Problem: Websites with VPN and Opera (Vista/Win 7)

Discussion in 'ESET Smart Security' started by MuffPotter, Nov 19, 2009.

Thread Status:
Not open for further replies.
  1. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    I have now the latest firewall module (1054) but i still have the same problem with some webpages within the Opera browser. Many webpages work fine but two, who i need very often, are absolutely horrible: Wikipedia and Google.
    When i try to start a search on these two pages or just try to open the website it takes minutes or the webpage loads with failures (e.g. image failures) or i simply get an error message that Opera could not establish a connection with the server. Only in few cases there is a short time period (some minutes) where the websites always load within seconds. But after that "working well period" everything is as worse as before. So the problem does not always occur but most of the times and on several webpages.

    Here is what i can say to maybe localize the problem:
    - It doesn't occur under Windows XP, but on Vista and Windows 7
    - Changings of the ESS "active mode" settings don't solve the problem
    - When i disable the ESS firewall ("do not filter network traffic") and activate the windows 7 firewall everything works fine.
    - Within Firefox the probles doesn't occur as far as i can say (i only test it sometimes with Firefox because Opera is my default browser)

    So the problem is due to the ESS Firewall under Vista and Win 7.

    At the moment i use the latest ESS, Windows 7, Opera 10, and the Cisco AnyConnect VPN Client 2.4.0202 (but it also occur with the "normal" Cisco VPN Client 5.0.05.290).

    Does anyone know a solution? It is really very time consuming.
    I have to use the VPN Client to get connected with the internet at university. :blink:
     
    Last edited: Nov 19, 2009
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    If you are positive that the problem is caused by the firewall (assuming that disabling only HTTP checking in the main setup tree doesn't make a difference), try enabling logging all blocked connections in the IDS section of the firewall setup, replicate the problem and eventually check the firewall log for details about blocked connections. Subsequently you can try adjusting the appropriate rule or disabling it completely.
     
  3. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Ok, i will check that tomorrow. Thanks
     
  4. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Ok, now i reproduced the problem and the log file looks like this (the disabling of HTTP checking didn't help). I'm no expert, what kind of target is this (192.88.99.1) and what can is do to solve this problem?
    I'm running the firewall in the "automatic mode with exeptions". The only exeption i have is that i deny MS Word web access.
     

    Attached Files:

  5. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    And this target as well with no rules:
     

    Attached Files:

  6. robis

    robis Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    149
    I had a lot of no rules found.

    Reinstall ESET SS and chose interactive mode then create new rules - all no rules found will disapeares. (for me it was only one method)

    without reinstaling - if you chose only interactive mode then you will see same No rules found error :)
     
  7. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    But isn't the "automatic mode" a global rule?
    I've already used the "interactive mode" for a couple of month (selected during the installation) but the result was the same.
     
    Last edited: Nov 20, 2009
  8. robis

    robis Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    149
    then sorry ... in my case it works as i described :/
     
  9. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Thank you nevertheless.

    Does maybe some one else know how to configure ESS to solve the problem?
     
  10. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    *up again*
     
  11. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Well... no one knows how ESS has to be configured to solve this?
     
  12. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Ok, since the last release of ESS the google search stopped working completely. Now opera shows an "error page" within a second witch says that there are networkproblems. Searching via bing works without problems. Even Wikipedia works now.

    So: google = worse, Wikipedia= better.
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Does disabling the firewall or HTTP checking in the main setup (F5) -> Antivirus and antispyware -> Web access protection -> HTTP, HTTPS make a difference?
     
  14. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    I didn't use my laptop since my last post. Today i started it, received the ESS updates and now everything works without problems. But i didn't cange anything ?!
    Is it maybe the updated antivirus and antispyware scanner module?
     
  15. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Surely not, this module has nothing to do with networking. Maybe something else on your computer has updated which fixed the issue.
     
  16. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Well, maybe it was one of those short peroids where it works yesterday because today it doesn' t work anymore. Even if i disable the HTTP checking.
    But when i disable the ESS Firewall completely, it works. So in my opinion the problem must be the ESS Firewall.
     
  17. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Hi MuffPotter,
    according to your log, creating a rule allowing bidirectional communication for protocol 41 (ISATAP) should do the trick:
     

    Attached Files:

    Last edited: Dec 2, 2009
  18. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Just for my understanding, what exactly is protocol 41?

    Ok i created the rule. Google works now very fast but, a bit strange, wikipedia is very slow and the log file says during the process of loading wikipedia that there is an "Incorrect IP packet lenght".


    Well as i type this, wikipedia works fast as well as is seems.
    ..
    ….

    And again it doesn't work on both websites with the same event: "Incorrect IP packet lenght". So it works sometimes but often not.
     

    Attached Files:

  19. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    For more information about ISATAP protocol (41), read this article at Wikipedia for instance.

    As for the error "Incorrect IP packet length", create 2 logs with Wireshark; one with firewall enabled when the error occurs and the other with firewall disabled when it doesn't. When replicating the issue with firewall enabled, make sure to have logging all blocked connections enabled as we'll need it, too, for perusal.
     
  20. MuffPotter

    MuffPotter Registered Member

    Joined:
    Apr 21, 2008
    Posts:
    33
    Well i installed Wireshark now but i'm not sure what you want me to do with it. How can i create those logs with Wireshark?
     
    Last edited: Dec 8, 2009
  21. robis

    robis Registered Member

    Joined:
    Mar 21, 2009
    Posts:
    149
Thread Status:
Not open for further replies.