pfSense Support Subscription

Author Topic: Wierd issue with Akamai sites on SSL  (Read 122 times)

0 Members and 1 Guest are viewing this topic.

Offline djzort

  • Jr. Member
  • **
  • Posts: 79
  • Karma: +1/-0
    • View Profile
Wierd issue with Akamai sites on SSL
« on: October 12, 2017, 07:43:41 am »
Every few days, SSL websites that use the akamai cdn "stop working" - that is they just spin in the browser and time out.

Non-akamai ssl websites seem to work ok (although its hard to be comprehensive as the internet has quite a few websites these days) - but the pattern seems to be akamai.

I have placed a packet dump at https://www.cloudshark.org/captures/a5ce20efde0d

Anyones thoughts at this point would be much appreciated

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2163
  • Karma: +195/-11
    • View Profile
Re: Wierd issue with Akamai sites on SSL
« Reply #1 on: October 12, 2017, 11:29:37 am »
Are you doing and HTTPS proxying or what do you use for your DNS?

Offline djzort

  • Jr. Member
  • **
  • Posts: 79
  • Karma: +1/-0
    • View Profile
Re: Wierd issue with Akamai sites on SSL
« Reply #2 on: October 12, 2017, 05:06:21 pm »
I am not https proxying and dns is using 8.8.8.8 and 8.8.4.4

Offline djzort

  • Jr. Member
  • **
  • Posts: 79
  • Karma: +1/-0
    • View Profile
Re: Wierd issue with Akamai sites on SSL
« Reply #3 on: October 12, 2017, 05:29:42 pm »
Hardware TCP Segmentation Offloading and  Hardware Large Receive Offloading  are disabled.


disabling  Hardware Checksum Offloading  doesnt make any difference


HCO on:

wan: https://www.cloudshark.org/captures/24c60923d13a
lan: https://www.cloudshark.org/captures/2ceb97ce1ab6

HCO off:

wan: https://www.cloudshark.org/captures/97f8b49b4e73
lan: https://www.cloudshark.org/captures/755e2060d8ff