Intermittent connection issues loading/changing site- secure connection failed/site can't be reached

EDIflyer · ‎10-22-2023

Is anyone else occasionally getting a 'connection down' error from Chrome (or 'Secure Connection Failed' from Firefox) when changing page - if I hit refresh it works fine. At first I wondered if it was the site I was using but have noticed it on multiple different major websites over the past couple of months and not noticed it from other locations where I don't use Three Broadband so does seem to be related to the router/connection (this is via wired Ethernet too, so not a WiFi problem). I've tried changing DNS server in case that helps but no difference.

It mainly seems to happen when trying to first load a site or (annoyingly) at checkout when a different site is being loaded as part of the checkout process. It certainly doesn't happen everytime but does happen with reasonable frequency. I've also noticed I often get it when trying to pull/push from/to Github too and have to do so a number of times for it to work (browsing the Github website works fine).

I'm using a NR5103E with Firmware Version V1.00(ACBJ.0)b14 - I tried rebooting it but to no effect.

fashric · ‎05-12-2024

I'm even getting the error trying to connect to this page.....

Midnight54 · ‎05-13-2024

duckduckgo search engine is also a regular site that will fail and need a few reloads to get to work for a period of time, although once working, works for a period of time until go back and revisit it sometime later when fails again (PR_END_OF_FILE_ERROR in Firefox). The debrid service is the most consistent thing that basically fails/download cycles fully as per previous message. Banking has been an issue too intermittently, since this past week or so......damn you Three, roll back whatever the hell you've been changing, it was overall a great service for 18+ months here and now its gone from 5* to 1*

AkiTaiyo · ‎05-14-2024

These are all the direct URLs mentioned as failing on this thread so far.. This doesn't include the non-url metions such as banking apps, xbox sign in, smart TV apps etc..

www.jdoqocy.com
www.topcashback.co.uk
retail.santander.co.uk
github.com
raw.githubusercontent.com
ghcr.io
portal-ww.ecouser.net
www.skyscanner.net
malkoffdevices.com
www.netomnia.com
diy.com
royalmail.com
duckduckgo.com
inews.co.uk
news.sky.com
visualstudio.microsoft.com
new.three.co.uk

bytespider · ‎05-14-2024

Since I have access to a large number of media and news outlet URLs I thought I would run the top 100 with @wgen's script.

news.yahoo.com 6/20
style.yahoo.com 4/20
road.cc 11/20
respectyou.me 12/20
thesethreerooms.com 1/20
www.liverpoolecho.co.uk 1/20
metro.co.uk 1/20
www.gazettelive.co.uk 1/20

Granted these could just be adding noise to the issue.

wgen · ‎05-14-2024

If anyone wants to check this issue, they can run this script I've done to check if a website is affected.

Bash and curl are required.

Run it as follows:
$ ./script.sh https://www.topcashback.co.uk

#!/bin/bash

check_ssl_error() {
    response=$(curl -s -o /dev/null -w "%{errormsg}" "$1")

    if [ -z "$response" ]; then
        echo "Success";
    else
        echo "Error - $response";
    fi
}

echo "---"
echo "Testing: $1";
echo "---"

fail=0

for i in $(seq -f "%02g" 01 20); do
    result=$(check_ssl_error "$1")

    if [ "$result" != "Success" ]; then
        ((fail++))
    fi

    echo "Attempt $i: $result"

    sleep 0.5
done

echo "---"
echo "SSL Errors: $fail/20";
echo "---"

JonathanB · ‎05-14-2024

Thanks @wgen I've highlighted this feedback to our tech teams.

Mod tip! The author of a post can hit 'Accept as Solution', to highlight a reply that helped solved their query.

EDIflyer · ‎05-16-2024

Really useful script, thanks @wgen - the weird thing is trying it today I'm not getting the usual errors - it's as if something has changed. Is anyone else noticing this?

Midnight54 · ‎05-22-2024

I've just enabled dev mode and enabled linux for windows, installed ubuntu but I seem to be getting the following error when running "./script.sh https://www.topcashback.co.uk".... any ideas?

I'm not familiar with linux much however

./script.sh https://www.topcashback.co.uk
./script.sh: line 2: $'\r': command not found
./script.sh: line 3: syntax error near unexpected token `$'{\r''
'/script.sh: line 3: `check_ssl_error() {

Midnight54 · ‎05-22-2024

to answer myself - figured out, have to convert with dos2unix to get rid of carriage returns (how archaic for things to be so fussy 🙂

However - as of right now - I'm trying it and its not giving me errors - router has been not been rebooted and uptime of 43hours - so wonder if either coincidence, or the issue lesser later at night, or if something has changed over the past hour or so while I've been messing about - as at mo touch wood the websites i'm trying are working

toaster · ‎05-15-2024

Ok, this might be a long post. I've been lurking here for a while hoping to see a resolution to this problem. As we've been asked to provide more information, I decided to do a bit of digging...

Firstly, I'm not a network engineer so bear that in mind.

I've been seeing the same issues connecting to a variety of sites since before Christmas. I don't think it's isolated to specific sites. I think all sites can experience this behaviour. I'm not 100% sure that it only affects https either. I've been seeing similar issues with plain http connections - I think https failures just have a more distinctive error.

I started testing connecting to Github with curl. I was getting failures around 0.5% of the time. Capturing the packets on the client (on Three BB), I was able to see a distinctive pattern which looked like the server was completing the 3-way handshake and then immediately sending FIN-ACK to close the connection while the client was starting the TLS Client Hello. I couldn't see any reason for this to happen when nothing was being changed between requests.

To dig further, I set up an https server running nginx on AWS with a lets encrypt cert. I was able to get the same failures about 0.5% of the time.

I decided to capture the packets on the client and on the server to compare them.

Some interesting things came to light:

The TTL changes from 64 -> 60 for packets going from server to client (suggesting 4 hops) but from 64->46 for packets going to the server (suggesting 18 hops). Either packets are routed differently or something is rewriting the TTL
Other parts of the packets change between being sent by the sender and being received. Specifically the timestamp values change which could be indicative of some stateful appliance in the middle using that data to keep track of the sessions.
For failing connections: To the server, it looks like the FIN-ACK is first received from the client. To the client, it looks like the server sends the first FIN-ACK.
For failing connections, the client sends the expected TLS Client Hello, but this is never received by the server. The client receives an ACK to that Hello but the server never sends one. I believe this missing communication is with something that sits between the two parties.

What I think is happening is that something in the middle is intercepting the Client Hello, sending an ACK back to the client, then initiating the connection close by sending the FIN-ACK to the client, which responds to the server with FIN-ACK etc...

I'm not sure if this is a single bad configuration in a cluster of middleware/firewalls or if something in a request occasionally trips a rule that makes a firewall decide to end the connection.

@JonathanB I have the wireshark-compatible packet captures. Please let me know how you'd like me to send them to you.