Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19
  1. #11
    Master Untangler
    Join Date
    Oct 2013
    Posts
    260

    Default

    FWIW, I had issues with my Google Home Mini with the Web Cache app turned on.

    I was testing out Web Cache and the specific issue I'm having is if I ask Google Home to play something like news, music from Spotify, etc., whatever it's playing cuts out randomly after a few seconds.

    Problem disappeared if I add a bypass rule for the GH Mini in Untanlge, or if I turn off Web Cache. I opted to do the latter.

  2. #12
    Untangler
    Join Date
    Aug 2018
    Posts
    55

    Default

    Have you tried bypassing these devices?
    Even if that is not the desired final configuration, it is the quickest way to determine if any of the layer7 filtering is causing your issues.
    https://support.untangle.com/hc/en-u...roubleshooting

  3. #13
    Newbie
    Join Date
    Nov 2020
    Posts
    10

    Default

    Quote Originally Posted by tcurtis View Post
    Have you tried bypassing these devices?
    Even if that is not the desired final configuration, it is the quickest way to determine if any of the layer7 filtering is causing your issues.
    https://support.untangle.com/hc/en-u...roubleshooting
    I totally get the logic behind the suggestion, but since the devices are not getting an IP, I can't bypass via IP and I'm not too sure what tcp/udp ports would need to be bypassed if I did it by port.

    I did not have luck with tcpdump as suggested by another forum member, however that said I'm going to give that another go tonight or tomorrow. There's a lot of traffic so it's possible I missed the data I was looking for. Would it be a fair conclusion that if I don't see anything using a packet analyzer on the untangle internal interface that somehow the problem lies prior to untangle (layer 3?)? I don't really feel super comfortable with understanding the OSI layers how they work, and when they work, so perhaps I'm drastically over simplifying.

    Would like to hear/learn more about how something like this can be diagnosed. Worst case scenario, I'll spin up another VM with a vanilla Untangle deployment and start fresh to make sure that there isn't some setting I accidentally messed up. Just hard to understand how it isn't untangle or my VM configuration since sophos is working.

    BTW, to the other contributor that mentioned turning off web cache, did that. In fact, ALL apps/services are not disabled except for failover and load balancing during this troubleshooting.
    Last edited by NGIAC; 12-02-2020 at 07:41 PM.

  4. #14
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    The command I gave you only flags DHCP traffic, it should be fairly calm. If you aren't seeing a DHCP request happen when a device powers up, then it's a layer 2 issue. That means something in the switching between the device and Untangle is preventing communications. How... why... I have no idea. But if the DHCP request makes it to Untangle, it'll be answered and the device comes online. The tcpdump command I gave you will show that too.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  5. #15
    Untangler
    Join Date
    Aug 2018
    Posts
    55

    Default

    Quote Originally Posted by NGIAC View Post
    I totally get the logic behind the suggestion, but since the devices are not getting an IP, I can't bypass via IP and I'm not too sure what tcp/udp ports would need to be bypassed if I did it by port.
    Apologies as I missed the not getting IP part. Other than a tcpdump, you can also grep for the mac addresses in syslog, or look for all DHCP logs in syslog. You will then see if the Untangle ever gets the DHCP requests and what is happening with those.

  6. #16
    Newbie
    Join Date
    Nov 2020
    Posts
    10

    Default

    Okay, we've got some progress here. I reset all my equipment and made a change to the SSID policy to a wpa3, then back to the original wpa/wpa2 auto. The Google Assistant devices are now receiving an IP, but they are still not connecting to Google services.

    I picked one of the devices at 192.168.1.134 and ran tcpdump against it on the internal interface (ETH0 in my case). Output is attached.

    I also added the bypass rule for 192.168.1.134 for both source and destination which did not seem to make any difference.


    https://drive.google.com/file/d/1pHK...ew?usp=sharing


    134.PNG

    bypass.PNG
    Last edited by NGIAC; 12-03-2020 at 08:58 AM.

  7. #17
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    You don't need the bypass rule for destination address, unless you're forwarding ports to the devices... which I doubt.

    The source bypass may or may not be required, but I am a bit confused as to what's wrong. The TCPDump you posted clearly shows a device on the IP you've bypassed accessing the Internet all over the place. It's "working".

    08:29:45.392631 IP 192.168.1.134.44068 > 172.217.11.227.443: Flags [S], seq 3729410038, win 65535, options [mss 1460,sackOK,TS val 4294939558 ecr 0,nop,wscale 6], length 0
    08:29:45.403459 IP 172.217.11.227.443 > 192.168.1.134.44068: Flags [S.], seq 397452191, ack 3729410039, win 65535, options [mss 1430,sackOK,TS val 2255203095 ecr 4294939558,nop,wscale 8], length 0
    That's an HTTPs request from your device, to a Google web server, and a response, all good.

    And with the bypass in place, no filter rules in Untangle can be in the mix. Untangle is now a *nix router like any other, with little to no intelligence. Suggesting it's not working would also suggest the device isn't compatible with a *nix based router, which is impossible because everything that routes practically is *nix based.
    Last edited by sky-knight; 12-03-2020 at 10:07 AM.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  8. #18
    Newbie
    Join Date
    Nov 2020
    Posts
    10

    Default

    Quote Originally Posted by sky-knight View Post
    You don't need the bypass rule for destination address, unless you're forwarding ports to the devices... which I doubt.

    The source bypass may or may not be required, but I am a bit confused as to what's wrong. The TCPDump you posted clearly shows a device on the IP you've bypassed accessing the Internet all over the place. It's "working".



    That's an HTTPs request from your device, to a Google web server, and a response, all good.

    And with the bypass in place, no filter rules in Untangle can be in the mix. Untangle is now a *nix router like any other, with little to no intelligence. Suggesting it's not working would also suggest the device isn't compatible with a *nix based router, which is impossible because everything that routes practically is *nix based.

    Thanks for the response Rob. Yup, everything would appear to be working, but it isn't. Many of the same devices (some on different firmware) all showing similar behavior. I can connect to the device via the admin tool, but all devices show a "Cannot connect to internet" message and do not function.

    So I guess it's a pretty good mystery at this point why untangle isn't playing nicely with these Google Assistant devices. Will update any progress I make.

  9. #19
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,172

    Default

    Are the devices actually incapable of browsing? The tests various things use to get offline often depend on a specific web resource that can be unavailable from time to time due to all sorts of issues beyond our control.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2