I'm running a Dual Stack OpenVPN Server, setup according to this tutorial: https://techblog.synagila.com/2016/02/24/build-a-openvpn-server-on-ubuntu-to-provide-a-ipv6-tunnel-over-ipv4/ .
As shown in the tutorial linked above, my clients are assigned a NAT IPv4 address as well as a native IPv6 address. The client, server and IPTables config that I'm using are listed there as well. I'm connecting to this server in 'Remote Access' mode (L3) and use it as my private 'VPN', i.e. I tunnel my network traffic through this VPN server and use it to connect to the internet.
Internet connectivity works, but when running IPv6 tests, I often get warnings that IPv6 is not setup correctly, specifically 'large packets appear to fail, giving the appearance of a broken website. If a publisher publishes to IPv6, you will believe their web site to be broken. Ask your ISP about MTU issues; possibly with your tunnel. Check your firewall to make sure that ICMPv6 messages are allowed (in particular, Type 2 or Packet Too Big)' (Source: test-ipv6.com).
I do notice this, because sometimes DNS resolving is slow. I think this also depends on whether or not it's a 'large packet'.
I've run a Wireshark trace and I do indeed see 'Packet too big - ICMPv6' errors as well as several retransmissions and connection reset. Sadly I'm no Wireshark pro so I'm not sure what to think of it.
I've tried altering the MTU size using the mssfix
parameter in the client and server config. My max MTU is 1470 so I set the mssfix
parameter to 1430, but that did not solve the issue. What more can I do to fix this issue?
I'm not running any firewall, I've only setup one IPtable rule according to the tutorial linked above.
Thank you.