Can't access a website, thinking router issue

Forums › LAN (ethernet/Wifi/routers/Bluetooth) › Can't access a website, thinking router issue

chevrolux

4962 posts

Uber Geek
Inactive user

#236096 17-May-2018 18:02

Alright so this had me stumped today... site in question is:

https://essentials.myob.co.nz

ISP is 2talk, UFB 100/100, router is Mikrotik. VEEERRY basic network. Single site, three PC's, three IP phones, Unifi AP.

Basically, loading just hangs, and then eventually errors out.

Troubleshooting I have done...

- Client was using Chrome, so firstly cleared all cached data - no change
- Tried an Incognito window - no change
- Flushed DNS, 'ipconfig /flushdns' - no change
- Tried on IE - same issue, no change
- Tried on another PC with all of the above - same issue, no change
- Tried on my laptop - same issue, no change
- Jump on router, flush DNS, flush DNS on PC - no change
- Change public IP address, flush DNS, flush DNS on PC - no change (we are a 2talk reseller so can manage the connections ourselves)
- Jump on to a terminal on our head office network - site loads no problem
- Try on Spark mobile data - site loads no problem

So this leads to me think I have a router config issue. We run a rubber stamped config for all our routers, and just modify where needed. This site has zero changes to our standard config - a config deployed on 200+ routers.

So i default the router, reload a new config, issue is still there.

So now I wonder, is the issue with the UFB connection itself? I haven't pushed this to 2talk support as I want to keep working on it for a bit.

My quick work around for the client was to just set them up a VPN out through a different connection, that will suffice for the short term.

What do you reckon?!

hio77

'That VDSL Cat'
12984 posts

Uber Geek

ID Verified

Trusted

Voyager

Subscriber

#2017811 17-May-2018 18:08

While defaulting the router, did you try with default configuration?

tried running a traceroute to check the path?

Checked dns entry points to the same address?

#include <std_disclaimer>

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

Sharesies kids

Free kids accounts - trade shares and funds (NZ, US) with Sharesies (affiliate link).

chevrolux

4962 posts

Uber Geek
Inactive user

#2017816 17-May-2018 18:17

Oh when I say default I mean completely bare - Mikrotik, so literally no default config.

DNS resolves to same IP on 2talk and Spark mobile.

Can't ping the site, but traceroute from two 2talk connection gives the same path - seems to be hosted on Amazon. Haven't tried traceroute on another ISP though.

freakngeek

356 posts

Ultimate Geek

#2017824 17-May-2018 18:33

Here is my trace:

1 bng3.akl-alb.unlimitedinternet.co.nz 103.52.207.253 34.305 ms 35.263 ms 34.985 ms
2 as24466-ip-34.cust.ntc-cr1.as45177.net.nz 14.1.39.34 36.015 ms 34.968 ms 34.781 ms
3 lt-0-0-0-34.ntc-cr1.as45177.net.nz 14.1.39.33 36.287 ms 35.495 ms 34.582 ms
4 as45177.nsw.ix.asn.au 218.100.52.76 57.451 ms 57.482 ms 57.426 ms
5 as16509.nsw.ix.asn.au 218.100.52.9 58.626 ms 59.973 ms 60.092 ms
6 * * *
7 * * *
8 52.95.37.187 52.95.37.187 63.078 ms
9 52.95.36.131 52.95.36.131 57.619 ms
10 52.95.36.16 52.95.36.16 61.843 ms 62.479 ms
11 52.95.36.107 52.95.36.107 60.734 ms
12 54.240.192.109 54.240.192.109 59.414 ms 59.924 ms

Domain info:

Checking Domain Name
Domain Name: essentials.myob.co.nz
Top Level Domain: NZ (New Zealand)
DNS Lookup
IP Address: 13.236.39.170
Geolocation: AU (Australia), 02, New South Wales, 1001 Sydney - Google Maps
Reverse DNS: ec2-13-236-39-170.ap-southeast-2.compute.amazonaws.com
Domain Check
Domain Name: essentials.myob.co.nz
Top Level Domain: NZ (New Zealand)

EDIT - updated traceroute

michaelmurfy

cat
12227 posts

Uber Geek

Moderator

ID Verified

Trusted

Lifetime subscriber

#2017844 17-May-2018 18:47

I'm thinking perhaps a MTU issue is at play here.

Michael Murphy | https://murfy.nz
Referral Links: Tessie | Tesla | Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

freakngeek

356 posts

Ultimate Geek

#2017845 17-May-2018 18:47

Wonder if your timing out to the site, as steps 6 and 7 took a while and why I needed to edit post with other IPs as they took longer to come up

EDIT
Not ad blocking a happenin ?
I'm thinking the 2nd half of Traceroute takes you here:
https://login.myob.com/Account/Login?client_id=essentials-frontend&redirect_uri=%2Foauth2%2Fauthorize%3Fresponse_type%3Did_token%2Btoken%26client_id%3Dessentials-frontend%26redirect_uri%3Dhttps%253a%252f%252fessentials.myob.co.nz%252fLA.CO.NZ%252fapp.htm%26resource%3Dcaca4a6d-1ed1-4e83-9d7a-6b294596a93b%2Bpay-item%2Bsingle-touch-payroll%2Bf4f42f8b-7d48-483a-869d-d0f4d830a666%26scope%3Dopenid%2Bemail%2Bphone%26state%3Db2cfffb5-ab01-4410-8f64-0e7c33f3fdb7_eyJsb2dpblN0YXRlIjp7fSwicmVzb3VyY2UiOiJjYWNhNGE2ZC0xZWQxLTRlODMtOWQ3YS02YjI5NDU5NmE5M2IgcGF5LWl0ZW0gc2luZ2xlLXRvdWNoLXBheXJvbGwgZjRmNDJmOGItN2Q0OC00ODNhLTg2OWQtZDBmNGQ4MzBhNjY2In0%253d%26nonce%3D93f40020-43ba-48a3-9ad9-f14bc2317e69%26branding_id%3Dessentials-nz%26anonymous_id%3Df2ec59b1-4edc-4268-aff2-ea4890a3bf2b%26adobe_visitor_id%3D84710720836979496151566700862314758039%26ga_client_id%3D658464629.1526537703%26client-request-id%3D6bdc628b-ee06-426a-a247-45b4dc7fb9ca%26x-client-sku%3Djs%26x-client-ver%3D1.0.0&ui_hint=new_organization&branding_id=essentials-nz&adobe_visitor_id=84710720836979496151566700862314758039&ga_client_id=658464629.1526537703&anonymous_id=f2ec59b1-4edc-4268-aff2-ea4890a3bf2b

Probably on the AmazonAWS Server in the US going out via Sydney

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#2017858 17-May-2018 19:06

I'd pick MTU / MSS clamping

chevrolux

4962 posts

Uber Geek
Inactive user

#2017882 17-May-2018 20:03

hmmm MTU was one of my thoughts too...

Generally though you would expect to see other sites have issues to though right?

Tried a bunch of other https sites.. banks, wholesaler portals etc.

Worth sticking one of the old mangle rules in for MSS clamping?.. we haven't used that for years. Router is up to date FWIW, v6.42

yitz

1874 posts

Uber Geek

#2017887 17-May-2018 20:08

What does the F12 developer tools network waterfall timeline suggest?

chevrolux

4962 posts

Uber Geek
Inactive user

#2017889 17-May-2018 20:12

yitz: What does the F12 developer tools network waterfall timeline suggest?

I had a quick look at that but didn't really see much/know what to look at.

The network page just showed the page loading in that '(pending)' stage.

RunningMan

7964 posts

Uber Geek

#2017897 17-May-2018 20:17

Tried from a different site that uses the same/similar router config?

yitz

1874 posts

Uber Geek

#2017920 17-May-2018 20:23

If you eventually get (failed) net::ERR_CONNECTION_TIMED_OUT and you've tested multiple browsers then I wouldn't rule out them blocking your IP range.

A request for https://essentials.myob.co.nz only returns 605 bytes of text/html, I say unlikely to be MTU/MSS clamping.

chevrolux

4962 posts

Uber Geek
Inactive user

#2017936 17-May-2018 20:38

yitz: If you eventually get (failed) net::ERR_CONNECTION_TIMED_OUT and you've tested multiple browsers then I wouldn't rule out them blocking your IP range. A request for https://essentials.myob.co.nz only returns 605 bytes of text/html, I say unlikely to be MTU/MSS clamping.

Hmm I got fed up it and can't remember the specific Chrome error.

I did change the public IP on the connection and that still didn't work.

The second connection I tested from was within the same /24 block as the connection with the issue - and it works just fine from the second connection.

freakngeek

356 posts

Ultimate Geek

#2017940 17-May-2018 20:45

Can you get to here ?
https://login.myob.com/Account/Login

Its where https://essentials.myob.co.nz/ ends up, but with all the rubbish after link removed
Wonder if the long link is the issue

I had play with MSS-clamping size but could not break going to that link with settings from 536 to 1492 (I have it on 1452,and MTU on WAN 1500 and PPPoE 1492)
Am using an ERL3 though

chevrolux

4962 posts

Uber Geek
Inactive user

#2018049 17-May-2018 21:37

Yep finding out where that page redirected too was one of my thoughts too.
So that login page loads just fine when browsing direct, but when you try to login with proper credentials or errors out. When you look at the URL it has a field for 'client' and an Oauth ID and stuff... so I assume that gets passed with the login.
Otherwise I would have been out of there quick fast!!

fearandloathing

421 posts

Ultimate Geek

ID Verified

Lifetime subscriber

#2018077 17-May-2018 22:28

Check their international traffic cap. Don’t know if they still have these, they may not know they even have one. We use to gets clients have issues like this.