O Canada! > Canadian > TekSavvy > Routing to most https sites with a Routerboard 750G

Routing to most https sites with a Routerboard 750G

Nothing huh! one more symptom. I can't load speedtest.net. This is the first non secure site I have found that I can't access.

reply to ken_rogue
I've never heard of that problem with those boards. Are you current with the firmware?

reply to ken_rogue
Perhaps a configuration issue? Did you change anything around the time that the problem started happening?

Perhaps there is an issue with your MLPPP setup? One thing I know is that if the connections are not properly bonded (in other words, each one having its own IP address instead of just a single IP for both connections) this can break HTTPS if the packets don't always go out on the same IP.

I'd try resetting the defaults and re-configuring (backup your current configuration in case this doesn't help).

reply to vikingisson
I performed an auto update through winbox and it came back "up to date".

I can't find any place on the net where even a single person has a problem with selective https/http sites timing out. I am wondering if it is a flash/java issue in combination with the full implementation of IPV6 (I read somewhere that was happening this month)

The fortune that appeared after my last post said "creativity is no substitute for knowing what you are doing"

That sums up my understanding of my network. I hacked around until it started working, offered thanx to several gods then booted up Guildwars. I really need to take a networking course.

I should have done this in the first post

1x Routerboard750G which controls the following...
-2x TP Link TD8616 modems (MLPPP)
-1x Linksys SPA2102 (VOIP)
-1X Dlink DIR825 (hacked firmware, used for wireless)
-1x direct cable to my desktop pc

I have 2 other laptops connected to the network by wireless. all three computers have the same problem with both IE and Firefox. I have got access back on Facebook https but yahoo, hotmail and speedtest won't load.

What version are you running? I've never used the auto upgrade so I'm doubtful that told you the story.
Latest is 5.18. It says on top or under System/Resources where you should verify CPU load and Freq. Make sure you aren't hitting 100% all the time and have 680MHz.

Probably a config issue you aren't seeing but if at version much less than 5.18 or a low frequency setting you'll have trouble.

On the other hand your problem sounds related to MLPP. Go down to one line and see if that is where it is. And for sure get your OS version and firmware up to date.

reply to ken_rogue
downgrade your firmware, in mikrotik's world newest firmware =/= best.

perhaps only try one connect line as suggested by other posters, however make sure when you do single connection you need to fix your setting(also check right now if you are getting error count if doing MLPPP).

this is not a mikrotik forum, I suggest you head that way to seek help as someone over there may know better of the symptom.

reply to ken_rogue
I have connected with a single modem directly into my laptop with no issues. All sites load normally.

It seems that the problem is only on sites that use flash. What I don't get is why all three of my pc's stopped loading the same select sites at the same time.

I hadn't touched the router in more than six months. Before that I would need to cycle off my network every time the power went out but I have since installed a UPS which fixed that problem.

The only reason I suspect the Routerboard 750G is because all three PCs "broke" in the same way at the same time and I can connect without issue directly through the modem. I will head over to the Mikrotik forums to see if there is a setting that can disable flash but even that doesn't seem possible in my limited understanding of routers.

I will keep watching this thread in the event other ideas are posted. Thank you for the suggestions.

reply to ken_rogue
I think I may have had my router hacked. While exploring all the options I opened a log file that said:

319005 messages not shown

followed by about 100 lines of this:

system error, critical login failure for user (some random name)

all about 1-3 seconds apart.

I have upgraded firmware from 2.21 to 2.28 and routeros packages from 4.15 to 5.18 and changed my password.

Still no change.

If I have been hacked, any suggestions as to what a typical hackers target may be? Even if the suggestion is not Routerboard OS specific I can probably stumble around to the right area.

You should go over all your settings, starting fresh is a good idea. Don't guess at what might have been changed, just validate everything including any users that might have been created.

First thing is you have access open on the public side. Unless you have specific needs for public side access there should be no open ports at all. Obviously the OS is available to anyone with a password, the web interface is probably open too, maybe ssh as well, ftp, etc. One of the last rules after any allow rules should be deny all.

And check firmware version now that you updated the OS. The firmware is packed with the OS so it likely shows a newer version now. Mine is 2.39

While you're in there make sure that the CPU frequency is at 680MHz. Sometimes the CPU settings can get zapped to a low frequency, that happened to me once.

reply to ken_rogue

reply to vikingisson
SSH (22) was in fact open to the world as well as ftp (21) telenet (??) Winbox (??) and WWW (??) However, There were two services called api and www.ssl that were already disabled. the www.ssl looks like something that would have turned off processing secure sites. Should it be enabled? I have disabled SSH and FTP. No more of those log entries since.

CPU frequency is 680Mhz and processor load is 5%

One more thing that concerns me is My routers system clock keeps re-setting itself to its default time Jan 01 1970. The router wouldn't use its own screwed up time to process secure certificates would it? How do I get it to keep the proper time.

One last thing. Should I be able to log directly in from both a and b modem when direct connection from laptop. I can connect with a but not with b. This is a MLPPP line. The Tech told me one is static the other is dynamic.

add action=drop chain=input comment="" disabled=no in-interface=ether2-wan2
 

reply to ken_rogue
No mention of MTU, did you check that? MSS ? these are classic symptoms of MTU/MSS problems

services like api and www.ssl are services running on the router itself, they won't affect your problem. You can disable any service you don't use on the router like ftp and ssh, I just enable these as I need in most cases on internet facing routerboards. You can also set up cool firewall rules that stop ssh and ftp attacks after 4 bad logins which is also what I do if I need ssh enabled all the time and its an internet facing router board.. don't turn off all the services or you will lock yourself out! leave winbox on for config access.
--
OptionsDSL Wireless Internet
»www.optionsdsl.ca

I meant to mention that. When I first set up the network I was told to set these but could never figure out what they were. The tech I spoke to at TekSavvy was unfamiliar with Mikrotik so he wound up doing what I was doing, combing through the forums. My MTU on both routers is currently 1500. L2MTU and max L2MTU are both 1520. They have been working this way for a year and a half but if TekSavvy just installed a bunch of new equipment then it stands to reason this would just become a problem. Going over my settings with a tech on the phone tonight was going to be my next step. As for my firewall I have only one NAT rule set up. "Masquerade" No other rules or mangles.

I have disabled all but winbox and telenet as the base instructions for this router seems to be for the telenet terminal so when there is something I can't translate to "winbox" I fire up a new terminal.

One other thing. The IPv6 package was disabled before I started all this and even after upgrading the OS and firmware, it is still disabled. Should this be enabled now or has the internet not fully implemented IPv6 yet?

I have a better question. Secure Facebook has been off and on for the last two days but today it is completely gone. Is the secure version of Google really secure at all. I can still sign into https//.Gmail faster than I can bring up a "My Computer" window.

reply to ken_rogue