VPN, Connection issues when connecting over IPv6
IPv6 addresses and headers take up more space in the data packet than IPv4 addresses and headers do. Because of this some users are not able to connect to the VPN at all, and others can connect but can't download files, read email, or do other things that use large data payloads in their data packets. Adjusting the packet MTU to a lower value will make sure that there is enough space in the packet for the larger IPv6 headers.
This only affects customers that connect over IPv6. Cisco's AnyConnect software will always use IPv4 if it is available, so this will mostly affect customers using openconnect, or customers that only have IPv6 (which is rare). The default MTU for wireless and Ethernet is 1500 bytes. When using IPv6, especially if it is being tunneled, you'll need to set it down to between 1380 and 1450 depending on the your setup.
- If you can't connect at all and your client just times out trying to connect (and is using IPv6 to get to the VPN*), then first check to see if you can ping6 the vpn (unix/Mac OS command is "ping6 vpn.illinois.edu"). If that doesn't work, this is not the problem.
- If ping6 worked, then see if you can load the website over IPv6. https://vpn4g-1.gw.illinois.edu (or any of the VPNs). If it loads, this probably isn't the problem. If it loads, and the VPN connects, but then some things don't work, it might be the problem.
- If ping6 worked, but loading the website did not work, then there is a good chance this is your problem. Please try changing your MTU setting and see if that fixes the issue.
- Go to Network settings
- lick on the interface being used for their network connection, if it is not already selected.
- Click on the "Advanced" button.
- Click on the "Hardware" tab.
- Change the "Configure:" drop down to Manually.
- Change the "MTU:" drop down to Custom.
- Type in 1380, click Okay, and then click Apply.
Windows 7, 8, and 10:
Open a command prompt
- Click the Windows button on the task bar.
- Click All Programs.
- Click Accessories.
- Right-click on Command Prompt and click Run as administrator.
- If prompted click the Allow button.
Set the MTU size:
Once the Command Prompt window is open follow the steps below to change the MTU size:
- Type netsh interface ipv6 show subinterface
- Press Enter.
- You will see a list of network interfaces.
- Type netsh interface ipv6 set subinterface “Local Area Connection” mtu=1450 store=persistent
You should replace Local Area Connection with the name that appeared in the “Interface” column from steps 1-3.
- Press Enter.
- Restart you computer and then test again.
If you still have problems after modifying the MTU repeat the above steps - replacing the numbers 1458 with 1430, or 1380 – restart the computer and test again.
- In Linux there are multiple ways to do it. Here are two possibilities:
- If you are using openconnect, use the "-m "option to specify the MTU like this
- openconnect -m 1380 -v vpn.illinois.edu
- Otherwise, after the vpn has connected, adjust the mtu on the tunnel interface that was created (in this example the tunnel was tun0)
- ifconfig tun0 mtu 1380