Community discussions

MUM Europe 2020
 
fdfdf
just joined
Topic Author
Posts: 1
Joined: Sun Mar 19, 2017 8:09 pm

cannot access https websites

Sun Mar 19, 2017 8:15 pm

Hello,

I've a mikrotik RB2011UiAS-2HnD. Since yesterday I cannot access HTTPS websites anymore.
all other things still work like, vpn, incoming https traffic (port forwarding), vpn tunnels http traffic.
I can access all http sites but when they get redirected to https is stops working.

I've looked at all firewall rules and also added a rule allow any any, but it won't work.

Does somebody has suggestions?
 
norocel
newbie
Posts: 29
Joined: Mon Sep 04, 2006 12:03 am

Re: cannot access https websites

Mon Mar 20, 2017 5:09 pm

Maybe you have forwarded the https 443 port from wan to internal lan device ?
This will be just one cause
 
User avatar
sjwrick
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Tue Jul 25, 2006 10:12 pm

Re: cannot access https websites

Mon Mar 20, 2017 6:52 pm

I have the same problem on some of my routers. Not all.
https sites like https://wellsfargo.com can not be rendered. Other sites like https://crucial.com are very slow to render.

I do not have a router workaround. The problem is exacerbated by some third party routers at the client location. Like a netgear. The DNS proxy does not seem to get information from the my Mikrotik main router and pass on to the client PC. I can ping to domain but cannot pass https:// site to the client.

My only solution has been to replace the client router (ex: netgear) with a mikrotik. I have 600 customers and cannot replace all their routers.

Is there a known issue with Mikrotik - ROS passing https data on to third party routers?
 
nikc
Member Candidate
Member Candidate
Posts: 186
Joined: Wed Jul 13, 2016 6:05 pm

Re: cannot access https websites

Mon Mar 20, 2017 7:38 pm

Hello,

I've a mikrotik RB2011UiAS-2HnD. Since yesterday I cannot access HTTPS websites anymore.
all other things still work like, vpn, incoming https traffic (port forwarding), vpn tunnels http traffic.
I can access all http sites but when they get redirected to https is stops working.

I've looked at all firewall rules and also added a rule allow any any, but it won't work.

Does somebody has suggestions?
Do you have a drop invalid packets rule on the firewall ?

If you do how much data does it say its processed ?
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: cannot access https websites

Tue Mar 21, 2017 12:41 am

Any chance that you have a ppp or epio interface in a bridge?
Everytime that I have seen this issue, it has been an MTU problem.
When you add an interface into a bridge, the bridge will automatically lower the MTU of the bridge to the lowest MTU of all of the interfaces. This almost always breaks HTTPS.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
User avatar
sjwrick
Frequent Visitor
Frequent Visitor
Posts: 77
Joined: Tue Jul 25, 2006 10:12 pm

Re: cannot access https websites

Thu Mar 23, 2017 4:42 pm

Thank you for that insight about EOIP. I believe that may be the smoking gun in my case.
I have used eoip for various access situations and the scenario fits with my problems with https.

Much appreciated.

Rick
 
IntrusDave
Forum Guru
Forum Guru
Posts: 1290
Joined: Fri May 09, 2014 4:36 am
Location: Rancho Cucamonga, CA

Re: cannot access https websites

Thu Mar 23, 2017 5:03 pm

Glad to have helped. It took me several days of looking at every little thing to figure that out.
David Joyce
Network & Security Engineer
Intrus Technologies, LLC.
Rancho Cucamonga, CA, USA
 
mladen074
just joined
Posts: 6
Joined: Mon Nov 27, 2017 3:54 pm

Re: cannot access https websites

Wed Dec 13, 2017 12:40 am

I just wanted to say thank you, because I was looking into this same issue for days... Of course it was an eoip tunnel related. Btw, it was so difficult to even realize there was an issue, because some websites work normally and some don't (seemingly randomly). Anyway, thank you once again, your post was a life saver :)
 
davidarre
just joined
Posts: 1
Joined: Mon Aug 27, 2018 6:30 pm

Re: cannot access https websites

Mon Aug 27, 2018 7:10 pm

Thank you very much, I had the same problem and it was driving me crazy.
I had created an EoIP tunnel and this was the problem.
But the most curious thing is that it was disabled, and even then I had problems with https browsing.
I had to eliminate the tunnel, and now everything works perfect.
Thank you very much and greetings.
 
Dalo
just joined
Posts: 2
Joined: Thu Jan 11, 2018 11:14 pm

Re: cannot access https websites

Sun Jan 27, 2019 8:44 am

I just faced the same issue. The problem as you mentioned was related to EOIP tunnel MTU (1408), but in my case I fixed it only setting the value to 1500 in the Bridge at MTU field, before was empty and as mentioned, takes the lowest MTU of the LAN "Actual MTU 1408"(was the EOIP interface 1408). Now EOIP and TLS webs are working in parallel and currently "Actual MTU 1500".
 
Sparo90
just joined
Posts: 1
Joined: Wed Dec 27, 2017 9:17 pm

Re: cannot access https websites

Mon Jul 29, 2019 6:51 pm

Any chance that you have a ppp or epio interface in a bridge?
Everytime that I have seen this issue, it has been an MTU problem.
When you add an interface into a bridge, the bridge will automatically lower the MTU of the bridge to the lowest MTU of all of the interfaces. This almost always breaks HTTPS.
Thnx for the great tip, I also created a EOIP interface in my bridge and it changed my MTU and it caused multiple problems.
After the change of the MTU on the EOIP interface it solved the problem.


Regards,

Sparo90

Who is online

Users browsing this forum: erhtun, harisir18, MSN [Bot], SJB and 112 guests