Reply
Veteran Member
Posts: 7,240
Registered: ‎03-24-2016
Kudos: 1862
Solutions: 822

Re: Unable to connect to bank website or council site

On mac, you don't need 3rd party ssh tool, it's build in:

http://accc.uic.edu/answer/how-do-i-use-ssh-and-sftp-mac-os-x

Established Member
Posts: 823
Registered: ‎07-23-2015
Kudos: 485
Solutions: 47

Re: Unable to connect to bank website or council site

Did you ever try to telnet or traceroute to the sites?
Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Yes I tried trace route and it hangs on route 5 :

IP Tools (www.iptools.su)
Traceroute
Host: www.asb.co.nz

#1
10.255.255.0
Ping: 64.8 ms
TTL: 64
#2
210.54.37.254
Ping: 102 ms
TTL: 254
#3
122.56.60.68
Ping: 81.7 ms
TTL: 253
#4
122.56.60.69
Ping: 570 ms
TTL: 253
#5
122.56.118.89
x1-1-1-200.akcr11.global-gateway.net.nz
Ping: 87.3 ms
TTL: 61
Established Member
Posts: 823
Registered: ‎07-23-2015
Kudos: 485
Solutions: 47

Re: Unable to connect to bank website or council site

....and telnet www.asb.co.nz 80 from the Mac command line?
Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Host not found is the response..
Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Could it be something to do with isp blocking those sites when edge router is in the mix?
Established Member
Posts: 823
Registered: ‎07-23-2015
Kudos: 485
Solutions: 47

Re: Unable to connect to bank website or council site

I wouldn't think so.

 

Can you do the following back-to-back from terminal in the Mac that's connected to the edgerouter and post the exact output here?

 

nslookup www.asb.co.nz

ping www.asb.co.nz

traceroute www.asb.co.nz

telnet www.asb.co.nz 80

Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Liams-Macbook:~ Liam$ nslookup www.asb.co.nz
Server:		8.8.8.8
Address:	8.8.8.8#53

Non-authoritative answer:
Name:	www.asb.co.nz
Address: 210.55.180.35

Liams-Macbook:~ Liam$ ping www.asb.co.nz
PING www.asb.co.nz (210.55.180.35): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
Request timeout for icmp_seq 8
Request timeout for icmp_seq 9
Request timeout for icmp_seq 10
^[Request timeout for icmp_seq 11
Request timeout for icmp_seq 12
Request timeout for icmp_seq 13
Request timeout for icmp_seq 14
Request timeout for icmp_seq 15
Request timeout for icmp_seq 16
^Z
[1]+  Stopped                 ping www.asb.co.nz
Liams-Macbook:~ Liam$ traceroute www.asb.co.nz
traceroute to www.asb.co.nz (210.55.180.35), 64 hops max, 52 byte packets
 1  10.255.255.0 (10.255.255.0)  195.492 ms  51.505 ms  36.797 ms
 2  210.54.37.254 (210.54.37.254)  56.185 ms  63.894 ms  57.966 ms
 3  122.56.60.68 (122.56.60.68)  59.185 ms  61.772 ms  60.102 ms
 4  122.56.60.69 (122.56.60.69)  59.179 ms  95.428 ms  59.866 ms
 5  x1-1-1-200.akcr11.global-gateway.net.nz (122.56.118.89)  49.915 ms  50.097 ms  60.336 ms
 6  * * *
 7  * * *
 8  * * *
 9  * * *
10  * * *
^Z
[2]+  Stopped                 traceroute www.asb.co.nz
Liams-Macbook:~ Liam$ telnet www.asb.co.nz:80
www.asb.co.nz:80: nodename nor servname provided, or not known
Liams-Macbook:~ Liam$ telnet www.asb.co.nz
Trying 210.55.180.35...
telnet: connect to address 210.55.180.35: Operation timed out
telnet: Unable to connect to remote host
Liams-Macbook:~ Liam$ telnet www.asb.co.nz 80
Trying 210.55.180.35...
telnet: connect to address 210.55.180.35: Operation timed out
telnet: Unable to connect to remote host

Here is what i got, Please note this is done Via VPN as am not on site.

Established Member
Posts: 823
Registered: ‎07-23-2015
Kudos: 485
Solutions: 47

Re: Unable to connect to bank website or council site

At this point I would say you have two options to troubleshoot further:

1. Post your config and let’s see if anything is affecting outbound TCP connections
2. Wireshark the TCP handshake between your MacBook and the bank web server and post the pcap
Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

People seem to think it could be a MTU setting, has anyone had simlar issues?

 

Established Member
Posts: 823
Registered: ‎07-23-2015
Kudos: 485
Solutions: 47

Re: Unable to connect to bank website or council site

Is your WAN connection PPPoE?
Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Yes supplied by a dreytek 130 ( with pppoe passthrough enabled ) VDSL connection on a static from bigpipe.

Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Bigpipe being the ISP

Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Liam@Lookout-drive-Router:~$ show configuration
firewall {
    all-ping enable
    broadcast-ping disable
    group {
        network-group LOCAL_NETWORK {
            description ""
            network 10.10.1.0/24
            network 10.10.2.0/24
        }
    }
    ipv6-receive-redirects disable
    ipv6-src-route disable
    ip-src-route disable
    log-martians enable
    name WAN_IN {
        default-action drop
        description "WAN to internal"
        rule 10 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 20 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    name WAN_LOCAL {
        default-action drop
        description "WAN to router"
        rule 10 {
            action accept
            description IKE
            destination {
                port 500
            }
            log disable
            protocol udp
        }
        rule 20 {
            action accept
            description L2TP
            destination {
                port 1701
            }
            log disable
            protocol udp
        }
        rule 30 {
            action accept
            description ESP
            destination {
            }
            log disable
            protocol esp
        }
        rule 40 {
            action accept
            description NAT-T
            destination {
                port 4500
            }
            log disable
            protocol udp
        }
        rule 50 {
            action accept
            description "Allow ICMP"
            log disable
            protocol icmp
        }
        rule 70 {
            action accept
            description "Allow established/related"
            state {
                established enable
                related enable
            }
        }
        rule 80 {
            action drop
            description "Drop invalid state"
            state {
                invalid enable
            }
        }
    }
    options {
        mss-clamp {
            interface-type pppoe
            mss 1452
        }
    }
    receive-redirects disable
    send-redirects enable
    source-validation disable
    syn-cookies enable
}
interfaces {
    ethernet eth0 {
        description INTERNET
        duplex auto
        ip {
            enable-proxy-arp
        }
        pppoe 1 {
            default-route auto
            firewall {
                in {
                    name WAN_IN
                }
                local {
                    name WAN_LOCAL
                }
            }
            mtu 1492
            name-server auto
            password ****************
            user-id bigpipe
        }
        speed auto
    }
    ethernet eth1 {
        address 10.10.1.1/24
        description LAN
        duplex auto
        ip {
            enable-proxy-arp
        }
        speed auto
    }
    ethernet eth2 {
        address 10.10.2.1/24
        description "LOCAL ACCESS"
        duplex auto
        ip {
            enable-proxy-arp
        }
        speed auto
    }
    ethernet eth3 {
        description Local
        disable
        duplex auto
        speed auto
    }
    ethernet eth4 {
        description Local
        disable
        duplex auto
        speed auto
    }
    loopback lo {
    }
    openvpn vtun0 {
        config-file /config/UNMS.ovpn
        description pritunl0
        disable
        encryption aes128
        hash sha1
        mode client
        openvpn-option "--setenv UV_PLATFORM edge"
        openvpn-option "--setenv UV_ID ab3d6e5f4b7a4a0aa1d9aee53cac6694"
        openvpn-option "--setenv UV_NAME patient-dreams-1984"
        openvpn-option --push-peer-info
        openvpn-option "--ping 10"
        openvpn-option "--ping-restart 60"
        openvpn-option "--hand-window 70"
        openvpn-option "--server-poll-timeout 4"
        openvpn-option "--reneg-sec 2592000"
        openvpn-option "--sndbuf 393216"
        openvpn-option "--rcvbuf 393216"
        openvpn-option "--remote-cert-tls server"
        openvpn-option "--tls-auth /config/pritunl/vtun0.tls 1"
        protocol udp
        remote-host 138.68.248.81
        remote-port 16530
        tls {
            ca-cert-file /config/pritunl/vtun0.ca
            cert-file /config/pritunl/vtun0.cert
            key-file /config/pritunl/vtun0.key
        }
    }
    switch switch0 {
        mtu 1500
    }
}
port-forward {
    auto-firewall enable
    hairpin-nat enable
    lan-interface eth1
    lan-interface eth2
    wan-interface pppoe1
}
protocols {
    static {
        interface-route 0.0.0.0/0 {
            next-hop-interface pppoe1 {
            }
        }
    }
}
service {
    dhcp-server {
        disabled false
        hostfile-update disable
        shared-network-name LOCAL_ACCESS {
            authoritative disable
            subnet 10.10.2.0/24 {
                default-router 10.10.2.1
                dns-server 8.8.8.8
                dns-server 8.8.4.4
                lease 86400
                start 10.10.2.2 {
                    stop 10.10.2.100
                }
                static-mapping Liam-pc {
                    ip-address 10.10.2.2
                    mac-address e4:11:5b:f4:39:a2
                }
            }
        }
        use-dnsmasq disable
    }
    dns {
    }
    gui {
        http-port 80
        https-port 443
        older-ciphers enable
    }
    nat {
        rule 5010 {
            description "NAT Masquerade"
            log disable
            outbound-interface pppoe1
            protocol all
            source {
                group {
                }
            }
            type masquerade
        }
    }
    ssh {
        port 22
        protocol-version v2
    }
    unms {
        disable
    }
}
system {
    host-name Lookout-drive-Router
    login {
        user Liam {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name "Liam Atkins"
            level admin
        }
        user Logan {
            authentication {
                encrypted-password ****************
                plaintext-password ****************
            }
            full-name "Logan Ransley"
            level admin
        }
    }
    name-server 8.8.8.8
    name-server 8.8.4.4
    ntp {
        server 0.ubnt.pool.ntp.org {
        }
        server 1.ubnt.pool.ntp.org {
        }
        server 2.ubnt.pool.ntp.org {
        }
        server 3.ubnt.pool.ntp.org {
        }
    }
    syslog {
        global {
            facility all {
                level notice
            }
            facility protocols {
                level debug
            }
        }
    }
    time-zone Pacific/Auckland
    traffic-analysis {
        dpi enable
        export enable
    }
}
vpn {
    ipsec {
        auto-firewall-nat-exclude disable
        ipsec-interfaces {
            interface pppoe1
        }
        nat-networks {
            allowed-network 0.0.0.0/0 {
            }
        }
        nat-traversal enable
    }
    l2tp {
        remote-access {
            authentication {
                local-users {
                    username Liam {
                        password ****************
                        static-ip 10.10.1.21
                    }
                    username Logan {
                        password ****************
                        static-ip 10.10.1.20
                    }
                }
                mode local
            }
            client-ip-pool {
                start 10.10.1.20
                stop 10.10.1.22
            }
            dns-servers {
                server-1 8.8.8.8
                server-2 8.8.4.4
            }
            ipsec-settings {
                authentication {
                    mode pre-shared-secret
                    pre-shared-secret ****************
                }
                ike-lifetime 3600
            }
            mtu 1492
            outside-address 210.54.37.195

This is the config, dreytek has MTU of 1500, used to be 1492 but changed still no difference.

Established Member
Posts: 823
Registered: ‎07-23-2015
Kudos: 485
Solutions: 47

Re: Unable to connect to bank website or council site

Knock your MSS down some more. Try 1410.

Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

Yep still no Luck

 

Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

I Might have to give up and rip it out go back to the old set up, Modem ----- Radios ----- customer routers

Regular Member
Posts: 352
Registered: ‎12-18-2016
Kudos: 35
Solutions: 12

Re: Unable to connect to bank website or council site

This is "mms ping" for Windows.

http://www.tech-wiki.net/index.php?title=MTU/MSS_-_How_to_test_using_PING

 

May be someone knows how to perform that on a Mac.

 

I would (at last) make a test with the Edgerouter Basic Wizard!

Emerging Member
Posts: 42
Registered: ‎09-15-2015

Re: Unable to connect to bank website or council site

I tried with basic wizard, but couldnt Even get any connectivity.

Established Member
Posts: 823
Registered: ‎07-23-2015
Kudos: 485
Solutions: 47

Re: Unable to connect to bank website or council site

Have you considered downloading wireshark and doing a capture for me? Doesn't look like a config issue.

Please don't forget to kudo helpful posts and mark accepted solutions accordingly!
jcm.me - Personal Site | Joyn.Tech - Consulting Site

Add Auto-Provisioning Support to UNMS
Reply