Path MTU discovery is still broken for IPv6

Connecting to fly.io and fasterthanli.me (hosted by you) using IPv6 fails because PMTUD is broken. My client doesn’t receive TLS Server Hello response most of the time; when I manually set MTU = 1480 (and consequently the MSS option), the connection works. Sometimes (about 15 % of the time; I didn’t do any statistics here) things go well; I suspect this is the same/similar issue as described in IPv6 PMTUD issue.

Because I would like to have people in my house to be able to use sites hosted by you, I was forced to artificially lower the MTU of the WAN interface of my MikroTik router, causing inefficiency for everything else.

I uploaded a base64-encoded PCAP file demonstrating this issue: the first two connections failed, while the third succeeded. It was captured on the WAN ethernet interface of my MikroTik: you can see all the encapsulating headers (PPPoE, VLAN). This was captured with the MTU of the WAN interface set to 1500, MTU on my PC also equal to 1500.

1 Like

Just for completeness: I am able to receive Packet Too Large ICMPv6 messages originated outside my home network without any problem (tested using http://icmpcheckv6.popcount.org/).

1 Like

Sorry for the delay here.

Looks like some of our changes were reverted. I’ve now applied the fix and changed how it’s applied so it doesn’t get reverted again.

Let me know if that helps or not!

1 Like

I can’t reproduce the issue anymore: AFAICT it’s fixed. Thanks.

Thanks @jerome!

3 Likes