Networking Wizards - Weirdness with Fiber via WAN PPPoE

K

KillerX

Expert Member
Joined
Jul 4, 2005
Messages
1,109
Hey guys

So I just got my FTTH installed 3 days ago. Working great with most sites, but there is a really weird issue I'm having with anything using TLS.

Any sites that use TLS simply do not load. They just sit and spin with a never ending circle progress meter. Status says ''Performing a TLS handshake".

Sites like www.microsoft.com just never load.

Capture.jpg

I am currently using my old ADSL Linksys router. Still waiting on the ISP's router to be shipped to me. This might fix the issue, but I am really puzzled by this.

Things I have tried:
Wait 10 minutes for the page to load
Try from phone, laptop
Proxy settings in browser - Auto, None
Reset router to default settings - and just setup WAN PPPoE
DHCP enabled, disabled.

All with the same result

Setup is PC -> Linksys ADSL Router using WAN PPPoE -> Mikrotik fiber device. Eth to Fiber

Are there any networking wizards out there who could give me some advice? My Fiber provider says i need to contact the ISP, and the ISP reckons the fault is with the fiber provider.
 
Last edited:
aybbleek

aybbleek

Expert Member
Joined
Sep 9, 2013
Messages
1,611
Are there definitely no firewall rules active on the router? Also have you tried Firefox or Chrome?
 
SauRoNZA

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,847
Maybe some kind of proxy or port redirect configured on that Mikrotik.

It's all I can think of really.

What is the point of the Mikrotik anyway? Can't you just plug your Router in directly without the Mikrotik in the middle?

Who are the providers? This always determines the configuration somewhat.
 
N

Nuke

Senior Member
Joined
May 29, 2006
Messages
737
If you dial the PPPoE directly from the PC?

My first guess would be MTU/MSS-Clamping.
 
aybbleek

aybbleek

Expert Member
Joined
Sep 9, 2013
Messages
1,611
SauRoNZA said:
Maybe some kind of proxy or port redirect configured on that Mikrotik.

It's all I can think of really.

What is the point of the Mikrotik anyway? Can't you just plug your Router in directly without the Mikrotik in the middle?

Who are the providers? This always determines the configuration somewhat.
Click to expand...

The Mikrotik is the modem which will physically connect the SFP/Fibre from the wall. So the Linksys establishes PPPoE and connects to the Mikrotik via E-WAN
 
Sinbad

Sinbad

Honorary Master
Joined
Jun 5, 2006
Messages
81,151
If it's pppoe you can pretty much eliminate anything between the linksys and the isp.

MTU is a possibility but then you'd see *** with normal pages too.
 
K

KillerX

Expert Member
Joined
Jul 4, 2005
Messages
1,109
aybbleek said:
Are there definitely no firewall rules active on the router? Also have you tried Firefox or Chrome?
Click to expand...

Reset router, double checked everything was blank, including firewall rules. Tried 3 diff browsers, phone, laptop. And different websites too.
 
K

KillerX

Expert Member
Joined
Jul 4, 2005
Messages
1,109
SauRoNZA said:
Maybe some kind of proxy or port redirect configured on that Mikrotik.

It's all I can think of really.

What is the point of the Mikrotik anyway? Can't you just plug your Router in directly without the Mikrotik in the middle?

Who are the providers? This always determines the configuration somewhat.
Click to expand...

Mikrotik device is issued by the fiber provider. You need it to do translation from ethernet, to fiber signals. It runs Mikrotik OS, I tried connecting to it from Winbox, but the default password has been changed. So obviously the fiber provider don't want you messing with it.

The setup is TTConnect (Fiber) with Cool Ideas (ISP)

Could it just be that this router of mine is too old? Its a Linksys WAG320N. Supports PPPoE via WAN port, everything else works except the darn TLS sites. Cool ideas also say you can use your own router if you want.

They have shipped a new one to me - should be here by Friday. But I have a feeling this will not solve the issue.
 
aybbleek

aybbleek

Expert Member
Joined
Sep 9, 2013
Messages
1,611
Probably a stupid question, but have you tried flushing your DNS from CMD?

Open CMD
type: ipconfig /flushdns [press enter]
type: ipconfig /release [press enter]
type: ipconfig /renew [press enter]
 
K

KillerX

Expert Member
Joined
Jul 4, 2005
Messages
1,109
aybbleek said:
Probably a stupid question, but have you tried flushing your DNS from CMD?

Open CMD
type: ipconfig /flushdns [press enter]
type: ipconfig /release [press enter]
type: ipconfig /renew [press enter]
Click to expand...

Was worth a shot, but still no go.
 
PsyWulf

PsyWulf

Honorary Master
Joined
Nov 22, 2006
Messages
16,580
I'd say run fiddler with HTTPS decryption and see what's happening,sounds like some kind of MITM
 
SauRoNZA

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,847
aybbleek said:
The Mikrotik is the modem which will physically connect the SFP/Fibre from the wall. So the Linksys establishes PPPoE and connects to the Mikrotik via E-WAN
Click to expand...

Okay fair enough, but sounded like the Mikrotik is connected to ONT with Ethernet and not directly with SFP.

But surely it does it’s own routing too then and you could just configure the Linksys as an AP? Have RouterOS do PPPoE and everything?

Instead of running a double router setup?

Seems like overkill to basically not use everything the Mikrotik offers.
 
Last edited:
aybbleek

aybbleek

Expert Member
Joined
Sep 9, 2013
Messages
1,611
SauRoNZA said:
Okay fair enough.

But surely it does it’s own routing too then and you could just configure the Linksys as an AP?

Instead of running a double router setup?

Seems like overkill to basically not use everything the Mikrotik offers.
Click to expand...

They lock down the device so that the fibre connectivity remains active even if the user messes about with account details etc. This is the CPE that they provide to connect you to the network. Openserve do the same, but last time I checked they were using Alcatel Lucent CPEs
 
SauRoNZA

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
47,847
aybbleek said:
They lock down the device so that the fibre connectivity remains active even if the user messes about with account details etc. This is the CPE that they provide to connect you to the network. Openserve do the same, but last time I checked they were using Alcatel Lucent CPEs
Click to expand...

Aah okay.

Just seems a waste of a Mikrotik really as a CPE.

I haven’t personally used or seen them used in these applications, thus the confusion.

But I guess it’s equally low cost, so makes sense.

Why they can’t all just use on piece ONT/CPE devices is beyond me. So much neater.
 
R

RoganDawes

Expert Member
Joined
Apr 18, 2007
Messages
1,259
If you have access to a Linux VM, try the following:

tcptraceroute google.com 443

that will show you where your TCP connection is terminating.

Compare it with:

tcptraceroute google.com 80

if the number of hops is different, then it seems that someone/thing is intercepting your ssl traffic.
 
R

RoganDawes

Expert Member
Joined
Apr 18, 2007
Messages
1,259
RoganDawes said:
If you have access to a Linux VM, try the following:

tcptraceroute google.com 443

that will show you where your TCP connection is terminating.

Compare it with:

tcptraceroute google.com 80

if the number of hops is different, then it seems that someone/thing is intercepting your ssl traffic.
Click to expand...

Or you could try this: https://elifulkerson.com/projects/tcproute.php

Disclaimer: I've never used it
 
You must log in or register to reply here.
Top