On 09/05/16 22:09, Benedikt Stockebrand wrote: >>> Considering the increasing reports of people having problems with >>> DS-Lite >> >> Any more details on that? >> > And apparently various VPN solutions, too, but I never got access to > any details with this.
I came across this recently (my ISP now provides native IPv6 + DS-lite IPv4), and after debugging it, found that the CPE device was reporting an incorrect path MTU when receiving a DF packet that was larger than the tunnel interface to the AFTR. This caused UDP IPv4 OpenVPN tunnels to stall and die horribly. I worked around it by overriding the link-mtu config in OpenVPN. But in this case, it was the CPE, not the AFTR, causing the problem. (Of course I sent the ISP tcpdumps and a full analysis pointing out to them that the firmware in the CPE they provided me was broken. They decided to fix it by sending me a different model of CPE. I doubt they ever escalated it to actually fix the underlying problem in the original CPE. But if you happen to have a Technicolor TC7200, be wary of its DS-Lite implementation!) Cheers, Colin
