Plusnet VPN ERR_CONNECTION_RESET
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Plusnet VPN ERR_CONNECTION_RESET
Plusnet VPN ERR_CONNECTION_RESET
14-09-2018 12:42 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hello,
I'm experiencing a problem when I'm connected to my work's VPN using the Cisco AnyConnect Secure Mobility Client where I'm able to connect fine, I'm able to access some internal websites fine too - except for a few (and probably more). When I access one of the sites I'm having an issue with the following happens: Upon entering the URL into my browser and watching the network tab in chrome's developer tools, the website's application files (js / css files) start downloading but then randomly stop about half way with some files stuck in a 'pending' state (they remain in a pending state presumably because they're queued up waiting for the others which haven't finished downloading) - it remains in this state until the connection times out with a net::ERR_CONNECTION_RESET error in chrome's console. (Others browsers have the same result).
I only ever experience this problem when I'm online using Plusnet. I tested using a friends broadband connection (Sky) and have no issues. Same goes for if I tether to my phone, I don't get this problem.
I used Wireshark to capture the traffic that occurs when I try accessing a site I can't access using Plusnet's network and the tail end of the log has loads of these:
TCP 74 [TCP Dup ACK 1123#32] 63992 → 443 [ACK] Seq=1771 Ack=238214 Win=931 Len=0 SLE=311978 SRE=339298 SLE=343396 SRE=359788
I don't really know what this means but soon after seeing a load of those lines appear, I then see quite a few of the following:
TCP 55 [TCP Keep-Alive] 64000 → 443 [ACK] Seq=1157 Ack=78028 Win=65536 Len=1
Waiting for the connection to timeout as it usually does with a ERR_CONNECTION_RESET, I see this in Wireshark:
TCP 54 64501 → 443 [RST, ACK] Seq=9516 Ack=6026 Win=0 Len=0 TCP 54 64501 → 443 [RST] Seq=9515 Win=0 Len=0
Comparing the Wireshark log to when I'm connecting to the Plusnet network versus when I'm tethered to my phone, it's clear that packet transfer stops half way through downloading those application files at which point I see lots of (black and red) 'TCP Dup ACK' logs in Wireshark whereas when tethered to my phone I see (light blue and black) 'ACK' logs until the site fully loads.
This connection problem occurs whether i'm on WIFI or wired in via ethernet to my Plusnet One Hub. The software version installed on my Plusnet One Hub is: 4.7.5.1.83.8.237.2.2. Furthermore, I've tried the following:
- Turned off the router firewall.
- Ensured 'SafeGuard' is turned off in my Plusnet member center.
- Tried enabling and disabling 'Port Clamping' in the router admin.
- Spoke to a Plusnet support engineer who could only go as far as setting the firewall (on his side for my connection) to 'low' in the hopes it would help - but it hasn't. He then requested I post my problem in this forum for further help.
- Setup port forwarding as mentioned in the last post at the bottom of this page: https://community.bt.com/t5/Home-setup-Wi-Fi-network/HomeHub-5-and-Cisco-Anyconnect-VPN-Issue/td-p/1....
- Restarted the router way too many times after each step already mentioned.
The only thing I haven't tried is swapping out the router for another and trying again but I don't have a spare so I'm hoping someone can shed some light on this problem before I do. I'm guessing it isn't going to help as this feels like a rule somewhere in Plusnet's network or firewall that's interrupting my connection when accessing certain internal sites whilst on a VPN.
Can anyone help?
Thanks,
Bear
Re: Plusnet VPN ERR_CONNECTION_RESET
14-09-2018 10:11 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet VPN ERR_CONNECTION_RESET
04-10-2018 4:05 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi @MasterOfReality,
Thanks for the response (apologies mine is so late). I've seen that article and it didn't help - the VPN network I'm connecting to is using a different subnet entirely compared to my LAN subnet (vpn subnet starts with 10.x, my local LAN starts with 192.x). I'm still experiencing this problem intermittently. I've taken a closer look at the router log and found a clue - it looks like packets are being blocked for some reason, here is what I'm getting:
BLOCKED 11 more packets (because of Defragmentation failed)
IN: BLOCK [53] Defragmentation failed (Fragmented packet, packet exceeds: UDP [xxx.xxx.xxx.xxx]:443->[xx.xxx.xxx.xxx]:51743 on ppp3)
BLOCKED 268 more packets (because of Defragmentation failed)
OUT: BLOCK [53] Defragmentation failed (Fragmented packet, packet exceeds: UDP [xxx.xxx.xxx.xxx]:443->[192.168.1.76]:51743 on br0)
(I've skewed the external IP's with 'x's).
This happens whenever I access the certain webpages whilst connected to the VPN. To me this means my router is blocking these packets but I'm not sure why. Any idea how to resolve this?
Thanks.
Re: Plusnet VPN ERR_CONNECTION_RESET
05-10-2018 7:21 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Have you tried turning the PN firewall off, rather than set it to low?
The PN firewall settings for a users account can be accessed from the member centre, connection settings, broadband firewall.
Regards
Richard
Re: Plusnet VPN ERR_CONNECTION_RESET
05-10-2018 1:08 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Re: Plusnet VPN ERR_CONNECTION_RESET
05-10-2018 5:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
What is your MTU set to? It is common for a VPN connection to have a lower MTU (due to the VPN overhead), and packets will get split if the encapsulated packets are too large - i.e. fragmentation. I use AnyConnect and I notice its MTU is set to 1300.
Re: Plusnet VPN ERR_CONNECTION_RESET
12-11-2018 10:00 PM - edited 12-11-2018 10:01 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@RichardB & @Gandalf: Thanks for your responses. I've turned off my PN firewall in my member centre and I'm still getting the same result. Is there some kind of propagation delay when turning my PN firewall off? Am leaving it off until this problem is resolved.
@corringham: Thanks for the response. How do I check this? Is this setting available in the AnyConnect mobility client? If this is a server setting I won't be able to change it. Furthermore, I'm only ever getting this problem when I'm using my Plusnet broadband. Surely if it was an MTU value problem I would be experiencing the same issue with other broadband providers (which I'm not)?
PS: I've been travelling with work (hence the late response) and have had to use various broadband providers and not once have I experienced this connectivity issue whilst on the VPN. I'm afraid if this continues it's probably going to be quicker to switch to another provider :(.
Re: Plusnet VPN ERR_CONNECTION_RESET
12-11-2018 10:20 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi Bear1
I think you might have to drop and reconnect the PPP session with PN to ensure the firewall change is applied.
You should be able to thus via the routers config pages.
Regards
Richard
Re: Plusnet VPN ERR_CONNECTION_RESET
13-11-2018 12:37 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Hi @Bear1,
As per RichardB's response, the connection has to be disconnected and reconnected for the firewall setting change to take effect. The easiest way is to turn your router off then back on.
Let us know how this goes.
Thank you.
Re: Plusnet VPN ERR_CONNECTION_RESET
13-11-2018 5:58 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@RichardB & @Jubby I turned off my PN firewall in my member centre, then turned off my router completely, waited 5 mins then turned it back on but unfortunately still getting the same result. As I've done before I've confirmed this by checking the router event log and can see blocked packets / defragmentation failures.
17:51:03, 13 Nov. | BLOCKED 12 more packets (because of Defragmentation failed) |
17:51:02, 13 Nov. | BLOCKED 254 more packets (because of Defragmentation failed) |
Any other suggestions?
Thanks.
Re: Plusnet VPN ERR_CONNECTION_RESET
13-11-2018 6:15 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
Just to check the MTU, if you are using Windows you can go to the Network settings and view your network settings. If you have AnyConnect up at the time you will see it in the list of networks. There is a setting for "Maximum transmission unit:" (i.e. MTU). For me that is set to 1300 - which is a lot lower than Plusnet's default of 1500. I also use other VPNs, and for those I use 1440 - so it depends on the overheads introduced by the particular VPN you use. I'm not sure how you change it on Windows (I'm a Linux user and only use Windows when I have to), but if you check it and it looks as if it may be the problem let me know and I'll find out how to change it.
Re: Plusnet VPN ERR_CONNECTION_RESET
13-11-2018 8:00 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@corringham Ok I've found it and the MTU is set to 1406 in the AnyConnect network properties. Did some reading up on how to determine the correct MTU size for my network and 1406 is pretty much spot on correct. This is how I worked it out:
To determine the correct MTU size I ran a ping test against a resource I normally have an issue with using the following command:
ping [url / local server or IP Address] –f –l xxxx
Where xxxx is the MTU size to test. I started with 1300 and got 4 successful replies back with no packet loss, kept increasing until I got to 1378 which is the max. Anything above that value and I get four 'Packet needs to be fragmented but DF set' responses. From what I've read I need to add 28 on to the max MTU value derived from the ping test for IP/ICMP overheads; therefore: 1378 + 28 = 1406 should be my MTU limit; which it is.
So the MTU value doesn't appear to be the cause of this issue.
Any suggestions?
PS: Derived the above from: https://www.sevenforums.com/
Re: Plusnet VPN ERR_CONNECTION_RESET
13-11-2018 10:47 PM - edited 13-11-2018 10:54 PM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
OK, that's ruled the MTU out then. Given the other things you've tried I'm not sure what else to suggest, apart from delving deeper with wireshark.
EDIT: Actually one more thought - have you checked the router's CPU/memory loading? If it is heavily loaded it might get a bit behind with passing packets?
Re: Plusnet VPN ERR_CONNECTION_RESET
11-12-2018 10:33 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@Bear1 - did you ever resolve this? I seem to have the exact same issue. Our company VPN is Cisco Anyconnect. I can connect reliably for the most part but the connection gets strangled after a few seconds. A speed test using OOKLA demonstrates this.
I also have the defragmentation failed error messages ("BLOCKED 2 more packets (because of Defragmentation failed)"
I really need to resolve this or I may have to move ISP.
Re: Plusnet VPN ERR_CONNECTION_RESET
11-12-2018 11:16 AM
- Mark as New
- Bookmark
- Subscribe
- Subscribe to RSS Feed
- Highlight
- Report to Moderator
@BryceM61 No, unfortunately I did not. I have moved over to Sky and no longer have any VPN related issues (I chose Sky because I know it works from having used that provider during my initial troubleshooting to rule out the issue stemming from software on my machine).
Unfortunately I had no choice but to move - the amount of time it was taking to solve this problem was costing me more than just paying the exit fee and switching. I exhausted trying to solve this problem with Plusnet's tech team, they unfortunately weren't able to help and referred me to this forum which despite some really good suggestions; didn't help either.
To be fair, it is a complicated problem and near enough impossible to solve over a phone call or without digging into the specifics of Plusnet's network but everyone did a great job trying to help. The issue you're experiencing seems more aggressive than mine - you're getting nothing down whereas when I ran a speed test I was receiving packets. It was only when I accessed certain resources on the VPN that I got fragmented packets.
The only two suggestions I have for you are:
1. Try tethering to your phone and see if you still get the same problem. If you do, then it's unrelated to Plusnet.
2. If you have no problem when tethering, try running through each of the prior posts and run through the various things I tried. Beyond that the only other suggestion I have (other than moving ISP) is switching out your Plusnet router with a different one (not from Plusnet). I wouldn't buy one - grab one from a friend to run a test or grab a spare from work if you can. Swapping out the router to rule out the issue being related to some weird router config is the only thing I didn't try.
PS: @corringham Thanks for your last post - I couldn't find a diagnostics view to check the router's CPU / memory loading. Would you mind providing instruction how to view that info for @BryceM61's benefit? I personally don't think it is an overload issue because I did try lessen the workload on the router by disconnecting every device except my machine (which is connected to the VPN) and I still had the same problem. I didn't see any errors or warnings in the routers event log about excessive CPU / memory loading.
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Plusnet Community
- :
- Forum
- :
- Help with my Plusnet services
- :
- Fibre Broadband
- :
- Plusnet VPN ERR_CONNECTION_RESET