RT-AX56U - SSL error when accessing a specific website

[tRiFFiD]

I've got an RT-AX56U and using it with the latest Asus Merlin (388.2_2) on a fibre internet connection using IPoE (DHCP WAN).
The fibre is connected to an NTD which provides an Ethernet connection to the WAN port on the Asus router.

I have nothing special or unusual configured and am using the ISP's DNS servers (have also tried using 1.1.1.1 and 8.8.8.8).

Whenever I visit https://chasebet.com.au in Firefox, I get this error:

In Chrome:

From a totally physical separate Linux PC connected via Ethernet:

$ lynx https://chasebet.com.au

From a Linux PC connected via WiFi using Chrome I get the exact same error as the Chrome Windows screenshot above.

As soon as I remove the Asus router from the equation and connect the Ethernet cable from the NTD directly into any of my PC's, I can access https://chasebet.com.au without any issues whatsoever.
I can also access it just fine from my mobile phone using 4G, but as soon as I turn on WiFi and the phone connects to the Asus, I get the same SSL issues.

It's not happening with any other sites, just this one in particular.

Traceroute from Asus router:

admin@router:/tmp/home/root# traceroute chasebet.com.au
traceroute to chasebet.com.au (13.32.127.88), 30 hops max, 38 byte packets
1 172.31.0.81 (172.31.0.81) 2.550 ms 2.557 ms 1.881 ms
2 ip-103-106-88-4.per.xi.com.au (103.106.88.4) 1.832 ms 2.706 ms 1.772 ms
3 ip-121.214.103.123.VOCUS.net.au (123.103.214.121) 2.262 ms 3.036 ms 2.627 ms
4 99.82.176.36 (99.82.176.36) 2.621 ms 3.034 ms 2.803 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 server-13-32-127-88.per50.r.cloudfront.net (13.32.127.88) 3.974 ms 2.765 ms 2.684 ms
admin@router:/tmp/home/root#

Traceroute from my phone's 4G connection:

PS C:\Users\xxxx> tracert chasebet.com.au

Tracing route to chasebet.com.au [13.32.127.88]
over a maximum of 30 hops:

1 * * * Request timed out.
2 53 ms 22 ms 19 ms 10.5.70.8
3 18 ms 15 ms 20 ms Bundle-Ether16.pie-edge903.perth.telstra.net [203.54.232.117]
4 22 ms 18 ms 23 ms ama3807910.lnk.telstra.net [139.130.33.178]
5 94 ms 18 ms 30 ms 150.222.82.65
6 21 ms 21 ms 28 ms 52.93.78.191
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 28 ms 19 ms 28 ms server-13-32-127-88.per50.r.cloudfront.net [13.32.127.88]

Trace complete.



Does anyone have any suggestions on what the issue could be, or any further troubleshooting I could do to try and resolve this issue?

 

[drinkingbird]

I've got an RT-AX56U and using it with the latest Asus Merlin (388.2_2) on a fibre internet connection using IPoE (DHCP WAN).
The fibre is connected to an NTD which provides an Ethernet connection to the WAN port on the Asus router.

I have nothing special or unusual configured and am using the ISP's DNS servers (have also tried using 1.1.1.1 and 8.8.8.8).

Whenever I visit https://chasebet.com.au in Firefox, I get this error:

View attachment 53718

In Chrome:

View attachment 53720

From a totally physical separate Linux PC connected via Ethernet:

$ lynx https://chasebet.com.au

View attachment 53721

From a Linux PC connected via WiFi using Chrome I get the exact same error as the Chrome Windows screenshot above.

As soon as I remove the Asus router from the equation and connect the Ethernet cable from the NTD directly into any of my PC's, I can access https://chasebet.com.au without any issues whatsoever.
I can also access it just fine from my mobile phone using 4G, but as soon as I turn on WiFi and the phone connects to the Asus, I get the same SSL issues.

It's not happening with any other sites, just this one in particular.

Traceroute from Asus router:

admin@router:/tmp/home/root# traceroute chasebet.com.au
traceroute to chasebet.com.au (13.32.127.88), 30 hops max, 38 byte packets
1 172.31.0.81 (172.31.0.81) 2.550 ms 2.557 ms 1.881 ms
2 ip-103-106-88-4.per.xi.com.au (103.106.88.4) 1.832 ms 2.706 ms 1.772 ms
3 ip-121.214.103.123.VOCUS.net.au (123.103.214.121) 2.262 ms 3.036 ms 2.627 ms
4 99.82.176.36 (99.82.176.36) 2.621 ms 3.034 ms 2.803 ms
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 server-13-32-127-88.per50.r.cloudfront.net (13.32.127.88) 3.974 ms 2.765 ms 2.684 ms
admin@router:/tmp/home/root#

Traceroute from my phone's 4G connection:

PS C:\Users\xxxx> tracert chasebet.com.au

Tracing route to chasebet.com.au [13.32.127.88]
over a maximum of 30 hops:

1 * * * Request timed out.
2 53 ms 22 ms 19 ms 10.5.70.8
3 18 ms 15 ms 20 ms Bundle-Ether16.pie-edge903.perth.telstra.net [203.54.232.117]
4 22 ms 18 ms 23 ms ama3807910.lnk.telstra.net [139.130.33.178]
5 94 ms 18 ms 30 ms 150.222.82.65
6 21 ms 21 ms 28 ms 52.93.78.191
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 28 ms 19 ms 28 ms server-13-32-127-88.per50.r.cloudfront.net [13.32.127.88]

Trace complete.



Does anyone have any suggestions on what the issue could be, or any further troubleshooting I could do to try and resolve this issue?

Only guess is aiprotection or parental controls are blocking that site, redirecting you to a page on the router, and the router has a self signed cert causing the browser to give you that warning.

 

[tRiFFiD]

Only guess is aiprotection or parental controls are blocking that site, redirecting you to a page on the router, and the router has a self signed cert causing the browser to give you that warning.

Both AiProtection and Parental Controls are turned off, so it can't be that. I can access a whole bunch of other gambling related sites without any issue, it's just this particular Chasebet site that I can't access.

 

[ColinTaylor]

My only thought is that the website (or some intermediate proxy) has blacklisted your router's IP address. Do you have a subscription to a VPN service (e.g. NordVPN). If so try connecting to the website through that.

 

[tRiFFiD]

My only thought is that the website (or some intermediate proxy) has blacklisted your router's IP address. Do you have a subscription to a VPN service (e.g. NordVPN). If so try connecting to the website through that.

I do have a NordVPN subscription, and if I connect to the VPN first I can successfully access the site.

I have a dynamic WAN IP that changes semi-regularly. I don't suspect it's being blocked in any way, because as soon as I bypass the AX56U and connect my fibre NTD direct to my PC there are no issues accessing the Chasebet site.
The only thing in between my computers and the internet is the router, it has got to be something to do with that, but I am really scratching my head what it could be.

I will try connecting another router temporarily and see if I have the same issue, if the problem goes away then I think the next sensible move would be to factory reset the AX56U and start from scratch.

 

[ColinTaylor]

I have a dynamic WAN IP that changes semi-regularly. I don't suspect it's being blocked in any way, because as soon as I bypass the AX56U and connect my fibre NTD direct to my PC there are no issues accessing the Chasebet site.

I don't know how your NTD works but with cable modems the IP assigned by the ISP's DHCP server is linked to the MAC address of the device plugged into it. Therefore when you unplug the router and plug another device into the modem (e.g. another router or a PC) you will get a different public IP address because the MAC address has changed. You can check your current public IP address by going to www.whatsmyip.org

 

[tRiFFiD]

I don't know how your NTD works but with cable modems the IP assigned by the ISP's DHCP server is linked to the MAC address of the device plugged into it. Therefore when you unplug the router and plug another device into the modem (e.g. another router or a PC) you will get a different public IP address because the MAC address has changed. You can check your current public IP address by going to www.whatsmyip.org

Mine doesn't quite work like that. If I reboot the NTD then I'll get a new IP from my ISP. If I reboot my router, I won't usually get a new IP. My ISP toolbox also allows me to kick my own session from the remote end, which also gets me a new IP.
I've had this problem for a month now at least, and I've had more external IP's than I can remember in a few different ranges that my ISP has.

Plus the fact that unplugging the Asus router and connecting the NTD directly to my PC allows me to access the website without any issues, it all points to being something weird happening within the Asus router rather than any of my PC's or there being some kind of a block on the dynamic IP's that my ISP is assigning me. It's pretty strange if you ask me!

 

[drinkingbird]

Mine doesn't quite work like that. If I reboot the NTD then I'll get a new IP from my ISP. If I reboot my router, I won't usually get a new IP. My ISP toolbox also allows me to kick my own session from the remote end, which also gets me a new IP.
I've had this problem for a month now at least, and I've had more external IP's than I can remember in a few different ranges that my ISP has.

Plus the fact that unplugging the Asus router and connecting the NTD directly to my PC allows me to access the website without any issues, it all points to being something weird happening within the Asus router rather than any of my PC's or there being some kind of a block on the dynamic IP's that my ISP is assigning me. It's pretty strange if you ask me!

If it isn't the router protecting you then your DNS is flagging it and redirecting you to a warning page. Try using a non filtering DNS in the router like your ISP's DNS server.

 

[tRiFFiD]

If it isn't the router protecting you then your DNS is flagging it and redirecting you to a warning page. Try using a non filtering DNS in the router like your ISP's DNS server.

It doesn't make any difference which DNS servers I use.
I've tried setting the router to auto-obtain DNS from my ISP, I've tried setting 1.1.1.1 and 8.8.8.8 both on the router and statically on my PC network interfaces and even installed Unbound on a Linux VM as a test and ran my own local DNS server. dnsleaktest.com was used each time to verify which DNS servers were in use.
One other test I did was to go into Firefox settings and enforce "Max Protection" under DNS settings, then select either Cloudflare or NextDNS through the dropdown box. This means Firefox forces all DNS lookups over DOH and overrides anything set locally on the system or network.

Regardless of the DNS being used, I get the same result.

 

[drinkingbird]

It doesn't make any difference which DNS servers I use.
I've tried setting the router to auto-obtain DNS from my ISP, I've tried setting 1.1.1.1 and 8.8.8.8 both on the router and statically on my PC network interfaces and even installed Unbound on a Linux VM as a test and ran my own local DNS server. dnsleaktest.com was used each time to verify which DNS servers were in use.
One other test I did was to go into Firefox settings and enforce "Max Protection" under DNS settings, then select either Cloudflare or NextDNS through the dropdown box. This means Firefox forces all DNS lookups over DOH and overrides anything set locally on the system or network.

Regardless of the DNS being used, I get the same result.

Only other thing I can think is maybe you had trend micro or parental enabled at some point and some of it is still active (didn't totally disable and something still lingering invisibly)? Have you gone to privacy and done "withdraw"? All else fails, maybe time for a hard reset. The only other intercept the router should be doing is if the WAN is down or if you go to the router page and have redirect to https enabled, but neither should be in play here.

 

[tRiFFiD]

Only other thing I can think is maybe you had trend micro or parental enabled at some point and some of it is still active (didn't totally disable and something still lingering invisibly)? Have you gone to privacy and done "withdraw"? All else fails, maybe time for a hard reset. The only other intercept the router should be doing is if the WAN is down or if you go to the router page and have redirect to https enabled, but neither should be in play here.

Clicking 'Withdraw' from the Parental Control/AiProtection has resolved the issue.

Thank you so, so much. Saved me having to hard reset my router which I wasn't really looking forward to due to my custom DDNS setup etc.

 

[drinkingbird]

Clicking 'Withdraw' from the Parental Control/AiProtection has resolved the issue.

Thank you so, so much. Saved me having to hard reset my router which I wasn't really looking forward to due to my custom DDNS setup etc.

Sorry I just assumed when you said it was disabled it was never enabled, should have mentioned the withdraw thing before. It doesn't seem to totally "let go" until you do that.

Try not to lose too much money

 

[tRiFFiD]

Sorry I just assumed when you said it was disabled it was never enabled, should have mentioned the withdraw thing before. It doesn't seem to totally "let go" until you do that.

Try not to lose too much money

I must have enabled it at some point but didn't realise it wouldn't have 'let go' once I turned it off.

Cheers