TelstraClear messing with SSL?

Geekzone Status | Geekzone User IP information | NZ Cell Sites Map | Amazon order page (Kindle, books, electronics)

Welcome Guest.

You haven't logged in yet. If you don't have an account you can register now.

This subforum is now locked. Please post TelstraClear topics in the Vodafone forum. You can find more information here.

Forums › TelstraClear › TelstraClear messing with SSL?

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Topic # 114680 27-Feb-2013 12:38
I have been using a SSTP connection to our Geekzone servers lately and noticed that it works really well over mobile data (Telecom 3G and LTE, 2degrees 3G) with SSTP connection staying up for hours. On TelstraClear cable the same connection with the same target server gets disconnected every couple of minutes, as soon as traffic starts. Any ideas? Any way to trace this? Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

1 | 2

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771104 27-Feb-2013 15:30
I spent most of this morning connected to Telecom LTE in town and had no problem accesing the SSTP VPN server, with no disconnections. Back at home on TelstraClear cable and the SSTP VPN connection drops as soon as any traffic goes through it. I have connected directly to the modem to rule out a router configuration problem, but still the same. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

deadlyllama

147 posts

Master Geek

Reply # 771109 27-Feb-2013 15:37
Have you tcpdumped/wiresharked both ends, and observed the disconnect?

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771111 27-Feb-2013 15:38
Nope. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

deadlyllama

147 posts

Master Geek

Reply # 771115 27-Feb-2013 15:46
Try it, then. You can filter all the crap in wireshark down by specifying just the IP of the SSTP server. You want to look at what's sent/recieved around the time of the disconnect, in particular if there are packets sent at one end that don't show up at the other.

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771121 27-Feb-2013 15:53
Ok, ran Wireshark on my side and got this so far (click for larger version): Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

Kraven

398 posts

Ultimate Geek

Reply # 771126 27-Feb-2013 16:06
Are you seeing any events in the event log on the server/client ends around the time of the disconnects? Is it possible to test SSTP over a different port (other than 80/443) to rule out any transparent proxy weirdness?

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771129 27-Feb-2013 16:12
No error in either machine. Client shows RASMAN entry: "CoID={385424BA-71C7-457E-B9D2-8A5FCDFA4EC8}: The connection to VPN Connection to Geekzone Servers made by user Administrator using device VPN0-1 was disconnected." Which is expected, and nothing on the server side. Can't test on another port because the idea is to use SSTP which goes over port 443 and wouldn't require changes in the server side hardware firewall. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

gstarkey

41 posts

Geek

Reply # 771132 27-Feb-2013 16:19
The wireshark screen shot shows no traffic going the other way, ( ie from 202.175.128.168) very odd

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771133 27-Feb-2013 16:22
Probably because it was filtered one way only... There was certainly some traffic - ping /t running in the background and that was fine, until I fired up a SQL Studio session and tried a query and that instantly got the session terminated (and no it's not when using SQL Studio only, it happens sometimes browsing the server or a shared folder). Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

deadlyllama

147 posts

Master Geek

Reply # 771452 28-Feb-2013 09:09
freitasm: Ok, ran Wireshark on my side and got this so far (click for larger version): Loads of retransmitted TCP... nothing coming back. Either the packets aren't making the way to the other side, OR the replies aren't making their way back. The only way you can determine which it is, is by wiresharking the other end. Other question: can you post a screenshot scrolling up, showing the last few packets coming from 202.175.128.168. Also have you tried doing this with a different router at the client end, or bypassing the router entirely and plugging your PC into the cable modem?

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771454 28-Feb-2013 09:10
The other end is the Datacom datacenter. SSTP works fine on any other network connecting to the server but TelstraClear. Yes, tried with my laptop connected directly to the cable modem... The screnshot show one direction only because it's filtered... I will get another trace from both sides later. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

deadlyllama

147 posts

Master Geek

Reply # 771466 28-Feb-2013 09:20
freitasm: The other end is the Datacom datacenter. SSTP works fine on any other network connecting to the server but TelstraClear. Yes, tried with my laptop connected directly to the cable modem... The screnshot show one direction only because it's filtered... I will get another trace from both sides later. Can you give us a screenshot showing both directions (maybe filter based on host and port)?

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771477 28-Feb-2013 09:29
Here is a screenshot with traffic both ways just before disconnection. Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

freitasm

BDFL
43785 posts

Uber Geek

Administrator

Trusted

Geekzone

Subscriber

Reply # 771602 28-Feb-2013 11:29
These are two traces collected from both sides: Client side Server side Can't see anything strange here... Mauricio Freitas (Geekzone Admin, Devil's Advocate, my blog, technology disclosure, my tweets, Web Performance Optimization) Geekzone Price comparison \| Amazon Kindle order page \| How to get the best out of Geekzone \| New Zealand IT Jobs \| Geekzone News \| Jinglebugs

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow @geekzonenzforum

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow @geekz1

Follow us to receive Twitter updates when new jobs are posted to our jobs board:

Follow @geekzonenzjobs

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

Follow @geekzoneprices

News »

Amazon brings Kindle Fire to 170 countries, expand app store to more than 200 countries
Posted 24-May-2013 14:41

Gen-i and SAP partner in mobile business
Posted 23-May-2013 09:23

Ericsson to close down telecom cable manufacturing
Posted 23-May-2013 08:46

FaceToFace Communications and StarLeaf bring unique cloud-based videoconferencing to Australia and New Zealand
Posted 22-May-2013 09:12

IBM Watson finds a new job: customer services
Posted 22-May-2013 08:37

Microsoft unveils Xbox One
Posted 22-May-2013 08:11

Trending now »

Hot discussions in our forums right now:

Fecked up religious people strike again :-(
Created by Mark, last reply by BurningBeard on 25-May-2013 00:03 (84 replies)

... 4 5 6

Cannabis is illegal yet we have really strong 'legal highs' ?
Created by qwerty7, last reply by freitasm on 23-May-2013 23:20 (74 replies)

... 3 4 5

Xbox One
Created by DjShadow, last reply by Kingy on 24-May-2013 13:48 (68 replies)

... 3 4 5

A new project coming to Geekzone
Created by freitasm, last reply by l43a2 on 24-May-2013 23:02 (342 replies)

... 21 22 23

Troublesome transition to VDSL
Created by oseiler, last reply by michaelmurfy on 24-May-2013 13:57 (18 replies)

... 2

HTC One (2013) owners' discussion
Created by Dingbatt, last reply by wlfkfgkwlaktka on 24-May-2013 15:49 (1564 replies)

... 103 104 105

Monolithic Cement Sheet cladding mid 80s house - "leaky home" or not?
Created by joker97, last reply by mattwnz on 24-May-2013 23:46 (15 replies)

Warning - Users with Tenda ADSL modem
Created by Psi, last reply by Psi on 24-May-2013 22:01 (44 replies)

... 2 3

Geekzone Jobs »

Most recent NZ jobs in technology:

Organisational Change Analyst
Posted 24-May-2013 19:28

Dedicated Java Developer/ Technical lead
Posted 24-May-2013 18:28

Account Manager - IT/Telco
Posted 24-May-2013 18:28

Commercial Java Developer
Posted 24-May-2013 18:28

Senior DB2 Database Administrator
Posted 24-May-2013 18:28

Technical BA
Posted 24-May-2013 18:28

OSS Systems Engineer
Posted 24-May-2013 18:28

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.

RSS feeds: Main feed; Forums feed; Tech Jobs feed; All RSS feeds

Site features: Geekzone Mobile; @GeekzoneMail; Geekzone Badges; Geekzone on Twitter

Geekzone offers: Amazon orders (Kindle, books, everything); MightyApe orders; Free technology white papers

Site Information: Subscribe to Geekzone; Privacy Statement; Forum Usage Guidelines (FUG); Advertising on Geekzone; Trademark and copyright