cancel
Showing results for 
Search instead for 
Did you mean: 

Plusnet VPN ERR_CONNECTION_RESET

Bear1
Hooked
Posts: 7
Registered: ‎13-09-2018

Plusnet VPN ERR_CONNECTION_RESET

Hello,

 

I'm experiencing a problem when I'm connected to my work's VPN using the Cisco AnyConnect Secure Mobility Client where I'm able to connect fine, I'm able to access some internal websites fine too - except for a few (and probably more).  When I access one of the sites I'm having an issue with the following happens:  Upon entering the URL into my browser and watching the network tab in chrome's developer tools, the website's application files (js / css files) start downloading but then randomly stop about half way with some files stuck in a 'pending' state (they remain in a pending state presumably because they're queued up waiting for the others which haven't finished downloading) - it remains in this state until the connection times out with a net::ERR_CONNECTION_RESET error in chrome's console.  (Others browsers have the same result).

 

I only ever experience this problem when I'm online using Plusnet.  I tested using a friends broadband connection (Sky) and have no issues.  Same goes for if I tether to my phone, I don't get this problem.

I used Wireshark to capture the traffic that occurs when I try accessing a site I can't access using Plusnet's network and the tail end of the log has loads of these:

TCP 74 [TCP Dup ACK 1123#32] 63992 → 443 [ACK] Seq=1771 Ack=238214 Win=931 Len=0 SLE=311978 SRE=339298 SLE=343396 SRE=359788

I don't really know what this means but soon after seeing a load of those lines appear, I then see quite a few of the following:

TCP 55 [TCP Keep-Alive] 64000 → 443 [ACK] Seq=1157 Ack=78028 Win=65536 Len=1

Waiting for the connection to timeout as it usually does with a ERR_CONNECTION_RESET, I see this in Wireshark:

TCP 54 64501 → 443 [RST, ACK] Seq=9516 Ack=6026 Win=0 Len=0
TCP 54 64501 → 443 [RST] Seq=9515 Win=0 Len=0

Comparing the Wireshark log to when I'm connecting to the Plusnet network versus when I'm tethered to my phone, it's clear that packet transfer stops half way through downloading those application files at which point I see lots of (black and red) 'TCP Dup ACK' logs in Wireshark whereas when tethered to my phone I see (light blue and black) 'ACK' logs until the site fully loads.

This connection problem occurs whether i'm on WIFI or wired in via ethernet to my Plusnet One Hub.  The software version installed on my Plusnet One Hub is:  4.7.5.1.83.8.237.2.2.  Furthermore, I've tried the following:

  • Turned off the router firewall.
  • Ensured 'SafeGuard' is turned off in my Plusnet member center.
  • Tried enabling and disabling 'Port Clamping' in the router admin.
  • Spoke to a Plusnet support engineer who could only go as far as setting the firewall (on his side for my connection) to 'low' in the hopes it would help - but it hasn't.  He then requested I post my problem in this forum for further help.
  • Setup port forwarding as mentioned in the last post at the bottom of this page:  https://community.bt.com/t5/Home-setup-Wi-Fi-network/HomeHub-5-and-Cisco-Anyconnect-VPN-Issue/td-p/1....
  • Restarted the router way too many times after each step already mentioned.

The only thing I haven't tried is swapping out the router for another and trying again but I don't have a spare so I'm hoping someone can shed some light on this problem before I do.  I'm guessing it isn't going to help as this feels like a rule somewhere in Plusnet's network or firewall that's interrupting my connection when accessing certain internal sites whilst on a VPN.

Can anyone help?

Thanks,

Bear

18 REPLIES 18
MasterOfReality
Plusnet Help Team
Plusnet Help Team
Posts: 1,640
Thanks: 275
Fixes: 57
Registered: ‎26-03-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

Hi @Bear1 

 

Welcome to the Forums! 

 

Could you initially take a look at this post and see if the fix that was provided works for you as well? 

 

If not, give us a yell and we can progress accordingly. 

 

Thanks, 

MoR

If this post resolved your issue please click the 'This fixed my problem' button
 MoR
 Plusnet Help Team
Bear1
Hooked
Posts: 7
Registered: ‎13-09-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

Hi @MasterOfReality,

Thanks for the response (apologies mine is so late).  I've seen that article and it didn't help - the VPN network I'm connecting to is using a different subnet entirely compared to my LAN subnet (vpn subnet starts with 10.x, my local LAN starts with 192.x).  I'm still experiencing this problem intermittently.  I've taken a closer look at the router log and found a clue - it looks like packets are being blocked for some reason, here is what I'm getting:

BLOCKED 11 more packets (because of Defragmentation failed)
IN: BLOCK [53] Defragmentation failed (Fragmented packet, packet exceeds: UDP [xxx.xxx.xxx.xxx]:443-​>[xx.xxx.xxx.xxx]:51743 on ppp3)
BLOCKED 268 more packets (because of Defragmentation failed)
OUT: BLOCK [53] Defragmentation failed (Fragmented packet, packet exceeds: UDP [xxx.xxx.xxx.xxx]:443-​>[192.168.1.76]:51743 on br0)

(I've skewed the external IP's with 'x's). 

 

This happens whenever I access the certain webpages whilst connected to the VPN.  To me this means my router is blocking these packets but I'm not sure why.  Any idea how to resolve this?

Thanks.

RichardB
Champion
Posts: 886
Thanks: 299
Fixes: 30
Registered: ‎19-11-2008

Re: Plusnet VPN ERR_CONNECTION_RESET

Hi Bear1,
Have you tried turning the PN firewall off, rather than set it to low?
The PN firewall settings for a users account can be accessed from the member centre, connection settings, broadband firewall.
Regards
Richard
Gandalf
Plusnet Help Team
Plusnet Help Team
Posts: 22,111
Thanks: 7,595
Fixes: 1,278
Registered: ‎21-04-2017

Re: Plusnet VPN ERR_CONNECTION_RESET

@Bear1, I'd agree with @RichardB. It may be worth turning the broadband firewall off on your account as the next step. Let us know if you continue to experience problems once you've done this.

If this post resolved your issue please click the 'This fixed my problem' button
 Anoush Mortazavi
 Plusnet Help Team
corringham
Seasoned Pro
Posts: 629
Thanks: 311
Fixes: 7
Registered: ‎25-09-2015

Re: Plusnet VPN ERR_CONNECTION_RESET

What is your MTU set to? It is common for a VPN connection to have a lower MTU (due to the VPN overhead), and packets will get split if the encapsulated packets are too large - i.e. fragmentation.  I use AnyConnect and I notice its MTU is set to 1300.

Bear1
Hooked
Posts: 7
Registered: ‎13-09-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

@RichardB & @Gandalf:  Thanks for your responses.  I've turned off my PN firewall in my member centre and I'm still getting the same result.  Is there some kind of propagation delay when turning my PN firewall off?  Am leaving it off until this problem is resolved.

@corringham:  Thanks for the response.  How do I check this?  Is this setting available in the AnyConnect mobility client?  If this is a server setting I won't be able to change it.  Furthermore, I'm only ever getting this problem when I'm using my Plusnet broadband.  Surely if it was an MTU value problem I would be experiencing the same issue with other broadband providers (which I'm not)?


PS:  I've been travelling with work (hence the late response) and have had to use various broadband providers and not once have I experienced this connectivity issue whilst on the VPN.  I'm afraid if this continues it's probably going to be quicker to switch to another provider :(.

RichardB
Champion
Posts: 886
Thanks: 299
Fixes: 30
Registered: ‎19-11-2008

Re: Plusnet VPN ERR_CONNECTION_RESET

Hi Bear1

I think you might have to drop and reconnect the PPP session with PN to ensure the firewall change is applied.

You should  be able to thus via the routers config pages.

Regards

Richard

Jubby
Plusnet Help Team
Plusnet Help Team
Posts: 626
Thanks: 115
Fixes: 31
Registered: ‎06-08-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

Hi @Bear1,

As per RichardB's response, the connection has to be disconnected and reconnected for the firewall setting change to take effect. The easiest way is to turn your router off then back on.

Let us know how this goes.

Thank you.

If this post resolved your issue please click the 'This fixed my problem' button
 Lewis G
 Infrastructure Operations Professional
Bear1
Hooked
Posts: 7
Registered: ‎13-09-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

@RichardB & @Jubby I turned off my PN firewall in my member centre, then turned off my router completely, waited 5 mins then turned it back on but unfortunately still getting the same result.  As I've done before I've confirmed this by checking the router event log and can see blocked packets / defragmentation failures.

17:51:03, 13 Nov. BLOCKED 12 more packets (because of Defragmentation failed)
17:51:02, 13 Nov. BLOCKED 254 more packets (because of Defragmentation failed)


Any other suggestions?

Thanks.

corringham
Seasoned Pro
Posts: 629
Thanks: 311
Fixes: 7
Registered: ‎25-09-2015

Re: Plusnet VPN ERR_CONNECTION_RESET

Just to check the MTU, if you are using Windows you can go to the Network settings  and view your network settings. If you have AnyConnect up at the time you will see it in the list of networks. There is a setting for "Maximum transmission unit:" (i.e. MTU). For me that is set to 1300 - which is a lot lower than Plusnet's default of 1500. I also use other VPNs, and for those I use 1440 - so it depends on the overheads introduced by the particular VPN you use. I'm not sure how you change it on Windows (I'm a Linux user and only use Windows when I have to), but if you check it and it looks as if it may be the problem let me know and I'll find out how to change it.

Bear1
Hooked
Posts: 7
Registered: ‎13-09-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

@corringham Ok I've found it and the MTU is set to 1406 in the AnyConnect network properties.  Did some reading up on how to determine the correct MTU size for my network and 1406 is pretty much spot on correct.  This is how I worked it out:

 

To determine the correct MTU size I ran a ping test against a resource I normally have an issue with using the following command:

ping [url / local server or IP Address] –f –l xxxx

Where xxxx is the MTU size to test.  I started with 1300 and got 4 successful replies back with no packet loss, kept increasing until I got to 1378 which is the max.  Anything above that value and I get four 'Packet needs to be fragmented but DF set' responses.  From what I've read I need to add 28 on to the max MTU value derived from the ping test for IP/ICMP overheads; therefore:  1378 + 28 = 1406 should be my MTU limit; which it is.

 

So the MTU value doesn't appear to be the cause of this issue. 

Any suggestions?

PS:  Derived the above from:  https://www.sevenforums.com/tutorials/94721-mtu-limit-test-change-your-connections-mtu-limit.html

 

 

corringham
Seasoned Pro
Posts: 629
Thanks: 311
Fixes: 7
Registered: ‎25-09-2015

Re: Plusnet VPN ERR_CONNECTION_RESET

OK, that's ruled the MTU out then. Given the other things you've tried I'm not sure what else to suggest, apart from delving deeper with wireshark. 

EDIT: Actually one more thought - have you checked the router's CPU/memory loading? If it is heavily loaded it might get a bit behind with passing packets?

BryceM61
Newbie
Posts: 3
Registered: ‎10-12-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

@Bear1 - did you ever resolve this?  I seem to have the exact same issue.  Our company VPN is Cisco Anyconnect.  I can connect reliably for the most part but the connection gets strangled after a few seconds.  A speed test using OOKLA demonstrates this.

I also have the defragmentation failed error messages ("BLOCKED 2 more packets (because of Defragmentation failed)"

 

I really need to resolve this or I may have to move ISP.

 

@Jubby

Bear1
Hooked
Posts: 7
Registered: ‎13-09-2018

Re: Plusnet VPN ERR_CONNECTION_RESET

@BryceM61 No, unfortunately I did not.  I have moved over to Sky and no longer have any VPN related issues (I chose Sky because I know it works from having used that provider during my initial troubleshooting to rule out the issue stemming from software on my machine). 

Unfortunately I had no choice but to move - the amount of time it was taking to solve this problem was costing me more than just paying the exit fee and switching.  I exhausted trying to solve this problem with Plusnet's tech team, they unfortunately weren't able to help and referred me to this forum which despite some really good suggestions; didn't help either.

To be fair, it is a complicated problem and near enough impossible to solve over a phone call or without digging into the specifics of Plusnet's network but everyone did a great job trying to help.  The issue you're experiencing seems more aggressive than mine - you're getting nothing down whereas when I ran a speed test I was receiving packets.  It was only when I accessed certain resources on the VPN that I got fragmented packets. 

The only two suggestions I have for you are:

1.  Try tethering to your phone and see if you still get the same problem.  If you do, then it's unrelated to Plusnet.

2.  If you have no problem when tethering, try running through each of the prior posts and run through the various things I tried.  Beyond that the only other suggestion I have (other than moving ISP) is switching out your Plusnet router with a different one (not from Plusnet).  I wouldn't buy one - grab one from a friend to run a test or grab a spare from work if you can.  Swapping out the router to rule out the issue being related to some weird router config is the only thing I didn't try.

PS:  @corringham Thanks for your last post - I couldn't find a diagnostics view to check the router's CPU / memory loading.  Would you mind providing instruction how to view that info for @BryceM61's benefit?  I personally don't think it is an overload issue because I did try lessen the workload on the router by disconnecting every device except my machine (which is connected to the VPN) and I still had the same problem.  I didn't see any errors or warnings in the routers event log about excessive CPU / memory loading.