New Install - Having Trouble with Google Assistant

[oj88]

FWIW, I had issues with my Google Home Mini with the Web Cache app turned on.

I was testing out Web Cache and the specific issue I'm having is if I ask Google Home to play something like news, music from Spotify, etc., whatever it's playing cuts out randomly after a few seconds.

Problem disappeared if I add a bypass rule for the GH Mini in Untanlge, or if I turn off Web Cache. I opted to do the latter.

[tcurtis]

Have you tried bypassing these devices?
Even if that is not the desired final configuration, it is the quickest way to determine if any of the layer7 filtering is causing your issues.
https://support.untangle.com/hc/en-u...roubleshooting

[NGIAC]

Have you tried bypassing these devices?
Even if that is not the desired final configuration, it is the quickest way to determine if any of the layer7 filtering is causing your issues.
https://support.untangle.com/hc/en-u...roubleshooting

I totally get the logic behind the suggestion, but since the devices are not getting an IP, I can't bypass via IP and I'm not too sure what tcp/udp ports would need to be bypassed if I did it by port.

I did not have luck with tcpdump as suggested by another forum member, however that said I'm going to give that another go tonight or tomorrow. There's a lot of traffic so it's possible I missed the data I was looking for. Would it be a fair conclusion that if I don't see anything using a packet analyzer on the untangle internal interface that somehow the problem lies prior to untangle (layer 3?)? I don't really feel super comfortable with understanding the OSI layers how they work, and when they work, so perhaps I'm drastically over simplifying.

Would like to hear/learn more about how something like this can be diagnosed. Worst case scenario, I'll spin up another VM with a vanilla Untangle deployment and start fresh to make sure that there isn't some setting I accidentally messed up. Just hard to understand how it isn't untangle or my VM configuration since sophos is working.

BTW, to the other contributor that mentioned turning off web cache, did that. In fact, ALL apps/services are not disabled except for failover and load balancing during this troubleshooting.

[sky-knight]

The command I gave you only flags DHCP traffic, it should be fairly calm. If you aren't seeing a DHCP request happen when a device powers up, then it's a layer 2 issue. That means something in the switching between the device and Untangle is preventing communications. How... why... I have no idea. But if the DHCP request makes it to Untangle, it'll be answered and the device comes online. The tcpdump command I gave you will show that too.

[tcurtis]

I totally get the logic behind the suggestion, but since the devices are not getting an IP, I can't bypass via IP and I'm not too sure what tcp/udp ports would need to be bypassed if I did it by port.

Apologies as I missed the not getting IP part. Other than a tcpdump, you can also grep for the mac addresses in syslog, or look for all DHCP logs in syslog. You will then see if the Untangle ever gets the DHCP requests and what is happening with those.

[NGIAC]

Okay, we've got some progress here. I reset all my equipment and made a change to the SSID policy to a wpa3, then back to the original wpa/wpa2 auto. The Google Assistant devices are now receiving an IP, but they are still not connecting to Google services.

I picked one of the devices at 192.168.1.134 and ran tcpdump against it on the internal interface (ETH0 in my case). Output is attached.

I also added the bypass rule for 192.168.1.134 for both source and destination which did not seem to make any difference.


https://drive.google.com/file/d/1pHK...ew?usp=sharing


134.PNG

bypass.PNG

[sky-knight]

You don't need the bypass rule for destination address, unless you're forwarding ports to the devices... which I doubt.

The source bypass may or may not be required, but I am a bit confused as to what's wrong. The TCPDump you posted clearly shows a device on the IP you've bypassed accessing the Internet all over the place. It's "working".

08:29:45.392631 IP 192.168.1.134.44068 > 172.217.11.227.443: Flags [S], seq 3729410038, win 65535, options [mss 1460,sackOK,TS val 4294939558 ecr 0,nop,wscale 6], length 0
08:29:45.403459 IP 172.217.11.227.443 > 192.168.1.134.44068: Flags [S.], seq 397452191, ack 3729410039, win 65535, options [mss 1430,sackOK,TS val 2255203095 ecr 4294939558,nop,wscale 8], length 0

That's an HTTPs request from your device, to a Google web server, and a response, all good.

And with the bypass in place, no filter rules in Untangle can be in the mix. Untangle is now a *nix router like any other, with little to no intelligence. Suggesting it's not working would also suggest the device isn't compatible with a *nix based router, which is impossible because everything that routes practically is *nix based.

[NGIAC]

You don't need the bypass rule for destination address, unless you're forwarding ports to the devices... which I doubt.

The source bypass may or may not be required, but I am a bit confused as to what's wrong. The TCPDump you posted clearly shows a device on the IP you've bypassed accessing the Internet all over the place. It's "working".



That's an HTTPs request from your device, to a Google web server, and a response, all good.

And with the bypass in place, no filter rules in Untangle can be in the mix. Untangle is now a *nix router like any other, with little to no intelligence. Suggesting it's not working would also suggest the device isn't compatible with a *nix based router, which is impossible because everything that routes practically is *nix based.

Thanks for the response Rob. Yup, everything would appear to be working, but it isn't. Many of the same devices (some on different firmware) all showing similar behavior. I can connect to the device via the admin tool, but all devices show a "Cannot connect to internet" message and do not function.

So I guess it's a pretty good mystery at this point why untangle isn't playing nicely with these Google Assistant devices. Will update any progress I make.

[sky-knight]

Are the devices actually incapable of browsing? The tests various things use to get offline often depend on a specific web resource that can be unavailable from time to time due to all sorts of issues beyond our control.