Your wireshark capture does not show packets in time order. The retransmitted SYN is very soon after the first one, too soon for a sensible timeout. I suggest running tcpdump (not wireshark, which is too complicated) on the host (not the router) and saving it to a file with -w, so you can look later with different options. Run tcpdump not only on your host, but on both the LAN interface and the WAN interface (tunnel, if that's how it is) on your router, also saving to a file. Afterwards, convert them all to text and trace the packet flow all the way. I am suspicious of firewalls in cases like this. Think about MTU and PMTU-D. However, bad behavior seems to start before the far end would send large packets. It is critical that ICMPv6 Packet Too Big messages from intermediate routers get back to your host, and also to the far side. There are broken systems out there. You may want to force MTU down to 1280 (which must be supported) rather than optimistically trying higher. (I don't think this is your problem, but you're going to have to understand this eventually.) Also, run "netstat -p" on both host and router before, and then after, saving them both so you can run diff to look for changes to counters that you are not thinking about. Also whatever the firewall stat program is.
Attachment:
signature.asc
Description: PGP signature