BSNL FTTH Bharat Fiber Broadband has problems after connecting to VPN

[sibidas]

Hi,

I am facing an issue with my BSNL fiber connection. After connecting to my office VPN, I am not able to access internal or external sites. I am able to ping though. I have also raised concern with BSNL team. my office IT team is telling it is a problem with the router that is shipped with BSNL connection. But I have not gotten any confirmation from bsnl team. They asked for traceroute details, which I provided. Anybody else facing similar issues using vpn through BSNL?

 

[vishalrao]

Do you have firewall setting in your fiber modem ont then set it to low or off.

 

[Saurabh Bagchi]

Yes I do. I tried by turning it low too. Still not working.

 

[burrow]

I am facing a similiar issue. I am not able to connect to my Office openVPN running over port 7134 ( not sure if port is relevant here ) But iam able to connect to another openVpn located else where which is running on port 443.
The issue with the former is exactly like mentioned here
I am able to ping IP address and even domains, so does that mean resolving is working here ?
Trace route works fine.
But in the browser it just stays loading, or it says err_connection_reset or changed.. or some protocol error..
I am running C6 (with openwrt on it ) with Netlink in bridged mode.
DNS is 8.8.8.8.. i tried 1.1.1.1 too but the result were the same.
So is there any thing i need to do in openwrt to get this thing fixed.. @varkey ..any clue ?..
I tried opening adding exception rule for this port in router but that didnt solve anything.

 

[swiftwind]

Try lowering the mtu to 1300 and try. I was troubleshooting a similar issue and noticed bsnl router was messing with pmtu discovery on the clients. even though the mtu test shows 1472 is a valid mtu for the modem it was acting up with the VPN tunnel.

 

[burrow]

@swiftwind i see, Thanks for the input.. i tried values from 1300 to 1492, nothing seems to get the VPN working. 😇 .. Seriouslyconsidering keep my old bsnl broadband as backup, atleast i didnt have issues like this with that. I was assuming FTTH and BB goes through same series of firewalls and infra in their end.

One more query, when i messed up with MTU, i could get Connection reset issue in chrome very very frequently, its like i hit a webpage it returns connection reset -> then refreshes and shows me the content.. So is this the sign of low mtu value or high mtu value ?

 

[swiftwind]

Mostly high mtu value. If you have a android tv and Netflix app on it, try testing the streaming. If you are having no issues with the stream it shows mtu is clear. Its a crude way to validate the issue as the android tv Netflix app is very sensitive to packet fragmentation

 

---

[burrow]

I reduced the MTU and it seems to have fixed the connection reset issues and i had few docker containers running which seems to be fighting with my network somehow.. When i stopped them the issue reduced further. But VPN still remains the same.

But now i have found some interesting observations
I can connect to openvpn running on port 443
I cannot connect to openvpn running on port 7134
i can connect to openvpn running on port 7134 from same machine when its connected to different internet ( Just making sure my ubuntu is fine )
Now is the interesting part, i reverted back my Netlink to router mode and connected directly to it and i CAN connect to VPN..
So i guess something in my openwrt c6 wrong.. working on hunting that part now.

 

[vishalrao]

@burrow i dunno if already suggested but if your C6 has firewall setting you set it to low or disabled? or maybe a PPTP/L2TP passthrough setting?

 

[burrow]

@vishalrao I am running openwrt on C6. So far what i have did is in the firewall traffic rule, i created a new rule that allows traffic over PORT 7134 from wan to lan. Am i supposed to do anything else here ?.. I am not an expert in networking 🙂 just a beginner trying out stuffs

 

[vishalrao]

@burrow instead of "from wan to lan" try the opposite setting? "from lan to wan" for port 7134 ?

 

[vishalrao]

i dont use openwrt myself though 😀

 

[anupkumar99]

Any update on this guys?

 

[Sabarish]

Hi,
I am troubled with the same issue. Could connect to Global protect effortlessly but relevant pages are not opening but is working fine with Mobile 4G. Plz share how to resolve this.
Thanks

I'm also facing same issue. If it's get resolved kindly help me to sort it. My gmail id: 'natureindian01@gmail.com'.

 

[Deepak1991]

Hi guys I am facing this issue too. When I am connected to global protect VPN some internal and external websites are not opening. The ont device I am using is of Syrotech. I am able to ping the server but not able to browse.Any help is really appreciated.

 

[sanjaymv]

I am also facing the same issue. I had just changed from bsnl broadband to fiber one. I have played with different MTU size and it does not work. After taking a tcpdump (Dont know if that is relevent or not 🙂) could see the following

office_vpn.4501 > 192.168.1.102.62986: UDP, bad length 1444 > 1432

. Can someone please let me know if this can cause packet loss or something.
VPN client: global protect, modem: genexis platinum 4410. OS: MacOS 10.15.6