Hi Edgar,
check the MTU on your tunnel device.
It has to be lower than the one on your NIC.
As DNS and ICMP packets are tiny they
will pass through anyway but the browser's
TCP connections' packets will max out
the configured MTU and get dropped.
You can give it a try with
doas ifconfig gif0 MTU 1400
HTH, Florian
Am 9. April 2017 11:18:49 MESZ schrieb Edgar Pettijohn
<ed...@pettijohn-web.com>:
>I recently decided to join the ipv6 world. I set up a tunnel since my
>isp doesn't provide ipv6 yet. I'm almost there. I can ping6 and host -6
>
>from my laptop, but I can't browse the ipv6 web. I appologize in
>advance
>if thunderbird screws this up.
>
>[Sun Apr 09 03:57:59 edgar@thinkpad:~ ] $ ping6 google.com
>PING google.com (2607:f8b0:4000:80a::200e): 56 data bytes
>64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=0 hlim=57 time=65.239
>ms
>64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=1 hlim=57 time=82.029
>ms
>64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=2 hlim=57 time=77.891
>ms
>64 bytes from 2607:f8b0:4000:80a::200e: icmp_seq=3 hlim=57 time=77.393
>ms
>^C
>--- google.com ping statistics ---
>4 packets transmitted, 4 packets received, 0.0% packet loss
>round-trip min/avg/max/std-dev = 65.239/75.638/82.029/6.268 ms
>
>[Sun Apr 09 04:07:14 edgar@thinkpad:~ ] $ host -6 google.com
>2001:470:be02:e2::3
>Using domain server:
>Name: 2001:470:be02:e2::3
>Address: 2001:470:be02:e2::3#53
>Aliases:
>
>google.com has address 216.58.194.142
>google.com has IPv6 address 2607:f8b0:4000:80d::200e
>google.com mail is handled by 20 alt1.aspmx.l.google.com.
>google.com mail is handled by 30 alt2.aspmx.l.google.com.
>google.com mail is handled by 50 alt4.aspmx.l.google.com.
>google.com mail is handled by 10 aspmx.l.google.com.
>google.com mail is handled by 40 alt3.aspmx.l.google.com.
>
>[Sun Apr 09 03:58:30 edgar@thinkpad:~ ] $ route show -inet6
>Routing tables
>
>Internet6:
>Destination Gateway Flags Refs Use Mtu Prio
>Iface
>default fe80::21d:6aff:fe6 UG 0 227 - 56
>iwn0
>::/96 localhost UGRS 0 0 32768 8
>lo0
>::/104 localhost UGRS 0 0 32768 8
>lo0
>localhost localhost UHhl 14 28 32768 1
>lo0
>::127.0.0.0/104 localhost UGRS 0 0 32768 8
>lo0
>::224.0.0.0/100 localhost UGRS 0 0 32768 8
>lo0
>::255.0.0.0/104 localhost UGRS 0 0 32768 8
>lo0
>::ffff:0.0.0.0/96 localhost UGRS 0 0 32768 8
>lo0
>2001:470:be02:a0:: 2001:470:be02:a0:2 UCn 1 2 - 8
>iwn0
>2001:470:be02:a0:: 00:1d:6a:60:e1:a9 UHLc 0 186 - 7
>iwn0
>2001:470:be02:a0:2 24:77:03:5f:12:38 UHLl 0 31 - 1
>iwn0
>2001:470:be02:a0:7 24:77:03:5f:12:38 UHLl 0 34 - 1
>iwn0
>2002::/24 localhost UGRS 0 0 32768 8
>lo0
>2002:7f00::/24 localhost UGRS 0 0 32768 8
>lo0
>2002:e000::/20 localhost UGRS 0 0 32768 8
>lo0
>2002:ff00::/24 localhost UGRS 0 0 32768 8
>lo0
>fe80::/10 localhost UGRS 0 1 32768 8
>lo0
>fec0::/10 localhost UGRS 0 0 32768 8
>lo0
>fe80::%iwn0/64 fe80::2677:3ff:fe5 UCn 1 1 - 8
>iwn0
>fe80::21d:6aff:fe6 00:1d:6a:60:e1:a9 UHLch 1 368 - 7
>iwn0
>fe80::2677:3ff:fe5 24:77:03:5f:12:38 UHLl 0 75 - 1
>iwn0
>fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1
>lo0
>ff01::/16 localhost UGRS 0 1 32768 8
>lo0
>ff01::%iwn0/32 fe80::2677:3ff:fe5 Um 0 2 - 4
>iwn0
>ff01::%lo0/32 localhost Um 0 1 32768 4
>lo0
>ff02::/16 localhost UGRS 0 1 32768 8
>lo0
>ff02::%iwn0/32 fe80::2677:3ff:fe5 Um 0 2 - 4
>iwn0
>ff02::%lo0/32 localhost Um 0 1 32768 4
>lo0
>
>[Sun Apr 09 03:59:12 edgar@thinkpad:~ ] $ ndp -na
>Neighbor Linklayer Address Netif Expire
>
>S Flags
>2001:470:be02:a0:: 00:1d:6a:60:e1:a9 iwn0
>23h59m26s S R
>2001:470:be02:a0:2677:3ff:fe5f:1238 24:77:03:5f:12:38 iwn0
>permanent R l
>2001:470:be02:a0:7843:3366:8838:f579 24:77:03:5f:12:38 iwn0
>permanent R l
>fe80::21d:6aff:fe60:e1a9%iwn0 00:1d:6a:60:e1:a9 iwn0
>23h59m56s S R
>fe80::2677:3ff:fe5f:1238%iwn0 24:77:03:5f:12:38 iwn0
>permanent R l
>
><-------------------------on the
>router------------------------------------------------->
>
># route show -inet6
>Routing tables
>
>Internet6:
>Destination Gateway Flags Refs Use Mtu Prio
>Iface
>default epettijohn-1.tunne UGS 0 612 - 8
>gif0
>::/96 localhost UGRS 0 0 32768 8
>lo0
>::/104 localhost UGRS 0 0 32768 8
>lo0
>localhost localhost UHl 14 17 32768 1
>lo0
>::127.0.0.0/104 localhost UGRS 0 0 32768 8
>lo0
>::224.0.0.0/100 localhost UGRS 0 0 32768 8
>lo0
>::255.0.0.0/104 localhost UGRS 0 0 32768 8
>lo0
>::ffff:0.0.0.0/96 localhost UGRS 0 0 32768 8
>lo0
>epettijohn-1.tunne epettijohn-1-pt.tu UH 1 23 - 8
>gif0
>epettijohn-1-pt.tu epettijohn-1-pt.tu UHl 0 14 - 1
>gif0
>2001:470:be02:a0:: 2001:470:be02:a0:: UC 4 2 - 4
>athn0
>2001:470:be02:a0:: 00:1d:6a:60:e1:a9 UHLl 0 54 - 1
>athn0
>2001:470:be02:a0:c 5c:8d:4e:76:12:ae UHLc 0 25 - 4
>athn0
>2001:470:be02:a0:2 24:77:03:5f:12:38 UHLc 0 115 - 4
>athn0
>2001:470:be02:a0:7 24:77:03:5f:12:38 UHLc 0 282 - 4
>athn0
>2001:470:be02:a0:d link#4 UHLc 0 1 - 4
>athn0
>2001:470:be02:e2:: router.my.domain UC 0 0 - 4
>sis0
>router.my.domain 00:00:24:c3:54:50 UHLl 0 0 - 1
>sis0
>2002::/24 localhost UGRS 0 0 32768 8
>lo0
>2002:7f00::/24 localhost UGRS 0 0 32768 8
>lo0
>2002:e000::/20 localhost UGRS 0 0 32768 8
>lo0
>2002:ff00::/24 localhost UGRS 0 0 32768 8
>lo0
>fe80::/10 localhost UGRS 0 3 32768 8
>lo0
>fec0::/10 localhost UGRS 0 0 32768 8
>lo0
>fe80::%sis0/64 fe80::200:24ff:fec UC 0 0 - 4
>sis0
>fe80::200:24ff:fec 00:00:24:c3:54:50 UHLl 0 0 - 1
>sis0
>fe80::%athn0/64 fe80::21d:6aff:fe6 UC 1 2 - 4
>athn0
>fe80::21d:6aff:fe6 00:1d:6a:60:e1:a9 UHLl 0 63 - 1
>athn0
>fe80::2677:3ff:fe5 24:77:03:5f:12:38 UHLc 1 248 - 4
>athn0
>fe80::1%lo0 fe80::1%lo0 UHl 0 0 32768 1
>lo0
>fe80::%gif0/64 fe80::200:24ff:fec U 0 0 - 4
>gif0
>fe80::200:24ff:fec fe80::200:24ff:fec UHl 0 0 - 1
>gif0
>ff01::/16 localhost UGRS 0 3 32768 8
>lo0
>ff01::%sis0/32 fe80::200:24ff:fec Um 0 1 - 4
>sis0
>ff01::%athn0/32 fe80::21d:6aff:fe6 Um 0 1 - 4
>athn0
>ff01::%lo0/32 localhost Um 0 1 32768 4
>lo0
>ff01::%gif0/32 fe80::200:24ff:fec Um 0 1 - 4
>gif0
>ff02::/16 localhost UGRS 0 3 32768 8
>lo0
>
>ff02::%sis0/32 fe80::200:24ff:fec Um 0 1 - 4
>sis0
>ff02::%athn0/32 fe80::21d:6aff:fe6 Um 0 2 - 4
>athn0
>ff02::%lo0/32 localhost Um 0 1 32768 4
>lo0
>ff02::%gif0/32 fe80::200:24ff:fec Um 0 1 - 4
>gif0
>
># ndp -na
>Neighbor Linklayer Address Netif Expire
>
>S Flags
>2001:470:be02:a0:: 00:1d:6a:60:e1:a9 athn0 permanent
>R l
>2001:470:be02:a0:cd5:5a43:52d:c5c9 5c:8d:4e:76:12:ae athn0 23h49m16s
>S
>2001:470:be02:a0:2677:3ff:fe5f:1238 24:77:03:5f:12:38 athn0 23h56m22s
>S
>2001:470:be02:a0:7843:3366:8838:f579 24:77:03:5f:12:38 athn0 23h56m12s
>S
>2001:470:be02:a0:d2bf:9cff:fe27:356e (incomplete) athn0 expired
>N
>2001:470:be02:e2::3 00:00:24:c3:54:50 sis0 permanent
>R l
>fe80::200:24ff:fec3:5450%sis0 00:00:24:c3:54:50 sis0 permanent
>R l
>fe80::21d:6aff:fe60:e1a9%athn0 00:1d:6a:60:e1:a9 athn0 permanent
>R l
>fe80::2677:3ff:fe5f:1238%athn0 24:77:03:5f:12:38 athn0 1s
>D
>
># cat /etc/pf.conf
>
>ext_if="sis0"
>v6_if="gif0"
>
>tunnel_remote = "184.105.253.10"
>tunnel_routed = "{ 2001:470:1f0f:832::/64, 2001:470:be02::/48 }"
>
>int_if="{ vether0 sis1 sis2 athn0 }"
>
>table <martian> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
> 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
> 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
> 203.0.113.0/24 }
>
>set block-policy drop
>set loginterface egress
>set skip on lo0
>match in all scrub (no-df random-id max-mss 1440)
>match out on egress inet from !(egress:network) to any nat-to
>(egress:0)
>block in quick on egress from <martians> to any
>block return out quick on egress from any to <martians>
>block all
>pass out quick inet keep state
>pass out quick inet6 keep state
>pass in on $int_if inet
>pass in quick inet6 from any to 64:ff9b::/96 af-to inet from (egress:0)
>
>keep state rtable 0
>pass in on $int_if proto { tcp, udp } from any to any port domain
>pass out on $ext_if inet proto ipv6 from $ext_if to $tunnel_remote keep
>
>state
>pass in on $ext_if inet proto ipv6 from $tunnel_remote to $ext_if keep
>state
>pass out quick on $v6_if keep state
>pass in proto { icmp, icmp6 } all
>
>Thanks in advance.
