LAN port isolation HTTPS (TLS/SSL failure)

CiViC321

New Around Here
Hi all

I isolated a LAN port on a AX-88U using the method as described here https://wu.renjie.im/blog/network/ax88u-vlan/ by Renjie Wu. Props to you sir.

It is used to isolate some equipment (cameras and NVRs) that belong to the neighborhood I live in. It worked like a charm for a while but now TLS/SSL handshaking fails sometimes.

There are two subnets: 192.168.1.0 and 192.168.150.0. dot-150 is isolated that it can't access clients on dot-1 and only a few services like DNS and NTP on the main router (192.168.1.1). Some HTTPS websites fail on dot-150 which works perfectly on dot-1. I used tcpdump and discovered that during the TLS/SSL handshake no "server hello" is received for some websites, i.e. stackoverflow.com fails but google.com works.

I can't find any mechanism that could cause this on the router. I disabled the firewall and AIprotection but this changed nothing.

Any ideas would be welcome.
 

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top