kdkrone
join:2001-12-25
Fresno, CA
| [DD-WRT] Washington Mutual problem with Linksys routers
I have had problems with my password on the wamu.com network needing to be reset frequently as it was not recognized. I received the following message from the bank today:
"Since we updated our site on October 22, 2007, some customers have had access problems if they use a router from a particular manufacturer.
Certain Linksys routers have trouble accessing a small number of Web sites, including ours. If you have a Linksys router, you may need to update its "firmware" in order to access Online Banking. (Firmware is programming that helps a hardware device operate.) When manufacturers improve their firmware they often make the updates available for free online. "
I use varying WRT54g and gl routers (my home network is a main router--WRT54g v3.1-- and the rest in WDS mode. All the routers work fine with v.23 SP2 firmware.
When I spoke with a supervisor yesterday, she said the issue was that their new system (10/07) requires 128K bit encryption and that is where the incompatibility is with the older Linksys firmware. I told her I was using a third-party firmware and she said she knew nothing about DD-WRT firmware.
Has anyone had the problem with wamu.com that was solved by an upgrade of firmware? If so, which version worked? If it worked, do I only need to change the firmware for the main router? (I am not an IT guy and would prefer to make this as easy as possible. My main concern is that if I upgrade the main router and it doesn't solve the problem, that it may make it worse.)
I have not used any of the newer builds so I don't know how interchangeable they are with my older ones (v.23 SP2). If I were to install, for example, the latest release candidate, which was later than 10/07 and hopefully supports the encryption level, is it likely that the new firmware would support the older firmware without problems or is that wishful thinking? And if I find a problem with the new firmware, how difficult is it to reinstall the older firmware?
Thanks
Ken K |
|
Da Geek Kid
join:2003-10-11
Mclean, VA | yer fine... bank's using other excuses for crappy application design... |
|
kdkrone
join:2001-12-25
Fresno, CA | reply to kdkrone
May be, but I would like to use their on-line banking service without having to change my password to begin each session! |
|
nwdma
join:2002-09-24
Seattle, WA | I have a BEFSX41 and could not connect either. Went to the Linksys site, downloaded the latest firmware, everything is fine now. |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
 ·EarthLink
edit:
March 30th, @07:28AM
| reply to kdkrone
EDIT: Geeze, this is an old problem. But I'll leave my reply in case it creates further input and knowledge...
My BS bells are going off. If anyone knows what possible router characteristics can affect secure browser connections I'd like to know what they are. 128-bit encryption isn't one of them since the router has zilch affect on that. Anyone know differently? Jump in, please.
Before you change your router...
Kdkrone, this is pure hunch but can you find your public IP then do nslookup on it to see if has a DNS name? If this makes no sense, say so and someone can help. This seems to be a growing problem (I had it recently with a bank site).
I can imagine someone changing their router firmware and the only thing that fixed their problem is getting a new IP address from their ISP that had rDNS. But what does someone conclude?... must be the router firmware. Yeah. Sure! 
There are other possibilities. Assuming IE be sure and put the site in "Trusted" zone. Any special cookie handling set? Things like that. Some security techniques may be colliding in this environment... even formerly trusted virus detection stuff from big companies...
The even bigger root cause of much of this is the federal mandate to up security on all banking sites. It's got things in a silly state for the last year. Kdkrone, you're not the only one trying not to be an IT person - the bankers are forced, too. Hearsay rules, techniques are too quickly adopted, bugs in new code... and everyone is confused. Just a FYI. |
|
fiaranch
Premium
join:2007-09-12
Weston, CO
edit:
March 30th, @07:45AM
| said by Bill_MI  :My BS bells are going off. You are right. This problem is all about NAT, Shared Proxies, DHCP handling and overlap, and/or IE/Firefox/Opera settings.
But one thing it isn't about is a router problem.
kdkrone, as Bill_MI said, focus on your browser settings first. If that doesn't fix the issue, then it is a problem with the way your ISP is set up to handle traffic. What they are doing, particularly with proxy servers.
--
High tech in the high mountains @8500 ft elevation|Linksys wired/wireless network across 80 acres|HN7000S|ProPlus Package|Static IP|AMC3 Transponder 1150|A place to go where you can Forget It All-www.fiaranch.com |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·EarthLink
| Hi fiaranch and thanks for the support. Did you notice the OP was early in Febuary? I didn't. I'd like to hear the result, though. 
NO-DOZE WARNING! Just my boring example of the way banks are forced to be going...
Banking sites are going nuts with new systems requiring multi-factor authentication. One I use didn't accept my cookie-based login after we had a local cable upgrade. I knew I had a new IP address and kind of grumbled the IP would also be tied in - the bank uses a phone call to my number on record for the second factor PLUS a cookie to avoid that again from a browser.
Not too bad... I've heard of worse.
But I didn't know my new IP had no rDNS until it failed again... what now... and started looking. Lack of rDNS was the actual problem. |
|
fiaranch
Premium
join:2007-09-12
Weston, CO
| Two major things that I see are, 1) going to flash instead of java based authentication, and 2) to the DNS issue, ISP's are starting to run everything through proxy servers, so they can track traffic in case they get "pulled in for questioning". So when 22 TCP connection requests all hit a site from the same IP (the proxy IP), wham, bam, kick your A** to the curb.
--
High tech in the high mountains @8500 ft elevation|Linksys wired/wireless network across 80 acres|HN7000S|ProPlus Package|Static IP|AMC3 Transponder 1150|A place to go where you can Forget It All-www.fiaranch.com |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
 ·Comcast
·AT&T Southwest
| reply to kdkrone
When I saw this thread near the top I thought it sounded familiar and then saw the date of the OP. Below is another thread about the same thing from November 2007. Different router being used however but same issue. Possible MTU issue?
»[Help Me] DI-624 router and wamu.com times out |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·EarthLink
| Whoa... someone is claiming https requires extra MTU. There's more going on because that's not correct - TCP is TCP. Yet it fixed someone. So...
Possibly, MTU reduction in the router IS broken on HTTPS(443). This should only happen if the LAN remained 1500 MTU which puts the entire burden on the router if the ISP is, for example, 1492 MTU DSL.
But I'll be frank... I doubt that on Linux/DD-WRT but not impossible. Only LinkSys firmware could screw up that bad. They never did get MTU right (inbound) on the BEFSR41v1/2. One could change their box to test it, too, using »/drtcp |
|
jbob
Reach Out and Touch Someone
Premium
join:2004-04-26
Little Rock, AR
·Comcast
·AT&T Southwest
| I'm certainly not technically savvy enough to really help with this particular issue however I can relate one of my own experiences that "might" be related.
I run a Linksys RV082 router and had always had the MTU set to Auto. When my son first got his Xbox360 it would not pass the connection test while connected through the RV082. Other routers worked ok. It turns out that if I set the MTU to Manual/1500 the Xbox360 test passed. There is something about the implementation of the Auto MTU setting in the firmware that caused the test to fail. I also read of something odd with Microsoft settings but was never able to find anything specific.
I suspect WAMU is relating an issue that may or may not occur with certain routers. |
|
Bill_MI
Bill In Michigan
Premium,MVM
join:2001-01-03
Royal Oak, MI
·EarthLink
edit:
March 30th, @03:42PM
| And there may be more than one problem going on. The WAMU site could have an MTU problem for all we know.
One thing about MTU... either end can sort of band-aide a mismatch but to the layman it appears to always be THEIR end.
It's right in the TCP handshake. Each end claims their MTU (actually MSS) and the two ends are supposed to use the lesser. Now, if the router has the task of supporting MTU reduction it BETTER darn well change it on the fly. The BEFSR41v1/2 got it right OUTbound but never INbound (like for servers). (I like to say not fast... but half-fast! ). |
|
punker
deleted by moderator
Premium
join:2004-06-21
Palmdale, CA
clubs: | reply to kdkrone
works fine for me
dd-wrt v23 sp2 |
|
BbrewerG
Premium
join:2004-06-16
New York, NY
edit:
April 7th, @05:17PM
| reply to kdkrone
i use online banking with wamu and i run dd-wrt (v23 SP2) on my WRT54GS. no problems at all. |
|
