Geekzone: technology news, blogs, forums
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.

4133 posts

Uber Geek

# 236096 17-May-2018 18:02
Send private message

Alright so this had me stumped today... site in question is:


ISP is 2talk, UFB 100/100, router is Mikrotik. VEEERRY basic network. Single site, three PC's, three IP phones, Unifi AP.


Basically, loading just hangs, and then eventually errors out.


Troubleshooting I have done...


- Client was using Chrome, so firstly cleared all cached data - no change
- Tried an Incognito window - no change
- Flushed DNS, 'ipconfig /flushdns' - no change
- Tried on IE - same issue, no change
- Tried on another PC with all of the above - same issue, no change
- Tried on my laptop - same issue, no change
- Jump on router, flush DNS, flush DNS on PC - no change
- Change public IP address, flush DNS, flush DNS on PC - no change (we are a 2talk reseller so can manage the connections ourselves)
- Jump on to a terminal on our head office network - site loads no problem
- Try on Spark mobile data - site loads no problem


So this leads to me think I have a router config issue. We run a rubber stamped config for all our routers, and just modify where needed. This site has zero changes to our standard config - a config deployed on 200+ routers.


So i default the router, reload a new config, issue is still there.


So now I wonder, is the issue with the UFB connection itself? I haven't pushed this to 2talk support as I want to keep working on it for a bit.


My quick work around for the client was to just set them up a VPN out through a different connection, that will suffice for the short term.


What do you reckon?!

Create new topic
'That VDSL Cat'
10649 posts

Uber Geek


  # 2017811 17-May-2018 18:08
Send private message

While defaulting the router, did you try with default configuration?




tried running a traceroute to check the path?


Checked dns entry points to the same address?



#include <std_disclaimer>


Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

4133 posts

Uber Geek

  # 2017816 17-May-2018 18:17
Send private message

Oh when I say default I mean completely bare - Mikrotik, so literally no default config.


DNS resolves to same IP on 2talk and Spark mobile.


Can't ping the site, but traceroute from two 2talk connection gives the same path - seems to be hosted on Amazon. Haven't tried traceroute on another ISP though.


336 posts

Ultimate Geek

  # 2017824 17-May-2018 18:33
Send private message

Here is my trace:


1 34.305 ms 35.263 ms 34.985 ms
2 36.015 ms 34.968 ms 34.781 ms
3 36.287 ms 35.495 ms 34.582 ms
4 57.451 ms 57.482 ms 57.426 ms
5 58.626 ms 59.973 ms 60.092 ms
6 * * *
7 * * *
8 63.078 ms
9 57.619 ms
10 61.843 ms 62.479 ms
11 60.734 ms
12 59.414 ms 59.924 ms



Domain info:

Checking Domain Name
Domain Name:
Top Level Domain: NZ (New Zealand)
DNS Lookup
IP Address:
Geolocation: AU (Australia), 02, New South Wales, 1001 Sydney - Google Maps
Reverse DNS:
Domain Check
Domain Name:
Top Level Domain: NZ (New Zealand)


EDIT - updated traceroute

Mr Snotty
8766 posts

Uber Geek

Lifetime subscriber

  # 2017844 17-May-2018 18:47
Send private message
336 posts

Ultimate Geek

28143 posts

Uber Geek

Biddle Corp
Lifetime subscriber

  # 2017858 17-May-2018 19:06
Send private message

I'd pick MTU / MSS clamping



4133 posts

Uber Geek

  # 2017882 17-May-2018 20:03
Send private message

hmmm MTU was one of my thoughts too... 


Generally though you would expect to see other sites have issues to though right?


Tried a bunch of other https sites.. banks, wholesaler portals etc.


Worth sticking one of the old mangle rules in for MSS clamping?.. we haven't used that for years. Router is up to date FWIW, v6.42


1375 posts

Uber Geek

  # 2017887 17-May-2018 20:08
Send private message

What does the F12 developer tools network waterfall timeline suggest?

4133 posts

Uber Geek

  # 2017889 17-May-2018 20:12
Send private message

yitz: What does the F12 developer tools network waterfall timeline suggest?


I had a quick look at that but didn't really see much/know what to look at.


The network page just showed the page loading in that '(pending)' stage.

5532 posts

Uber Geek

  # 2017897 17-May-2018 20:17
Send private message

Tried from a different site that uses the same/similar router config?

1375 posts

Uber Geek

  # 2017920 17-May-2018 20:23
Send private message

If you eventually get (failed) net::ERR_CONNECTION_TIMED_OUT and you've tested multiple browsers then I wouldn't rule out them blocking your IP range.



A request for only returns 605 bytes of text/html, I say unlikely to be MTU/MSS clamping.

4133 posts

Uber Geek

  # 2017936 17-May-2018 20:38
Send private message

yitz: If you eventually get (failed) net::ERR_CONNECTION_TIMED_OUT and you've tested multiple browsers then I wouldn't rule out them blocking your IP range. A request for only returns 605 bytes of text/html, I say unlikely to be MTU/MSS clamping.


Hmm I got fed up it and can't remember the specific Chrome error.


I did change the public IP on the connection and that still didn't work.


The second connection I tested from was within the same /24 block as the connection with the issue - and it works just fine from the second connection.

336 posts

Ultimate Geek

  # 2017940 17-May-2018 20:45
Send private message

Can you get to here ?


Its where ends up, but with all the rubbish after link removed
Wonder if the long link is the issue 


I had play with MSS-clamping size but could not break going to that link with settings from 536 to 1492 (I have it on 1452,and MTU on WAN 1500 and PPPoE 1492)
Am using an ERL3 though

4133 posts

Uber Geek

  # 2018049 17-May-2018 21:37
Send private message

Yep finding out where that page redirected too was one of my thoughts too.
So that login page loads just fine when browsing direct, but when you try to login with proper credentials or errors out. When you look at the URL it has a field for 'client' and an Oauth ID and stuff... so I assume that gets passed with the login.
Otherwise I would have been out of there quick fast!!

132 posts

Master Geek


  # 2018077 17-May-2018 22:28
Send private message

Check their international traffic cap. Don’t know if they still have these, they may not know they even have one. We use to gets clients have issues like this.

Create new topic

Twitter and LinkedIn »

Follow us to receive Twitter updates when new discussions are posted in our forums:

Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:

Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:

News »

Intel expands 10th Gen Intel Core Mobile processor family
Posted 23-Aug-2019 10:22

Digital innovation drives new investment provider
Posted 23-Aug-2019 08:29

Catalyst Cloud becomes a Kubernetes Certified Service Provider (KCSP)
Posted 23-Aug-2019 08:21

New AI legaltech product launched in New Zealand
Posted 21-Aug-2019 17:01

Yubico launches first Lightning-compatible security key, the YubiKey 5Ci
Posted 21-Aug-2019 16:46

Disney+ streaming service confirmed launch in New Zealand
Posted 20-Aug-2019 09:29

Industry plan could create a billion dollar interactive games sector
Posted 19-Aug-2019 20:41

Personal cyber insurance a New Zealand first
Posted 19-Aug-2019 20:26

University of Waikato launches space for esports
Posted 19-Aug-2019 20:20

D-Link ANZ expands mydlink ecosystem with new mydlink Mini Wi-Fi Smart Plug
Posted 19-Aug-2019 20:14

Kiwi workers still falling victim to old cyber tricks
Posted 12-Aug-2019 20:47

Lightning Lab GovTech launches 2019 programme
Posted 12-Aug-2019 20:41

Epson launches portable laser projector
Posted 12-Aug-2019 20:27

Huawei launches new distributed HarmonyOS
Posted 12-Aug-2019 20:20

Lenovo introduces single-socket servers for edge and data-intensive workloads
Posted 9-Aug-2019 21:26

Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.