On Wed, 13 Mar 2024 15:37:31 +0100 Uwe Behle <shw...@behle.name> wrote:
> Good afternoon, > > first, the mandatory information; for brevity since the problem lies > in ipV6, for V6 only: > > shorewall6 version > 5.2.8 Shorewall especially has rules to allow required ICMPv6 messages so shorewall is not blocking those. Only software issue there could be would be netfilter not being able to relate those icmp packets to your connection but I'd expect much more than this only to be broken in this case. Because path mtu discovery is completely separate for both directions in ipv6, issue can be in either end. In your case, you send packet over vpn - and sending packet wouldn't work if you'd block packet too big icmp. So because you can send packets out, problem is other direction. Unlike IPv4, IPv6 does separate path mtu discovery for packets coming from responder to you, and machine on the other end of VPN is sending ICMPv6 Packet too big to the server when server try to respond you with 1500 MTU packet. So most likely packets from your other vpn end are filtered. That is if I understand your config correctly. I know at this time whole azure is broken for IPv6 because they block packet too big icmpv6. So you can't reach any of their servers with IPv6 behind VPN. -- Tuomo Soini <t...@foobar.fi> Foobar Linux services +358 40 5240030 Foobar Oy <https://foobar.fi/> _______________________________________________ Shorewall-users mailing list Shorewall-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/shorewall-users
