[SOLVED]18.1 will not route to some sites and services, 17.x works fine.

[Davesworld]

 I noticed after I upgraded to the 18.1 series, that I could no longer stream video reliably from Amazon Prime, Vudu and others over my Roku. Cell phones also would not reliably work while connecting via wifi. I tried the Roku with WLAN and LAN with the same result. Netflix would work but it took a slight while to find it's way but was at least usable.

I tried switching ADSL modems and even using a second ADSL line that I have to no avail. I tried doing a clean install with the same result. Subsequent updates did not improve anything. I then resinstalled IPCop which is at the end of it's life and everything worked again. I then installed OPNSense 17.5 and imported the same config I had been using in 18.2, well now everything works again.

It should be noted that I noticed the degradation as soon as I updated to 18.1 ands second guessed myself as surely 18.1 could not be that much different but there is something inherent.

It should be noted that when I had my cellphone connected to 18.1 via wifi, Android updates were a struggle and woud often fail. The search function of of Roku itself would not work and if I could get into Amazon and others at all after many tries the images were spotty loading. What could have changed? I'm afraid to update to the 18.1 series at this point.

Although minor, with 18.1 clicking on updates from the lobby, it would go to the updates page and time out, it would work when I click on Check For Updates once on the Firmware page after it failed the first time.

I just upgraded again, yes, the upgrade to the 18 series messed it up so it is not my ISP. Now as to why?

[Davesworld]

Here is my Roku Ultra talking to Amazon Streaming:

tcp      In  192.168.6.16:41984       54.148.50.235:443        FIN_WAIT_2:ESTABLISHED

[Davesworld]

And my Wan trying to talk to Amazon Streaming.

tcp      Out 104.235.165.41:43466     54.148.50.235:443       ESTABLISHED:FIN_WAIT_2

I've decided not to redact my WAN ip, it's dynamic and I get a few thousand scans a day anyway.

[Davesworld]

Looking at PF States, Netflix does not use SSL just port 80.

[elektroinside]

I went through almost all possible updates, beginning with 17.5, continuing with development builds, ending up with 18.1.2
My Nvidia Shield connects to streaming services instantly, I hardly ever see any progress icons.
My wifi APs (separate devices) also work fine.

Strange...

[Davesworld]

For the time being I reinstalled 17.x and upgraded to 17.7.12 and have unfettered internet access. I will start poking through GIT and see if I can find something. Yes it is strange.

[dcol]

If you did not update to 18.1.2 then that could be the problem. There are known NAT issues with 18.1 that were quickly resolved with a patch.

[guest15389]

I stream via Plex to many folks, Amazon Prime and Netflix. Currently running at 18.1.2 and noticed no issues.

I have a TorGuard VPN going for some traffic along with a OpenVPN for Home access with traffic shaping as well.

I haven't noticed anything not working with NAT at this point.

[Davesworld]

If you did not update to 18.1.2 then that could be the problem. There are known NAT issues with 18.1 that were quickly resolved with a patch.

I did update to 18.2 in three separate sessions, the original gui update from my system that had been running for months, my fresh install after that and another 17.x install with gui updates to 18.2.

[dcol]

I don't have Roku, but streaming does not seem to be an issue for me in 18.1.2

[Davesworld]

I don't have Roku, but streaming does not seem to be an issue for me in 18.1.2

It happens on two different rokus, two different smart phones and one laptop. It's not just streaming, the cell phones fall flat on their faces when trying to do android upgrades as well and other things are pretty bad too.

[dcol]

Disable IDS and see if that helps. At least you can eliminate it as a suspect.
Anything unusual in the system logs?

[Davesworld]

Disable IDS and see if that helps. At least you can eliminate it as a suspect.
Anything unusual in the system logs?

I'm back up to the latest patch. I do not use IDS at this time anyway but that's a whole different subject. I'm looking at firewall logs as I try to start movies, I might as well dedicate the rest of today trying to find this.

[Davesworld]

This is interesting and from my roku.

WLAN   Feb 12 13:53:01   192.168.6.16:59387   13.32.253.65:80   tcp   Default deny rule   
WLAN   Feb 12 13:53:00   192.168.6.16:59387   13.32.253.65:80   tcp   Default deny rule   
WLAN   Feb 12 13:52:59   192.168.6.16:59387   13.32.253.65:80   tcp   Default deny rule   
WLAN   Feb 12 13:52:59   192.168.6.16:59385   13.32.253.65:80   tcp   Default deny rule   
WLAN   Feb 12 13:52:59   192.168.6.16:59387   13.32.253.65:80   tcp   Default deny rule

[franco]

Default deny usually means state tracking failure. Try adding a separate rule for sloppy or no state tracking (under advanced) to see if these go away.


Cheers,
Franco