Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

Topic # 114680 27-Feb-2013 12:38
Send private message

I have been using a SSTP connection to our Geekzone servers lately and noticed that it works really well over mobile data (Telecom 3G and LTE, 2degrees 3G) with SSTP connection staying up for hours.

On TelstraClear cable the same connection with the same target server gets disconnected every couple of minutes, as soon as traffic starts.

Any ideas? Any way to trace this? 




View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2


BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

  Reply # 771104 27-Feb-2013 15:30
Send private message

I spent most of this morning connected to Telecom LTE in town and had no problem accesing the SSTP VPN server, with no disconnections.

Back at home on TelstraClear cable and the SSTP VPN connection drops as soon as any traffic goes through it. I have connected directly to the modem to rule out a router configuration problem, but still the same.





826 posts

Ultimate Geek
+1 received by user: 237


  Reply # 771109 27-Feb-2013 15:37
Send private message

Have you tcpdumped/wiresharked both ends, and observed the disconnect?

 
 
 
 




BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

826 posts

Ultimate Geek
+1 received by user: 237


  Reply # 771115 27-Feb-2013 15:46
Send private message

Try it, then.  You can filter all the crap in wireshark down by specifying just the IP of the SSTP server.  You want to look at what's sent/recieved around the time of the disconnect, in particular if there are packets sent at one end that don't show up at the other.



BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

  Reply # 771121 27-Feb-2013 15:53
Send private message

Ok, ran Wireshark on my side and got this so far (click for larger version):





561 posts

Ultimate Geek
+1 received by user: 62


  Reply # 771126 27-Feb-2013 16:06
Send private message

Are you seeing any events in the event log on the server/client ends around the time of the disconnects? Is it possible to test SSTP over a different port (other than 80/443) to rule out any transparent proxy weirdness?



BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

  Reply # 771129 27-Feb-2013 16:12
Send private message

No error in either machine. Client shows RASMAN entry:

"CoID={385424BA-71C7-457E-B9D2-8A5FCDFA4EC8}: The connection to VPN Connection to Geekzone Servers made by user Administrator using device VPN0-1 was disconnected."

Which is expected, and nothing on the server side.

Can't test on another port because the idea is to use SSTP which goes over port 443 and wouldn't require changes in the server side hardware firewall.







73 posts

Master Geek
+1 received by user: 4


  Reply # 771132 27-Feb-2013 16:19
Send private message

The wireshark screen shot shows no traffic going the other way, ( ie from 202.175.128.168) very odd



BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

  Reply # 771133 27-Feb-2013 16:22
Send private message

Probably because it was filtered one way only... There was certainly some traffic - ping /t running in the background and that was fine, until I fired up a SQL Studio session and tried a query and that instantly got the session terminated (and no it's not when using SQL Studio only, it happens sometimes browsing the server or a shared folder).




826 posts

Ultimate Geek
+1 received by user: 237


  Reply # 771452 28-Feb-2013 09:09
Send private message

freitasm: Ok, ran Wireshark on my side and got this so far (click for larger version):



Loads of retransmitted TCP... nothing coming back.  Either the packets aren't making the way to the other side, OR the replies aren't making their way back.  The only way you can determine which it is, is by wiresharking the other end.

Other question: can you post a screenshot scrolling up, showing the last few packets coming from 202.175.128.168.

Also have you tried doing this with a different router at the client end, or bypassing the router entirely and plugging your PC into the cable modem?



BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

  Reply # 771454 28-Feb-2013 09:10
Send private message

The other end is the Datacom datacenter. SSTP works fine on any other network connecting to the server but TelstraClear. Yes, tried with my laptop connected directly to the cable modem...

The screnshot show one direction only because it's filtered...

I will get another trace from both sides later.




826 posts

Ultimate Geek
+1 received by user: 237


  Reply # 771466 28-Feb-2013 09:20
Send private message

freitasm: The other end is the Datacom datacenter. SSTP works fine on any other network connecting to the server but TelstraClear. Yes, tried with my laptop connected directly to the cable modem...

The screnshot show one direction only because it's filtered...

I will get another trace from both sides later.


Can you give us a screenshot showing both directions (maybe filter based on host and port)?



BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber



BDFL - Memuneh
58740 posts

Uber Geek
+1 received by user: 10137

Administrator
Trusted
Geekzone
Subscriber

  Reply # 771602 28-Feb-2013 11:29
Send private message
29 posts

Geek


  Reply # 771659 28-Feb-2013 12:50
Send private message

It looks as though your server has stopped sending ACK packets to the client. This leads to the client resetting the connection due to an assumed transmission failure.

You may want to check that the sequence numbers of packets sent by the client match those received by the server, and there are no missing numbers in the sequence.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Symantec protects data everywhere with Information Centric Security
Posted 21-Sep-2017 15:33


FUJIFILM introduces X-E3 mirrorless camera with wireless connectivity
Posted 18-Sep-2017 13:53


Vodafone announces new plans with bigger data bundles
Posted 15-Sep-2017 10:51


Skinny launches phone with support for te reo Maori
Posted 14-Sep-2017 08:39


If Vodafone dropping mail worries you, you’re doing online wrong
Posted 11-Sep-2017 13:54


Vodafone New Zealand deploy live 400 gigabit system
Posted 11-Sep-2017 11:07


OPPO camera phones now available at PB Tech
Posted 11-Sep-2017 09:56


Norton Wi-Fi Privacy — Easy, flawed VPN
Posted 11-Sep-2017 09:48


Lenovo reveals new ThinkPad A Series
Posted 8-Sep-2017 14:37


Huawei passes Apple for the first time to capture the second spot globally
Posted 8-Sep-2017 10:45


Vodafone initiative enhances te reo Maori pronunciation on Google Maps
Posted 8-Sep-2017 10:40


Voyager Internet expand local internet phone services company with Conversant acquisition
Posted 6-Sep-2017 18:27


NOW Expands in to Tauranga
Posted 5-Sep-2017 18:16


Windows 10 Fall Creators Update coming Oct. 17
Posted 4-Sep-2017 14:10


Garmin introduce Garmin vivoactive 3
Posted 1-Sep-2017 18:38



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.