Jump to content
Not connected, Your IP: 34.235.150.151
C3emfcb0Nzt0xiDj

ANSWERED 10-20% packet loss on AirVPN entry IPs

Recommended Posts

Hi guys,

I'm observing *terrible* performance when I'm connected to AirVPN. I testet multiple servers (Germany, Netherlands, Switzerland).
To debug things I disconnected and just ping'ed around a bit.
So my connection is basically fine. Below 10ms ping to google.de, no lost packets. Same for a couple of other servers.
However, when I ping any of the AirVPN entry IPs, I get 10-20% packet loss.
I'm on german Telekom vDSL 50, using openvpn on Linux.
This seems to have started recently (maybe with the beginning of the Corona crisis?).

I'm not sure how to continue to debug this. Is this a ISP issue?
I'm pretty sure if I call the Telekom they will tell me it's AirVPNs fault - if I manage to get somebody on the line who understands what ping and vpn is.... 😕

Thanks & regards
Simon

$> ping -i 0.2 -W 0.2 -c 100 -q 134.19.179.170
PING 134.19.179.170 (134.19.179.170) 56(84) bytes of data.
--- 134.19.179.170 ping statistics ---
100 packets transmitted, 75 received, 25% packet loss, time 19940ms
rtt min/avg/max/mdev = 56.086/56.708/60.311/0.535 ms


$> ping -i 0.2 -W 0.2 -c 100 -q www.google.de
PING www.google.de (172.217.18.99) 56(84) bytes of data.
--- www.google.de ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19890ms
rtt min/avg/max/mdev = 8.340/8.830/11.517/0.445 ms






Share this post


Link to post

I'm on Telekom Supervectoring 250/40 here, and my performance is very good. It's not an ISP issue.
We need more info about your setup. If you're using Eddie, in Logs tab click the lifebelt icon and paste or upload the output here, please. If not Eddie, then Logs alone. Maybe also write which router you use, could be important.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
@C3emfcb0Nzt0xiDj

It doesn't look like a server or server line problem. You can see from the ping matrix that there is no packet loss between servers in the countries you mention. For a cross-check this is what we see from a couple of  ISPs from Italy:

$ ping -i 0.2 -W 0.2 -c 100 -q 134.19.179.170
PING 134.19.179.170 (134.19.179.170) 56(84) bytes of data.

--- 134.19.179.170 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19869ms
rtt min/avg/max/mdev = 35.528/37.343/50.654/2.551 ms

Another cross-check comes from @giganerd who uses your very same ISP so the matter is quite puzzling. Can you have your ISP perform a remote check on your nearest DSLAM and last mile?

Kind regards
 

Share this post


Link to post

Hi guys,

Thanks for your replies. I will try to get the Telekom onto this.
And also try the standards... restart router, try a different router, restore config, etc.

But in the meantime I did some traceroute'ing.
And it seems to me that the issue is located somewhere around
7  global-layer.amster51.ams.seabone.net (195.22.213.67)  61.165 ms  61.485 ms *
because starting with this node I see dropped packets.


$> traceroute 134.19.179.138
traceroute to 134.19.179.138 (134.19.179.138), 30 hops max, 60 byte packets
1  XXXXXXXX (10.42.13.1)  0.287 ms  0.314 ms  0.362 ms
2  XXXXXXXX (10.42.3.2)  1.398 ms  1.394 ms  1.502 ms
3  62.155.246.161 (62.155.246.161)  6.479 ms  6.532 ms  7.234 ms
4  217.0.198.14 (217.0.198.14)  9.371 ms  9.462 ms  9.619 ms
5  62.157.250.38 (62.157.250.38)  9.782 ms  9.838 ms  9.663 ms
6  ae22.amster51.ams.seabone.net (195.22.213.233)  23.526 ms  22.800 ms  22.362 ms
7  global-layer.amster51.ams.seabone.net (195.22.213.67)  61.165 ms  61.485 ms *
8  185.23.212.7 (185.23.212.7)  77.749 ms !X  72.755 ms !X  72.768 ms !X

Regards
Simon

 

Share this post


Link to post

I can confirm a certain latency difference starting from there, too:

$ sudo traceroute -T 134.19.179.138
traceroute to 134.19.179.138 (134.19.179.138), 30 hops max, 60 byte packets
 1  fritz.box (192.168.110.1)  0.400 ms  0.437 ms  0.481 ms
 2  62.155.242.252 (62.155.242.252)  4.944 ms  4.958 ms  4.956 ms
 3  217.5.116.90 (217.5.116.90)  10.883 ms  11.054 ms  11.056 ms
 4  62.157.250.38 (62.157.250.38)  13.723 ms  13.777 ms  13.780 ms
 5  ae22.amster51.ams.seabone.net (195.22.213.233)  20.015 ms  25.495 ms  20.221 ms
 6  global-layer.amster51.ams.seabone.net (195.22.213.67)  61.690 ms  54.340 ms  54.744 ms
 7  185.23.212.7 (185.23.212.7)  70.447 ms !X  70.470 ms !X  70.470 ms !X

If you can tell me which server this is, I might even check that server myself.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hi giganerd,

It's one of the servers from Austria. Not sure which. I always have the config generator resolve the IPs for me. 😕
But as stated before, this affects many AirVPN IPs, not just that single one.

In this example I ping'ed DE-Frankfurt_Menkalinan:
$> ping -q -c 100 -i 0.2 -W 0.2 141.98.102.226
PING 141.98.102.226 (141.98.102.226) 56(84) bytes of data.
--- 141.98.102.226 ping statistics ---
100 packets transmitted, 81 received, 19% packet loss, time 21ms
rtt min/avg/max/mdev = 50.396/51.710/62.131/1.260 ms

Btw. I can't even get a complete traceroute through to that server at all:
$> traceroute 141.98.102.226
traceroute to 141.98.102.226 (141.98.102.226), 30 hops max, 60 byte packets
1 XXXXXXXXX (10.42.3.2) 0.885 ms 0.844 ms 0.913 ms
2 62.155.246.161 (62.155.246.161) 5.845 ms 5.797 ms 5.764 ms
3 217.5.118.50 (217.5.118.50) 9.263 ms 9.868 ms 10.492 ms
4 62.157.249.186 (62.157.249.186) 54.654 ms 54.658 ms *
5 ae-2.r21.frnkge13.de.bb.gin.ntt.net (129.250.6.41) 63.095 ms 62.955 ms *
6 ae-0.a00.frnkge13.de.bb.gin.ntt.net (129.250.2.25) 56.690 ms * *
7 ae-8-501.a00.frnkge13.de.ce.gin.ntt.net (213.198.52.62) 52.857 ms 52.687 ms *
8 vlan2916.agg1.fra4.de.m247.com (212.103.51.48) 19.470 ms 37.120.220.131 (37.120.220.131) 1
9.691 ms 37.120.220.118 (37.120.220.118) 22.206 ms
9 vlan2919.as11.fra4.de.m247.com (212.103.51.151) 19.904 ms 19.481 ms vlan2917.as11.fra4.de.
m247.com (212.103.51.191) 25.012 ms
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * *^C

But that could be normal.



I want to believe it is a misconfiguration on my end, but I can't find anything in my routers config that could cause this (again Linux+openvpn+custom IPtables+Telekom Speedport Smart 3).
Especially since the drop seems to happen way outside of my local network.
There is no special handling for the AirVPN IPs in my IPtables rules and ping works for all other IPs on the internet I have tested so far.

I will continue to dig around and test different configs on my end.

Thanks & Regards
Simon

Share this post


Link to post

1 $ ping -q -c100 -i0,2 -W0,2 menkalinan.airvpn.org
PING menkalinan.airvpn.org (141.98.102.226) 56(84) bytes of data.

--- menkalinan.airvpn.org ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19938ms
rtt min/avg/max/mdev = 9.692/10.004/10.526/0.185 ms
$
2 $ ping6 -q -c100 -i0,2 -W0,2 2001:ac8:20:98:5307:a6cf:d139:d129
PING 2001:ac8:20:98:5307:a6cf:d139:d129(2001:ac8:20:98:5307:a6cf:d139:d129) 56 data bytes

--- 2001:ac8:20:98:5307:a6cf:d139:d129 ping statistics ---
100 packets transmitted, 96 received, 4% packet loss, time 19868ms
rtt min/avg/max/mdev = 10.231/11.463/14.491/0.589 ms
$
3 $ ping6 -q -c100 -i0,2 -W0,2 2001:ac8:20:98:5307:a6cf:d139:d129
PING 2001:ac8:20:98:5307:a6cf:d139:d129(2001:ac8:20:98:5307:a6cf:d139:d129) 56 data bytes

--- 2001:ac8:20:98:5307:a6cf:d139:d129 ping statistics ---
100 packets transmitted, 92 received, 8% packet loss, time 19882ms
rtt min/avg/max/mdev = 10.746/11.862/14.791/0.965 ms
$
4 $ ping -q -c100 -i0,2 -W0,2 menkalinan.airvpn.org
PING menkalinan.airvpn.org (141.98.102.226) 56(84) bytes of data.

--- menkalinan.airvpn.org ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19858ms
rtt min/avg/max/mdev = 9.691/10.794/13.338/1.038 ms
$
5 $ ping6 -q -c100 -i0,2 -W0,2 2001:ac8:20:98:ba0a:dabc:45a8:c67c
PING 2001:ac8:20:98:ba0a:dabc:45a8:c67c(2001:ac8:20:98:ba0a:dabc:45a8:c67c) 56 data bytes

--- 2001:ac8:20:98:ba0a:dabc:45a8:c67c ping statistics ---
100 packets transmitted, 97 received, 3% packet loss, time 19877ms
rtt min/avg/max/mdev = 10.498/11.469/12.197/0.265 ms

All Menkalinan, of course.
  1. v4 ping entry IP 1
  2. v6 ping entry IP 1
  3. Same as 2 for assurance
  4. Same as 1 for assurance
  5. v6 ping entry IP 3
v4 is good for me, v6 has some packet loss. Let's do a traceroute there:

$ sudo traceroute6 -T 2001:ac8:20:98:5307:a6cf:d139:d129
traceroute to 2001:ac8:20:98:5307:a6cf:d139:d129 (2001:ac8:20:98:5307:a6cf:d139:d129), 30 hops max, 80 byte packets
 1  fritz.box (UGA hidden)  0.793 ms  1.039 ms  1.182 ms
 2  2003:0:8505:e000::1 (2003:0:8505:e000::1)  6.420 ms  6.467 ms  6.472 ms
 3  2003:0:1307:400a::1 (2003:0:1307:400a::1)  12.067 ms  12.070 ms  12.116 ms
 4  2003:0:1307:400a::2 (2003:0:1307:400a::2)  12.118 ms  12.210 ms  12.305 ms
 5  ae-2.r21.frnkge13.de.bb.gin.ntt.net (2001:728:0:2000::189)  16.269 ms ae-2.r20.frnkge13.de.bb.gin.ntt.net (2001:728:0:2000::111)  12.268 ms ae-2.r21.frnkge13.de.bb.gin.ntt.net (2001:728:0:2000::189)  15.925 ms
 6  ae-2.a00.frnkge13.de.bb.gin.ntt.net (2001:728:0:2000::25a)  13.010 ms  10.473 ms  10.369 ms
 7  ae-8-501.a00.frnkge13.de.ce.gin.ntt.net (2001:728:0:5000::57e)  11.474 ms  11.698 ms  11.669 ms
 8  vlan99.agg1.fra4.de.m247.com (2001:ac8:10:10::189)  12.421 ms vlan2981.agg2.fra4.de.m247.com (2001:ac8:10:10::3bb)  12.352 ms vlan2916.agg1.fra4.de.m247.com (2001:ac8:10:10::f30e)  12.408 ms
 9  vlan2917.as11.fra4.de.m247.com (2001:ac8:10:10::2c31)  13.017 ms  13.330 ms *
10  2001:ac8:20:98:5307:a6cf:d139:d129 (2001:ac8:20:98:5307:a6cf:d139:d129)  12.867 ms  12.949 ms *

Latency is good, but the last few hops seem to be wonky there.

Now, how about an Austrian server, since you mentioned it? Alderamin here:

$ ping -q -c100 -i0,2 -W0,2 185.9.19.106
PING 185.9.19.106 (185.9.19.106) 56(84) bytes of data.

--- 185.9.19.106 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19880ms
rtt min/avg/max/mdev = 24.429/24.589/25.339/0.141 ms
$
$ ping6 -q -c100 -i0,2 -W0,2 2001:ac8:29:5::2
PING 2001:ac8:29:5::2(2001:ac8:29:5::2) 56 data bytes

--- 2001:ac8:29:5::2 ping statistics ---
100 packets transmitted, 95 received, 5% packet loss, time 19884ms
rtt min/avg/max/mdev = 21.986/22.463/23.354/0.217 ms
$
$ sudo traceroute -T alderamin.airvpn.org
traceroute to alderamin.airvpn.org (185.9.19.106), 30 hops max, 60 byte packets
 1  fritz.box (192.168.110.1)  0.349 ms  0.389 ms  0.437 ms
 2  62.155.242.252 (62.155.242.252)  4.822 ms  4.941 ms  4.943 ms
 3  217.5.117.129 (217.5.117.129)  10.872 ms  10.920 ms  10.924 ms
 4  ffm-b4-link.telia.net (213.248.93.186)  22.962 ms  23.142 ms  23.144 ms
 5  ffm-bb1-link.telia.net (62.115.114.88)  26.891 ms ffm-bb2-link.telia.net (62.115.114.90)  25.123 ms  25.129 ms
 6  prag-bb1-link.telia.net (62.115.121.119)  33.636 ms  30.876 ms  30.667 ms
 7  win-b4-link.telia.net (62.115.112.199)  26.152 ms  26.790 ms win-b4-link.telia.net (62.115.113.69)  23.726 ms
 8  m247-ic-316932-win-b4.c.telia.net (62.115.146.19)  24.850 ms  25.299 ms  25.278 ms
 9  106.19.9.185.in-addr.arpa (185.9.19.106)  26.697 ms  26.794 ms  26.693 ms
$
$ sudo traceroute6 -T 2001:ac8:29:5::2
traceroute to 2001:ac8:29:5::2 (2001:ac8:29:5::2), 30 hops max, 80 byte packets
 1  fritz.box (UGA hidden)  0.779 ms  1.063 ms  1.206 ms
 2  2003:0:8505:e000::1 (2003:0:8505:e000::1)  5.460 ms  5.549 ms  5.548 ms
 3  2003:0:130b::1 (2003:0:130b::1)  11.926 ms  11.927 ms  11.917 ms
 4  2003:0:130b:11::2 (2003:0:130b:11::2)  57.317 ms  57.283 ms  57.306 ms
 5  eth-26-1-0.pni1.fra2.de.m247.com (2001:ac8:10:10::152)  13.440 ms  13.442 ms  13.654 ms
 6  xe-2-2-0-0.bb2.nyc1.us.m247.com (2001:ac8:10:10::1d0)  13.653 ms  11.693 ms *
 7  te-2-4-0.bb2.vie1.at.m247.com (2001:ac8:10:10::33)  23.257 ms te-5-11-0.bb2.vie1.at.m247.com (2001:ac8:10:10::a175)  23.261 ms te-2-4-0.bb2.vie1.at.m247.com (2001:ac8:10:10::33)  23.709 ms
 8  2001:ac8:29:5::2 (2001:ac8:29:5::2)  23.157 ms  23.732 ms  23.673 ms


Mild packet loss on v6, there, it seems. Traceroute also shows one little timeout on hop 6.

Let's do a server not hosted by M247. Mesarthim for example is with Contabo in Munich:

$ ping -q -c100 -i0,2 -W0,2 mesarthim.airvpn.org
PING mesarthim.airvpn.org (79.143.191.166) 56(84) bytes of data.

--- mesarthim.airvpn.org ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19947ms
rtt min/avg/max/mdev = 15.700/15.843/16.503/0.126 ms
$
$ ping6 -q -c100 -i0,2 -W0,2 2a02:c205:0:1031:79f8:734d:afb7:43c
PING 2a02:c205:0:1031:79f8:734d:afb7:43c(2a02:c205:0:1031:79f8:734d:afb7:43c) 56 data bytes

--- 2a02:c205:0:1031:79f8:734d:afb7:43c ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19855ms
rtt min/avg/max/mdev = 25.722/25.965/26.945/0.190 ms
$
$ sudo traceroute -T mesarthim.airvpn.org
traceroute to mesarthim.airvpn.org (79.143.191.166), 30 hops max, 60 byte packets
 1  fritz.box (192.168.110.1)  0.278 ms  0.310 ms  0.358 ms
 2  62.155.242.252 (62.155.242.252)  4.831 ms  4.826 ms  4.920 ms
 3  217.5.116.102 (217.5.116.102)  10.754 ms  11.503 ms  11.638 ms
 4  62.157.249.170 (62.157.249.170)  11.844 ms  11.852 ms  11.842 ms
 5  ae0.r3.muc3.m-online.net (212.18.6.177)  17.899 ms  17.895 ms  18.059 ms
 6  gw01.contabo.net (93.104.204.34)  18.814 ms  29.022 ms  17.613 ms
 7  166.186.143.79.in-addr.arpa (79.143.191.166)  17.555 ms  17.131 ms  17.577 ms
$
$ sudo traceroute6 -T 2a02:c205:0:1031:79f8:734d:afb7:43c
traceroute to 2a02:c205:0:1031:79f8:734d:afb7:43c (2a02:c205:0:1031:79f8:734d:afb7:43c), 30 hops max, 80 byte packets
 1  fritz.box (UGA hidden)  0.506 ms  0.581 ms  0.647 ms
 2  2003:0:8505:e000::1 (2003:0:8505:e000::1)  4.888 ms  5.000 ms  5.004 ms
 3  dtag-ic-319284-ffm-b4.c.telia.net (2001:2000:3080:104f::2)  11.314 ms  11.485 ms  11.467 ms
 4  * * *
 5  2001:2000:3019:6b::1 (2001:2000:3019:6b::1)  33.992 ms  34.166 ms  34.169 ms
 6  mcn-b2-v6.telia.net (2001:2000:3018:59::1)  33.982 ms  33.272 ms  33.324 ms
 7  gigahosting-ic-138043-mcn-b2.c.telia.net (2001:2000:3080:5eb::2)  22.616 ms *  22.714 ms
 8  2a02:c205:0:1031:79f8:734d:afb7:43c (2a02:c205:0:1031:79f8:734d:afb7:43c)  26.951 ms  27.035 ms  27.034 ms


Looks like there are some mild packet loss issues with M247's IPv6 connectivity, but all in all it works as it should.

Do you have the possibility to test in another network? Even if it's GSM.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hi giganerd,

Thanks for all your help.

I did another test. This time I connected my notebook directly to the Telekom router, bypassing my linux firewall/router entirely (and with it all the possible configuration issues it might have).
No improvement. So this has to be an issue with the Telekom/Speedport.

You got me to a good idea though: use IPv6!

So I ran the same test as you did above:

$> ping6 -q -c100 -i0.2 -W0.2 2001:ac8:20:98:5307:a6cf:d139:d129
PING 2001:ac8:20:98:5307:a6cf:d139:d129(2001:ac8:20:98:5307:a6cf:d139:d129) 56 data bytes
--- 2001:ac8:20:98:5307:a6cf:d139:d129 ping statistics ---
100 packets transmitted, 97 received, 3% packet loss, time 19877ms
rtt min/avg/max/mdev = 10.018/10.967/14.139/0.554 ms


As you can see, there is some packet loss, but by far less than with IPv4.

This is really a weird problem. I have never seen such a thing before.
It feels like some form of rate-limiting. I guess I really have to call the Telekom 😞

I'll keep digging....

Thanks & Regards
Simon

Share this post


Link to post

PS:


That other server you mentioned, Mesarthim in Munich is fine:

ping -q -c100 -i0.2 -W0.2 79.143.191.166
PING 79.143.191.166 (79.143.191.166) 56(84) bytes of data.
--- 79.143.191.166 ping statistics ---
100 packets transmitted, 100 received, 0% packet loss, time 19877ms
rtt min/avg/max/mdev = 16.069/16.709/17.753/0.280 ms

Share this post


Link to post
9 minutes ago, C3emfcb0Nzt0xiDj said:

It feels like some form of rate-limiting. I guess I really have to call the Telekom 😞


If I don't have a problem with IPv4, how come you think Telekom's to blame? Innocent until proven guilty (Rechtsstaatlichkeitsprinzip, by the way ;))
In the router try to disable pretty much all firewall and security stuff temporarily and try again. If you have another router you can check, then do this, even better. We need to rule out everything you own before pointing fingers. But then again, you do seem to have a good connection to Contabo. I'd say "Maybe it's really only the routing to M247?", but then again, I connect there just fine, and our traceroute results suggest we used a similar route on v4 to get to the M247 servers.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hi giganerd,

You are right of course. But strictly speaking the Speedport belongs the Telekom - I did only rent it 😉
I will try resetting it to factory defaults and running a firmware update (it seems there is one available).

Thanks & Regards
Simon

Share this post


Link to post
Just now, C3emfcb0Nzt0xiDj said:

You are right of course. But strictly speaking the Speedport belongs the Telekom - I did only rent it 😉
I will try resetting it to factory defaults and running a firmware update (it seems there is one available).


That doesn't matter much, unless you explicitly didn't get the credentials when you subscribed, though by law ISPs are required to hand them out, even if you rent a router.
But yes, maybe do the update first.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hi giganerd,

I resetted the router to factory defaults (+reboot) and ran firmware upgrade (+reboot).
I tested after each step without improvement.
Now I also disabled all protection functions I could find (+reboot).
For reasons I do not understand the connection to DE-Frankfurt_Menkalinan (141.98.102.226seems to be fine now (0% loss).
But for example 
134.19.179.170 (Austria?) is still bad.

---- 30 seconds later ---- (while I was typing this message)

WTF...
now the connection to 134.19.179.170 is fine too.
in fact all servers I tested before are fine too now.

I have no clue what just happened. oO
But now all pings go though with 0% loss.

So... problem solved?

Thanks & regards
Simon

 

Share this post


Link to post
5 hours ago, C3emfcb0Nzt0xiDj said:

So... problem solved?


No? Your router is Swiss Cheese. Carefully reenable the features one by one again and see after which it starts showing this behavior again. Then leave this one feature disabled until you reenabled all that doesn't cause this behavior.
Maybe even evaluate your life choices regarding the rental of hardware from ISPs. :)

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hi giganerd,
 

17 hours ago, giganerd said:

No? Your router is Swiss Cheese


There were only two functions which I actually could disable:
BotNet protection - it's supposed to redirect http requests to an info website in case my network is infested with a bot
IPv6 privacy - configures when my IPv6 prefix is changed (not really related in my opinion, since I connect with IPv4)

They both did not make me feel particularly unsafe when I disabled them :P 
I re-enabled both functions - no issues (so far).

I could imagine that the botnet protection could possibly interfer with VPN traffic, but it's a wild guess.
It might even only trigger after a certain amount of time or after certain amount of traffic.
The description text says it's based on a blacklist and that it only redirects traffic to port 80, but it does not say if it actually blocks anything.
Leaning even more out of the window here, I could imagine that IPs of a VPN provider easily end up in such blacklists.
But again, this is all speculation.

 
17 hours ago, giganerd said:

Maybe even evaluate your life choices regarding the rental of hardware from ISPs. :)

I strictly speaking do not need the Speedport (except for the DSL modem part). My linux router could do it all by itself, but at that time when my old modem broke down, the Telekom talked me into this. Also I'm switching ISPs "soon" to "Deutsche Glasfaser". So I will not be able to use / do not need a dedicated DSL modem/router any more in the future.
They assured me, that I will just get a plain RJ45 cable which runs ethernet with IPv4/IPv6  and that I will not need any additional hardware on my part (expect for my own router). Lets see if that holds true.

Anyways, thanks for your help and support!
I will report back here should the problem re-appear.

Regards
Simon

 

Share this post


Link to post
1 hour ago, C3emfcb0Nzt0xiDj said:

I could imagine that the botnet protection could possibly interfer with VPN traffic, but it's a wild guess.
It might even only trigger after a certain amount of time or after certain amount of traffic.
The description text says it's based on a blacklist and that it only redirects traffic to port 80, but it does not say if it actually blocks anything.
Leaning even more out of the window here, I could imagine that IPs of a VPN provider easily end up in such blacklists.


Well, if the description is "redirect http requests", then port 80 and maybe also 443 for HTTPS are educated guesses. Not sure about its effectiveness, though.
And yes, the last sentence is possible.
 
1 hour ago, C3emfcb0Nzt0xiDj said:

Also I'm switching ISPs "soon" to "Deutsche Glasfaser".


I envy you. I want it, too, sadly I live in a city which only recently saw an upgrade to Supervectoring. FTTH is therefore a long way ahead.
 
1 hour ago, C3emfcb0Nzt0xiDj said:

They assured me, that I will just get a plain RJ45 cable which runs ethernet with IPv4/IPv6  and that I will not need any additional hardware on my part (expect for my own router). Lets see if that holds true.


This is only insofar true as they provide an ONU (Optical Network Unit) – the device which converts between optical signals from the GPON and electical (Ethernet) signals. In Telekom's FTTH implementation I only ever saw a separate, fixed ONU to which you connect a router of your choice on its WAN port. But I hear the most expensive Speedports also feature a fibre interface.
And as you say, DG outlines that any device capable of WAN can be used to connect to their network, which means they will certainly provide the ONU, if it's not already installed at your place, which it usually is. Makes me wonder why AVM pushed out two fibre models for AON and GPON, respectively.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
7 hours ago, giganerd said:

I envy you. I want it, too, sadly I live in a city which only recently saw an upgrade to Supervectoring. FTTH is therefore a long way ahead.

Yeah, I ordered the full 1GBE flatrate 🙂
Only days later, the Telekom upgraded me to vDSL 50 (free of charge) and the Speedport started to report 250MBit/s downstream - so I guess this means I'm also on Supervectoring? but can't use it due to my contract.
But I wonder how the entire crisis now affects their schedule. They wanted to start drilling this month...
7 hours ago, giganerd said:

But I hear the most expensive Speedports also feature a fibre interface.

I have an old enterprise grade switch (IBM 48-ports) as backbone on my network. It also features two 10GBE SFP+ ports. So I could simply buy a cheap 1GBE fibre transceiver from ebay and plug in the fibre cable directly.
But I would rather use them as uplink for my file-server and/or a second switch at some point in the future.... 🙂
The guy on the phone was like "You need a router from us dude to get full speed.", then I told him about my setup.... at first there was some silence, then he just said "Ok... that will work too" :P

Have a nice day! And lets hope you get FTTH soon too.

Regards
Simon

Share this post


Link to post
7 hours ago, C3emfcb0Nzt0xiDj said:

Yeah, I ordered the full 1GBE flatrate 🙂


*cries in DSL*
May I ask where you live?
7 hours ago, C3emfcb0Nzt0xiDj said:

Only days later, the Telekom upgraded me to vDSL 50 (free of charge) and the Speedport started to report 250MBit/s downstream - so I guess this means I'm also on Supervectoring? but can't use it due to my contract.


It only means that DSL synchronized with a DSL profile fit for Supervectoring, which also means that you are technically using Supervectoring hardware (router, DSLAM, etc.), but yes, you are being throttled to what you subscribed.
7 hours ago, C3emfcb0Nzt0xiDj said:

The guy on the phone was like "You need a router from us dude to get full speed.", then I told him about my setup.... at first there was some silence, then he just said "Ok... that will work too" :P


Usually support deals with amateurs, or those who call themselves knowledgable on the phone while making beginners' mistakes at the same time. So the Speedport is natually the only router able to maximize throughput, also because it comes with Telekom support – makes it easier to QoS for this group of people.
It's rare you find someone like you building Enterprise-grade home networks, and those people hardly ever call support. If they build networks like that, they don't need support. :D

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...