Skynet Big trouble need help

  • ATTENTION! You'll notice a Prefix dropdown when you create a thread. If your post applies to one of the topics listed, please use that Prefix for your post. When browsing the thread list you can use the Prefix to filter the view.
  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

David Donlin

Occasional Visitor
I have a AX86 and several ac68u thst I use as access points, not using AI mesh, all with latest firmware. Yesterday I think,suspect a virus got loose in the network. I can not browse the web from any wifi or wired connection. I have a collection linux desktops, ipads iphones, android phones. The ax86 is connected to isp, speed tests show full bandwith available, network tools show completed pings, traceroute show completed journeys. through the network tool menu. I can however browse through a vpn to sites. The Ax86 has skynet, shows normal activity, unbound, vnstats on it all working nicely. I need ideas, help on solving this one, so I reaching out to the community. Is nuking everything my only option? Thanks in advance for any help. :)
 

ColinTaylor

Part of the Furniture
Is it only "browsing" that's effected? Can you ping 8.8.8.8 from any client?
 

Adooni

Senior Member
try use firefox and SRWare Iron - not sure what you are using but I had in the past challenge with google chrome and just stopped to use it.

8.8.8.8 is google DNS therefore I stopped to use browser that have it implemented.
 

David Donlin

Occasional Visitor
I've tried firefox,ungoogled chromium and Vivaldi, same results. but will look at sr iron one I'm back up
 

ColinTaylor

Part of the Furniture
Only from VPN connected clients
It is my browsing that is only effected
Sorry, I can't understand what you're describing.

Is it,
1. Effecting browsing only on all clients
2. Effecting browsing only on VPN clients only
3. Effecting browsing and ping on all clients
4. Effecting browsing and ping on VPN clients only

Check that DNS name resolution is working on the effected clients.
 

cptnoblivious

Regular Contributor
First, your description isn't great (no offense). You have not indicated why you think that a 'virus got lose'.
  • Do you have hits on AV software showing activity?
  • Did you run malwarebites or other analysis software to check systems?
    • Did you check system logs on either the clients or the router?
  • Why do you say "virus" but tag 'skynet?
    • Does skynet show a large number of outbound packets being blocked?
    • Why would a virus block web traffic but allow VPN traffic?
  • Finally, and maybe most importantly what was the last change you made to your network? What's set to 'auto update' that could impact your name resolution
Second, have you tried taking one node, resetting it to factory and connecting it (only) to your modem to see if you can get a single system to communicate with websites NOT using the VPN?

Finally, have you tried just doing an nslookup both on and off the VPN to see what answers you get?
 

David Donlin

Occasional Visitor
First, your description isn't great (no offense). You have not indicated why you think that a 'virus got lose'.

My son was complaning about not being able to connect to wifi on phone/laptop a more involved conversation revived that he downloaded suspect files.
  • Do you have hits on AV software showing activity? no
  • Did you run malwarebites or other analysis software to check systems? yes appears to be clean
    • Did you check system logs on either the clients or the router? yes
  • Why do you say "virus" but tag 'skynet? I didn't tag skynet, was probably placed in wrong bucket, my bad.
    • Does skynet show a large number of outbound packets being blocked? no
    • Why would a virus block web traffic but allow VPN traffic? don't know, above my paygrade as they say
  • Finally, and maybe most importantly what was the last change you made to your network? What's set to 'auto update' that could impact your name resolution I had to change the sip setting in nat passthrough for voip to work but I restored it back to the original setting.
Second, have you tried taking one node, resetting it to factory and connecting it (only) to your modem to see if you can get a single system to communicate with websites NOT using the VPN? Currently working on that.

Finally, have you tried just doing an nslookup both on and off the VPN to see what answers you get?
the same answer.
[email protected]:~$ nslookup microsoft.com
Server: 127.0.0.53
Address: 127.0.0.53#53

Non-authoritative answer:
Name: microsoft.com
Address: 13.77.161.179
Name: microsoft.com
Address: 104.215.148.63
Name: microsoft.com
Address: 40.76.4.15
Name: microsoft.com
 

Khadanja

Senior Member
@David Donlin Anything in system logs? What does Network Map Internet icon shows for devices?
 

David Donlin

Occasional Visitor
It was showing either wifi icon with an x or an Exclamation Mark ! But I think I figured it out by taking cptnoblivious suggestion and rebuilding from scratch. So far so good been up about 3 hours we'll see. Thanks everyone for your help. Still would like to know how and why. All machines and all access points, bizarre !

 

cptnoblivious

Regular Contributor
@David Donlin glad that it's working so far. You may never know what caused it, though my first guess is that something broke name resolution. Though, based on your detailed response to my earlier post, I didn't see anything in there that would have changed it.

Hopefully you'll be able to get everything back up and running normally now that you're starting with a clean install :)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top