Why do some sites not work when YOTA is connected to the router?

A

aLd_Hangmany2014-07-15 21:14:17

Yota

aLd_Hangmany, 2014-07-15 21:14:17

Good day!
I have a problem that I can not solve for a month. In fairness, it's worth noting that I did not spend more than three hours a week on it and I am not an expert in this field, which makes it quite difficult to find a solution.
The problem is that when I connect a Yota modem (Yota WLTUBA-107) to my ASUS AC66U router, some sites are unstable, and some do not work at all. For example, the omnibox in Chrome sometimes stops prompting queries, and when you try to search directly from the site, the connection hangs in the pending state ("Waiting for www.google.ru"). After a few minutes (from 2 to 5), the search engine will start working stably for a certain unpredictable time. The same thing happens with Yandex. Sites of some services, such as TeamLab or Steam, can take a very long time to load, to the point that the browser shows that the page is not available. And, for example, Alfa-Click (Internet bank from Alfa-Bank) never displays the page for entering a one-time password at all. These are the most striking examples. On the whole,
At first I thought that the problem was in the signal level, but then I noticed that connecting a VPN to any server, be it in Moscow or Stockholm, instantly solves the problem - all sites and services start working without delays and breaks. The same thing happens when I connect the modem directly to my laptop.
I suspect that somehow the router sends unnecessary requests or drops connections when there are too many of them, which prevents normal operation.
What could be the matter and where should I dig to solve this problem?
Thank you!
UPD:
Unfortunately, this router does not have MTU settings when using a 3G / 4G modem.
I applied a cardinal solution - I replaced the router with Asus N65, which instantly starts working with Yota out of the box.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

throughtheether, 2014-07-15
@aLd_Hangmany

What can be wrong

I assume that the matter is in the wrong MTU value (more precisely, MSS in TCP segments). It can be generated by excessive firewall settings (discards "Fragmentation needed" ICMP packets, which is why the determination of the minimum MTU on the packet's path, "Path MTU discovery" does not work). Here is an article that gives an idea.

and where to dig

Allow ICMP "Fragmentation needed" (Type 3, Code 4) packets to pass through in the router's firewall settings. If there is a "clamp MSS" option in the WAN port/modem settings, activate it. If there is an option "set MSS" - set (temporarily) a value around 1000. Observe the situation.
You can, if you wish, use wireshark. To do this, take a traffic dump (in .pcap format) when opening a problematic site through a browser (only you do not need to enter your passwords) when connecting through a router and when connecting directly. Post it here.
Another option is a collective farm "security solution" on the router - IDS, IPS, UTM and so on. It could very well be that the device is trying to look for signatures in HTTP traffic (although google, to my knowledge, uses HTTPS even on the search page), hogging the CPU. When using a VPN, the device does not see such traffic, it uses resources more rationally. It's worth checking your security settings.
There are other options, but for now it is wiser to check the relevance of the above.

D

Disen, 2015-01-29
@Disen

I also recommend looking here. The operators are different, but the symptoms are similar .