[TelstraClear] TelstraClear messing with SSL?

Forums › One New Zealand (including Vodafone, WxC, Farmside) › [TelstraClear] TelstraClear messing with SSL?

1 | 2

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#771661 28-Feb-2013 12:50

Sure, but how come this only happens on a TelstraClear connection?

Rubicon

29 posts

Geek

#771686 28-Feb-2013 13:21

If there are missing packets, it could be a routing or firewall issue. If the packets have been altered during transit, it could be due to misconfiguration in Telstra Clear's infamous 'transparent' proxy.

deadlyllama

1260 posts

Uber Geek

Trusted

#771693 28-Feb-2013 13:38

Rubicon: If there are missing packets, it could be a routing or firewall issue. If the packets have been altered during transit, it could be due to misconfiguration in Telstra Clear's infamous 'transparent' proxy.

TCL's proxy should only affect port 80 (not SSTP on 443) and only international traffic.

Is the SSTP server on an unmanaged dedicated server, or something Datacom is resposible? If the latter, get them to look at it.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#771703 28-Feb-2013 13:53

It is one of my own servers. I am not too sure we should get Datacom involved at the moment as everything points out to something on TelstraClear perimeter causing this. As I said it works just fine when I connect from other networks.

deadlyllama

1260 posts

Uber Geek

Trusted

#771734 28-Feb-2013 14:32

freitasm: It is one of my own servers. I am not too sure we should get Datacom involved at the moment as everything points out to something on TelstraClear perimeter causing this. As I said it works just fine when I connect from other networks.

You'll have more luck with Datacom talking to their upstream talking to TCL, then you talking to TCL customer care. You're paying for a business-grade service at the Datacom end; use it.

muppet

2566 posts

Uber Geek

Trusted

#771744 28-Feb-2013 14:47

freitasm: Sure, but how come this only happens on a TelstraClear connection?

Don't forget that the other end (your hosted server at datacom) might have a very different path travelling over different links on the return to your TCL connection. There might be a box along the way with a misconfigured MTU, or something that's trying to be "clever" and have some sort of SSL manipulation going on.

Certainly think this is worthy of logging a fault with TCL at first, then also getting Datacom involved to check the return path towards you.

All those TCP re-transmits - make sure there's not an MTU issue somewhere.

mercutio

1392 posts

Uber Geek

#771746 28-Feb-2013 14:49

have you tried bypassing your router?

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

deadlyllama

1260 posts

Uber Geek

Trusted

#771755 28-Feb-2013 14:56

muppet:
freitasm: Sure, but how come this only happens on a TelstraClear connection?

Don't forget that the other end (your hosted server at datacom) might have a very different path travelling over different links on the return to your TCL connection. There might be a box along the way with a misconfigured MTU, or something that's trying to be "clever" and have some sort of SSL manipulation going on.

Certainly think this is worthy of logging a fault with TCL at first, then also getting Datacom involved to check the return path towards you.

All those TCP re-transmits - make sure there's not an MTU issue somewhere.

The "pings work, bring up something big and it fails" sounds like an MTU issue, but it'd be wierd if the packets from your hosted box to your home TCL cable connection went through any MTU<1500 links.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#771757 28-Feb-2013 14:56

mercutio: have you tried bypassing your router?

Already said yes, twice in this thread.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#771759 28-Feb-2013 14:57

Muppet, yes, that could be the case.

skewt

750 posts

Ultimate Geek

#771801 28-Feb-2013 16:24

If I have learnt anything from Geekzone its that a Master Filter will fix this problem

mercutio

1392 posts

Uber Geek

#771803 28-Feb-2013 16:27

skewt: If I have learnt anything from Geekzone its that a Master Filter will fix this problem

splitter, not filter.

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#777612 10-Mar-2013 12:51

I think this is now solved. Two firewalls blocking stuff they shouldn't, on my side. Disabled one of them and things seem to work fine now.

Obviously shouldn't have both firewalls active, and I have no idea why it was configured like that but it seems all is working fine (at least for the last couple of days).

freitasm

BDFL - Memuneh
79250 posts

Uber Geek

Administrator

ID Verified

Trusted

Geekzone

Lifetime subscriber

#777925 11-Mar-2013 12:33

Hmm. Not so sure now. After a couple of days with no problems I had around five VPN disconnects this morning.

1 | 2