Can't access one site via router: "Connection was reset [or lost]"

  • ATTENTION! As of November 1, 2020, you are not able to reply to threads 6 months after the thread is opened if there are more than 500 posts in the thread.
    Threads will not be locked, so posts may still be edited by their authors.
    Just start a new thread on the topic to post if you get an error message when trying to reply to a thread.

brec

Regular Contributor
RT-AC86U with 386.3.

Same problem with 386.2_4 before upgrading to 386.3.
Same problem with Diversion and Skynet temporarily disabled.

Any attempt to access http://www.leg.state.nv.us/ (Nevada, U.S., legislature) via any of three browsers on a Mac or iPhone through the router yields "The connection was reset" or "The connection was lost." No problems with other sites. The problem site is accessible on iPhone with Wi-Fi off, i.e., using LTE.
 

Tech9

Very Senior Member
Check all potentially DNS/IP blocking services you have in use: Diversion, Skynet, DNS filtering service, Unbound, AiProtection. If you use known VPN public servers some places may restrict your access.

Untitled_67.png
 

L&LD

Part of the Furniture
No issues with that site here now, but I'm not using Apple products. What browsers are you using to test with?

Do other non-Apple devices have the same issue?

As you're having the same issue from the earlier version, when was the last full reset to factory defaults performed, after flashing the newest firmware, and without using any saved backup config files (or the same USB stick for amtm + scripts)?
 

brec

Regular Contributor
Check all potentially DNS/IP blocking services you have in use: Diversion, Skynet, DNS filtering service, Unbound, AiProtection. If you use known VPN public servers some places may restrict your access.
As noted, Diversion and Skynet turned off doesn't help. Not using Unbound or AiProtection. Not using VPN. Was using Cloudflare DNS 1.1.1.2, which does filtering, but changing to 1.1.1.1 doesn't help.

This problem started some time after early May, which is the last time I'm sure I accessed the site through the router, but I have no idea what the cause might be.
 

brec

Regular Contributor
No issues with that site here now, but I'm not using Apple products. What browsers are you using to test with?

Do other non-Apple devices have the same issue?

As you're having the same issue from the earlier version, when was the last full reset to factory defaults performed, after flashing the newest firmware, and without using any saved backup config files (or the same USB stick for amtm + scripts)?
Browsers on Mac: Firefox, Chrome, Safari. On iPhone using Firefox or Safari: problem with Wi-Fi on, i.e., through router, but not with Wi-Fi off, i.e., through cellular to Verizon's "router."

I can't take the time to do a full reset and start over in order to maybe access this one site.
 

Tech9

Very Senior Member
This problem started some time after early May

This site perhaps offers access to sensitive information. Their firewall may have automatically blacklisted your public IP or range. I've seen that before with dynamic IPs. You don't have to reset your router. What type Internet connection do you have?
 

brec

Regular Contributor
I tried turning on the OpenVPN client I had set up in the router to see if I could access the problem site that way, but the VPN client doesn't seem to be working :( My IP reported by whatismyip.com doesn't change. But that would be an unrelated problem.
As noted, Diversion and Skynet turned off doesn't help. Not using Unbound or AiProtection. Not using VPN. Was using Cloudflare DNS 1.1.1.2, which does filtering, but changing to 1.1.1.1 doesn't help.

This problem started some time after early May, which is the last time I'm sure I accessed the site through the router, but I have no idea what the cause might be.

This site perhaps offers access to sensitive information. Their firewall may have automatically blacklisted your public IP or range. I've seen that before with dynamic IPs. You don't have to reset your router. What type Internet connection do you have?
Update: Got the router's/Merlin's VPN client working. Going through the VPN, I can access the problem site.
 

brec

Regular Contributor
Try with your ISP DNS, all DoT, DNSSEC, etc. disabled. If it still doesn't open, it's perhaps blacklisted public IP.
All disabled. In line with the blacklisted hypothesis... the only way to change my Spectrum/Charter DHCP IP that I've found online is to disconnect the Spectrum "modem" for 8+ maybe 12+ hours. Maybe I'll try the 8+ tonight.
 

Tech9

Very Senior Member
If your modem is in bridge mode, attaching a different router to it will change the IP. If your modem is a router as well, switching it to modem/router will change the IP as well. Just sharing ideas how to test the blacklist theory. It happened to me in the past, a company firewall blacklisted my public IP range.
 

brec

Regular Contributor
If your modem is in bridge mode, attaching a different router to it will change the IP. If your modem is a router as well, switching it to modem/router will change the IP as well. Just sharing ideas how to test the blacklist theory. It happened to me in the past, a company firewall blacklisted my public IP range.
The modem is a black box to me; supplied by my ISP, Spectrum/Charter. It has a cable connection, an RJ45 connection labled "internet" which connects it to my AC86U, and two unused RJ11 connections labled "voice" (for VOIP customers, I guess). Changing the AC86U's MAC address via MAC Clone causes DHCP failure.
 

brec

Regular Contributor
What do you see in your router's UI for WAN IP address? Public or private?

The AC86U UI shows only the numerical address. It's not in a private range. Web IP address services associate it with Spectrum (ISP) and my geographic area.
 

Tech9

Very Senior Member
It's not in a private range.

Okay, your ISP box is a modem only then. I forgot about MAC Clone in Asuswrt. You have to reboot both router and modem after MAC address change. I don't like where this is going without knowing the real issue. I would leave it alone and use the VPN or mobile network. You decide based on how often you have to visit this website. Other folks around may come up with different ideas.
 

brec

Regular Contributor
Okay, your ISP box is a modem only then. I forgot about MAC Clone in Asuswrt. You have to reboot both router and modem after MAC address change. I don't like where this is going without knowing the real issue. I would leave it alone and use the VPN or mobile network. You decide based on how often you have to visit this website. Other folks around may come up with different ideas.
OK, fair enough. I may try powering off the modem overnight just to see if I get a different IP address that way, and if so if that's sufficient to access the problem site. Because it's easy enough to use the VPN, at this point it's mostly curiosity about whether the current address is blacklisted.

Thanks for the brainstorming!
 

sbsnb

Very Senior Member
Usually those long times between DHCP addresses are because of the WAN interface's MAC address. My experience has been that if you actually release the DHCP address (not just turn off the connection) you can boot up with a new MAC and get a new IP right away. It was explained to me that some ISP's lock DHCP assignments to a specific MAC address for something like 12 hours. If you don't release the DHCP address before connecting with a new MAC you will not be assigned an IP until that lock expires.
 

sbsnb

Very Senior Member
Click this button
2021-08-02 06_22_19-ASUS Wireless Router RT-AX86U - Network Map — Mozilla Firefox.png


then this one.
2021-08-02 06_24_12-ASUS Wireless Router RT-AX86U - Network Map — Mozilla Firefox.png
 

Attachments

  • 2021-08-02 06_24_12-ASUS Wireless Router RT-AX86U - Network Map — Mozilla Firefox.png
    2021-08-02 06_24_12-ASUS Wireless Router RT-AX86U - Network Map — Mozilla Firefox.png
    269.2 KB · Views: 16

brec

Regular Contributor
Click this button

then this one.
[photos omitted to save thread space]
Bingo! Instant DHCP-assigned IP change!

AND...
With the new IP, I can access the site at issue in my OP. So @Tech9's hypothesis of my prior IP being blacklisted by that site (or upstream of it) appears to be correct.

Thanks, @sbsnb and @Tech9!
 

Tech9

Very Senior Member
Click this button

Interesting. I wouldn't expect this exact button will release ISP DHCP assignment. Thanks!

So @Tech9's hypothesis of my prior IP being blacklisted by that site (or upstream of it) appears to be correct.

Don't try to hack this website again with your new public IP, please. Use your VPN instead. ;)
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top