your pfsense box (by not using it in your network for the tunneled connection) so that you can exclude problems with it.
Posting is only allowed when you are logged in. |