Hot!PR_CONNECTION_RESET_ERROR only happening @ one provider

Author
mcdaniels
Bronze Member
  • Total Posts : 56
  • Scores: 1
  • Reward points: 0
  • Joined: 2013/05/15 05:29:31
  • Status: offline
2020/10/22 08:02:07 (permalink)
0

PR_CONNECTION_RESET_ERROR only happening @ one provider

Hi folks,
I am trying to find a problem which suddenly appeared today. We have not changed any configurations at our network.
Suddenly websites, hosted at  one austrian provider, where our homepage is hosted do not open anymore.
 
Only giving a:  PR_CONNECT_RESET_ERROR in Firefox and do not open in Edge too.
 
Sites are doing this, when I try via curl:
curl -vv https://www.pc-howto.com
* Rebuilt URL to: https://www.pc-howto.com/
* Trying 81.19.159.68...
* TCP_NODELAY set
* Connected to www.pc-howto.com (81.19.159.68) port 443 (#0)
* schannel: SSL/TLS connection with www.pc-howto.com port 443 (step 1/3)
* schannel: checking server certificate revocation
* schannel: sending initial handshake data: sending 181 bytes...
* schannel: sent initial handshake data: sent 181 bytes
* schannel: SSL/TLS connection with www.pc-howto.com port 443 (step 2/3)
* schannel: failed to receive handshake, SSL/TLS connection failed
* Closing connection 0
* schannel: shutting down SSL/TLS connection with www.pc-howto.com port 443
* Send failure: Connection was aborted
* schannel: failed to send close msg: Failed sending data to the peer (bytes written: -1)
* schannel: clear security context handle
curl: (35) schannel: failed to receive handshake, SSL/TLS connection failed

 
If I try outside our network (without our Fortigate) it works.
 
If I turn off all filters @ the policy used for my client the connection is still not working.
 
I am running out of ideas now.
 
Any help, hint or tip is very welcome....
#1

8 Replies Related Threads

    boneyard
    Gold Member
    • Total Posts : 364
    • Scores: 16
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/22 08:13:19 (permalink)
    0
    mcdaniels
    If I try outside our network (without our Fortigate) it works.

    you are still coming from the same IP address as when you are coming from the FortiGate?
     
    if you are going from another network can you check if your not working traffic arives at the server?
     
    im kinda expecting an issue at the other side here, but you need to see how to confirm that.
    #2
    mcdaniels
    Bronze Member
    • Total Posts : 56
    • Scores: 1
    • Reward points: 0
    • Joined: 2013/05/15 05:29:31
    • Status: offline
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/22 08:22:49 (permalink)
    0
    Hi,
     
    I am coming over 4G connection from smartphone for example (not the same ip) -> then it works.
     
    I have very limited access to the logs (of the website-hoster). I have to doublecheck it.
     
    A friend of mine is coming from a completly other network -> it works.
     
    If the situation is: mynetwork -> fortigate -> my provider -> webspaceprovider -> it is not working.
     
    If I use: single pc -> my provider -> webspaceprovider -> it works
     
    This is the log of whireshark - another website, same hoster, same behavior (If I see it right the RST is coming from the hosters-side):

     
     
    post edited by mcdaniels - 2020/10/22 08:25:50

    Attached Image(s)

    #3
    boneyard
    Gold Member
    • Total Posts : 364
    • Scores: 16
    • Reward points: 0
    • Joined: 2014/07/30 11:15:18
    • Status: offline
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/22 09:57:06 (permalink)
    0
    it is difficult to say for sure, but there is a chance the hoster is blocking you for some reason. as you have a website there i would at least reach out and ask them to check.
     
    where is that capture taken? if it is on the fortigate then yes it might be the hoster. if it is on a client then it could also be the fortigate.
     
    does the fortigate logging show anything for these requests?
    #4
    mcdaniels
    Bronze Member
    • Total Posts : 56
    • Scores: 1
    • Reward points: 0
    • Joined: 2013/05/15 05:29:31
    • Status: offline
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/22 10:27:38 (permalink)
    0
    I asked the hoster multiple times. He always says: It is working if we try to connect. Very hard to discuss this with the support.
     
    The wireshark-log is directly taken on the client which is behind the fortigate unit. 
    192.168.10.210 -> Client behind the FGT
     
    I see it in Fortiview -> Destinations  / or Sources... but there is only a little amout of data being exchanged.
     
    I have no blockingmessages in any filter or in the ssl log.
     
    I just sniffed with the fgt-packetcapture. This happens if I initiate the connection on the client. (This is what the fgt unit does at WAN1 Port
     

     
    81.19.159.68 = Hoster
     
     
     
     
     
    post edited by mcdaniels - 2020/10/22 10:57:16

    Attached Image(s)

    #5
    mcdaniels
    Bronze Member
    • Total Posts : 56
    • Scores: 1
    • Reward points: 0
    • Joined: 2013/05/15 05:29:31
    • Status: offline
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/22 10:51:45 (permalink)
    0
    This is the sniffing directly @ FGT -> sniffing LAN-port, if I initiate the connection from the client:
     
     
     
     This repeats over and over again, till the browser tells that the page cannot be opened / pr_connection_reset
    post edited by mcdaniels - 2020/10/22 10:55:41

    Attached Image(s)

    #6
    emnoc
    Expert Member
    • Total Posts : 5860
    • Scores: 387
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: online
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/22 11:03:28 (permalink)
    0
    I'm suspecting they are blacklisting your address based on what I see. Also not sure of your env but if you have multiple address or interfaces try sourcing the client with that address and try ( src.nat in the policy and a ippool or  egress interface SNAT ) 
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #7
    mcdaniels
    Bronze Member
    • Total Posts : 56
    • Scores: 1
    • Reward points: 0
    • Joined: 2013/05/15 05:29:31
    • Status: offline
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/22 12:12:49 (permalink)
    0
    hi,
    thanks for all your answers. I will see what support (of the webhoster) tells me tomorrow. This is very weird. I have no idea what happended here.
     
    Hm. I am not 100% sure about what you are meaning exactly @emnoc:  I have multiple official IP Adresses. I assume you mean that I should give one client "another" address  @WAN-side? Correct? So I will see whether our official IP is blocked @ the provider?
    #8
    mcdaniels
    Bronze Member
    • Total Posts : 56
    • Scores: 1
    • Reward points: 0
    • Joined: 2013/05/15 05:29:31
    • Status: offline
    Re: PR_CONNECTION_RESET_ERROR only happening @ one provider 2020/10/24 01:52:56 (permalink)
    4 (1)
    Dear experts,
     
    I managed to do a SNAT and used a different WAN-IP. Used it only for one client to test.
     
    After switching the IP, all websites work. So I assume you very 100% right with your guess:
     
    Our official IP (used for all clients) ist blocked by the webhoster. Unfortunatly I have not received a reply from them.
     
    Time to move on and switch the hoster, or go back to self-hosting.
     
    Thanks for your help!
    #9
    Jump to:
    © 2020 APG vNext Commercial Version 5.5