Community discussions

 
F1le
just joined
Topic Author
Posts: 14
Joined: Tue Nov 21, 2017 1:35 am

Router allows ping but not allowing to display www

Sun Sep 15, 2019 1:57 am

Guys,

Weird thing, I got 3011 and from some time I'm facing some challenge. Suddenly router is not routing correctly.

Ping works fine, but it doesn't want to display www
I disconnected router and the same time put a cable directly to my computer - all works fine
Each time need to leave as it is, but sometimes it takes 10-20min and router starts working fine or just reboot (browser "establishing connection", same time ping works OK).

Nothing really was touched for "ages" in the configuration. Do you have any idea?

-ping works fine
-DNS resolve - works fine in ping (like ping google.com)
- pages - "establishing connection" and time out...
- no VLANs
- no QUEUES
- simple DHCP Client configuration with a cable modem

I lost totally ground where to look for a failure (or the router failed?)
 
User avatar
xvo
Long time Member
Long time Member
Posts: 596
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Router allows ping but not allowing to display www

Sun Sep 15, 2019 10:56 am

Try pinging with different packet sizes and "don't fragment flag".
Can be problems with PMTUD somewhere at your ISP.
If that's the case - set lower MTU on your WAN interface.
 
F1le
just joined
Topic Author
Posts: 14
Joined: Tue Nov 21, 2017 1:35 am

Re: Router allows ping but not allowing to display www

Sun Sep 15, 2019 1:28 pm

lower MTU to what value you suggest?

Can MTU be lowered on WAN interface, but still be 1500 on the rest of the ports?

After excessive tests it looks like my GRE tunnel is causing troubles. Have GRE IPSec connection to my parent's house to have LAN-LAN connection and that started to cause trouble. Let's see if lowered MTU will help...
 
User avatar
xvo
Long time Member
Long time Member
Posts: 596
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Router allows ping but not allowing to display www

Sun Sep 15, 2019 3:08 pm

lower MTU to what value you suggest?
Try what ping sizes pass without fragmentation from the router and use it as an MTU value.
Can MTU be lowered on WAN interface, but still be 1500 on the rest of the ports?
Yes, sure.
After excessive tests it looks like my GRE tunnel is causing troubles. Have GRE IPSec connection to my parent's house to have LAN-LAN connection and that started to cause trouble. Let's see if lowered MTU will help...
Normal MTU for GRE tunnel with ipsec would be 1400 if underlying WAN interface have 1500.
If connection to your ISP is PPPoE, then set MTU 1380 for GRE tunnel.

But once again, it's always better to test it yourself with different sized pings - the problem might be somewhere along the way, not on your routers.
 
F1le
just joined
Topic Author
Posts: 14
Joined: Tue Nov 21, 2017 1:35 am

Re: Router allows ping but not allowing to display www

Sun Sep 15, 2019 5:41 pm

Thanks, so far I've changed GRE to IPIP and looks like problem has gone. Don't know what happened but one site was changing MTU to 1380 second to 1420 and lots of problems were happening there. Changing MTU statically to 1500 on GRE killed performance and transfers and raised up tons of packet losses but also did not resolved the issue.

So far testing IPIP tunnel also on IpSec both sited connected on 1410 and so far from couple of hours problem looks gone (not saying it's permanently gone, as it's too early to judge, but on GRE would have had couple of hangs for sure during this time).

Both sites do not have ISP PPPoE.

Is it possible IPIP works better than GRE on the same IPSec encryption?
 
User avatar
xvo
Long time Member
Long time Member
Posts: 596
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Router allows ping but not allowing to display www

Sun Sep 15, 2019 8:18 pm

Thanks, so far I've changed GRE to IPIP and looks like problem has gone. Don't know what happened but one site was changing MTU to 1380 second to 1420 and lots of problems were happening there. Changing MTU statically to 1500 on GRE killed performance and transfers and raised up tons of packet losses but also did not resolved the issue.

So far testing IPIP tunnel also on IpSec both sited connected on 1410 and so far from couple of hours problem looks gone (not saying it's permanently gone, as it's too early to judge, but on GRE would have had couple of hangs for sure during this time).

Both sites do not have ISP PPPoE.

Is it possible IPIP works better than GRE on the same IPSec encryption?
If IPIP with MTU 1410 works ok, GRE with MTU 1400 should also work.

IPIP has a little lower overhead (20 vs 24 when without ipsec), but can't carry ipv6.
Otherwise it's pretty much the same.
 
F1le
just joined
Topic Author
Posts: 14
Joined: Tue Nov 21, 2017 1:35 am

Re: Router allows ping but not allowing to display www

Sun Sep 15, 2019 11:39 pm

But it does not ...
So far the whole day IPIP works fine. I do not use IPv6 so don't really care about GRE if that's the only one difference vs IPIP, there are no drops in browsing pages like with GRE active tunnel.
 
User avatar
xvo
Long time Member
Long time Member
Posts: 596
Joined: Sat Mar 03, 2018 1:12 am
Location: Moscow, Russia

Re: Router allows ping but not allowing to display www

Mon Sep 16, 2019 12:24 am

But it does not ...
So far the whole day IPIP works fine. I do not use IPv6 so don't really care about GRE if that's the only one difference vs IPIP, there are no drops in browsing pages like with GRE active tunnel.
Maybe it's not MTU related after all.
If you want to debug it further - you can post your config.

Who is online

Users browsing this forum: No registered users and 32 guests