I saw that post too. All seems fine for me accessing those URLs over IPv6 - I'm on FTTP with PPPoE and a Draytek 2962. I do have my MTU set to 1490 though (autodetected by the router using PMTUD), and I do wonder if PMTUD is helping further with these specific destinations to lower things even further.

All work perfectly for me - FTTP on PPOE on ZEN with a Fritz!Box 7530.

Same setup as you @dave, and working for me.

Interestingly enough with my setup - IP6 MTU consistently advertised at home at 1460 across the home subnets, IP4 MTU at 1500 (baby jumbos on the PPPoE connection), I see currently see timeouts on all 3 sites so I'll do some digging.

The background is that over the last week I have been fiddling around my home network configuration and wiring though, so I could have broken something whilst I'm cleaning up the firewalling and multi-uplink routing and overrides from when I had PlusNet's fttc and Three's 5G home broadband, and two separate HE tunnels over each of those links.  I'm now just running PlusNet FTTP + IPv6 trial.

IP6 MTU of 1460 chosen as that was the maximum value that the HE tunnels used to support, whilst I know the PlusNET side can do higher.  I'm not purposefully blocking ICMPv6 messages.

https://www.rfc-editor.org/rfc/rfc4890 is the RFC for firewalling and ICMPv6 that I'm following.

Ok - some tcpdump data with a test to the O2 site.

Client - MacOS.  Terminal opened and using telnet -6 www.o2.co.uk and then when connected, GET / 1.0 enter-enter to fake a http get request.  This is sent as a very short packet, so avoids any mtu issues, and then expects the server response, which is typically large as it sends the web page requested.

On the linux router, I was running tcpdump -i any host www.o2.co.uk and ip6 -n to monitor.

I'm seeing exactly what the reddit thread is talking about.  The tcpdump output is attached and the key part at the end shows my router sending ICMP6, packet too big repeatedly before the connection just stalls out.

Further follow up - visiting the path mtu testing page in that thread - http://pmtud.enslaves.us/ gave me the following results.

The Firehol tcpmss command in the router6 section of the rules produced the following ip6ables command in the mangle table:

ip6tables -t mangle -I POSTROUTING -o ppp0 -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu

I have taken the fix further as PlusNET supports 1500 byte IP6 and have adjusted my home network settings to run at 1500 not 1460 MTU for IP6.  ( I think this is at the root of the MSS issue as it appears no mainstream network stack supports different MTU for IP4 and IP6 on the same physical network segment.  MacOS appears to be using the IP4 MTU to calculate the initial IP6 MSS rather than the IP6 mtu value I was advertising via radvd. )

The upshot is the IPv6 Server To Client's Client Sent MSS is now 1440 and working, and the results page appears as follows.  The Mac is no longer over-advertising the MSS it was setup to accept:

@MPC glad that you've got it working. Interesting about the different MTUs for IPv4 and IPv6, did you have a Windows device, wondering if that was the same as the Mac? Not sure I can change MTU on a Hub 2 so might have to go find another device to try out.

I do have a number of windows 11 devices but was only testing from the Mac mini I use as my main device.

It's now slightly awkward to rejig the MTU back to 1460 again, but I'll see about giving it a go to confirm directly.

When I was researching this, it looks like OpenWRT have this as a known issue and a bug was fixed around it back in 2023 relating to routing paths with different maximum MSS/MTU values requiring clamping.  Their case was VPN vs non-VPN IP4 traffic but the root cause (router forwarding connections from a client with a higher MTU than the output path's MTU) is effectively the same as I was seeing with IP4 MTU at 1500 and IP6 MTU (attempted) at 1460.

https://github.com/openwrt/openwrt/issues/12112

There's a similar post for Wireguard that covers off the various cases:

https://blog.silvio.cloud/2_WireGuard_and_MTU_MSS

Don't worry about putting it back, more curious than anything else.

Anecdotally, I was having some websites stall out from the windows systems in the past, so I was probably seeing the same sort of MSS-too-large for the return path issue needing the server to respond to ICMPv6 too big.

Client : Hello, MSS=1440.  Send me stuff.

Server: Great. Have a packet with the first 1440 of data

Client (or an intermediate router on the return path):  Sorry, the client lied.  Only 1400 is allowed.  Here's the IPCMv6 too big telling you that.

then

Good Servers: Whatever.  Here's the first 1400 bytes then.

Bad Servers: You exaggerated?  Have 1440 again.  Naughty client!  Still can't take it?  I don't care!