Logo

Satellite Internet Forum.
Please note that this forum is now READ ONLY and closed for login and changes
The new forum is here Space and Satellite Communications forum

Welcome, Guest.
Welcome to this satellite broadband discussion forum.  Wherever you are and whatever your problem we are here to help each other. Connecting to the internet via satellite is not always easy but is critically important to those in remote places or with poor terrestrial infrastructure.  Both service providers and customers are encouraged to contribute.  Read the Forum rules.
      Satellite internet forum          

Problems with SSL over tooway

(Read 13184 times)
MrMuckyPaws
Ex Member


Jul 8th, 2011 at 3:18pm  
Hello,

I have only had tooway for a few weeks and on the whole I am quite impressed with it. Sure it takes a while to get used to the latency when making connections but speed wise it is great; Speedtest.net is giving me 5.5Mbps down, 1.5Mbps up and 700ms ping comapred to my 900kbps ADSL. Realworld download speeds have been as high as 20Mbps

Anyway, everything is good but I am noticing more and more issues when connecting to SSL sites. I have been trying to order a printbook from Apple for 3 days now and am getting time outs and dropped connections - am also getting time outs with facebook, ebay, twitter, SMTP etc. They can't all be down!

I have raised a case with my ISP (Bentley Walker) for investigation but wondered if anyone else has had issues with SSL connections? Normal HTTP connections seem fine so I am thinking its not an FAP issue (I have asked BW to confirm my usage stats too).

Anyway, its becoming a real problem as most of my business transactions are over SSL and thus Tooway may not be giving me what I anticipated.

I'm not using it for VPN or games etc per the advertised restrictions in the FAQs but so far have seen no reference in the T&Cs to there being issues with SSL.

RFC please.

Simon
Back to top
 
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #1 - Jul 8th, 2011 at 4:13pm  
BW have confirmed this is not an FAP issue. Will connect Mac direct to Modem when I return on Sunday and see if issue persists.
Back to top
 
 
IP Logged
 
fendweller
Ex Member


Reply #2 - Jul 9th, 2011 at 9:20am  
Hi, 20Mb/s for sustained periods or just blips? What is the basic advertised speed of your system? As I previously mentioned, my speed never approaches the advertised 6 Mb/s. Which speed test is best for a satellite system, anyone? Thanks...
Back to top
 
 
IP Logged
 
Eric Johnston
YaBB Moderator
*****
Offline


Personal text from Profile,
Options, Top line

Posts: 2107
Reply #3 - Jul 9th, 2011 at 11:34am  
The KA-SAT Tooway has outlink (download) carriers operating at approx 19.9 Msps.  Each symbol may carry 2, 3 or 4 transmission rate bits (QPSK, 8PSK or 16QAM). FEC may be applied with ratios from 1/3 to 8/9. So, for example, a 19.9 Msps carrier with 8PSK modulation and 2/3 FEC has an information bit rate of 39.8 Mbit/s.

The same 39.8 Mbit/s data is received by many sites, e.g. 1000 sites.  Each site picks out just the data packets intended for the connected customer.

If you receive just 1 packet of data, say 2 kbytes (16000 bits) it will take 0.0004 sec and your download speed, over that very short time period, will be 39.8 Mbit/s.  So a measurement of 20 Mbit/s is possible.

Due to the artificial speed limiting (for package definition purposes) you will then be stopped from receiving further packets for a while to keep your 1 second average below your bit rate limit (4, 6, 8, 10 Mbit/s). If you are on the 6 Mbit/s package you might receive 370 packets per second (6 Mbit/s) and you will be using 15% of the network's 39.8 Mbit/s capacity.  There will be time gaps between these packets to allow for traffic to flow to other sites sharing the download carrier. 6 sites, each simultaneously downloading 6 Mbit/s would use up 36/39.9 or 90% of the downlink carrier capacity, so congestion is certainly possible, particularly if there are 1000 sites in total.  Hopefully they will not all try to be active at the same time and all want to download steady high bit rates.  If people start watching live TV via the internet they are going to have to implement broadcast mode IP so the programme only gets sent once.

The FAP policy provides threshold amounts of downloaded bytes per unit time, like 1 hour, 4 hours, 1 day, 7 days, 4 weeks. Note there is also a limit on the amount of bytes downloaded in one second, implied by the headline "up to" bit rate advertised.

What download speed do you see using my speed tester: http://www.satsig.net/speed-test/speed-tester.htm ?
wxw
Best regards, Eric.
Back to top
« Last Edit: Jul 9th, 2011 at 3:56pm by Admin1 »  
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #4 - Jul 10th, 2011 at 2:23pm  
Speedtest results;
1st 30Kbytes took 9 mS. So download speed is approx = 3333 kBytes/sec = 26667 kbits/sec

2nd 30Kbytes took 12 mS. So download speed is approx = 2500 kBytes/sec = 20000 kbits/sec

3rd 30Kbytes took 6 mS. So download speed is approx = 5000 kBytes/sec = 40000 kbits/sec

4th 30Kbytes took 6 mS. So download speed is approx = 5000 kBytes/sec = 40000 kbits/sec

Overall average download speed is approx = 3636 kBytes/sec = 29088 kbits/sec

Am quite happy with the speed to be honest - but the inability to make reliable SSL connections is really worrying. Today I have my Mac Pro connected directly to the modem to avoid any Router & Switch issues, and have reset the MAc PRo NIC to Auto/Auto/1500MTU as it was fixed at 1000/Full/9000Jumbo Frames before but the problem persists. Now seeing SSL errors in Console logs for Twitter, iCal Sync to Google Apps etc. Tried MSN messenger today and that won't log in (presumably due to SSL errors but not sure if there are logs to check).

Back to top
 
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #5 - Jul 14th, 2011 at 1:32pm  
Just as a quick update for anyone else who cares, this problem still persists. I have confirmed I am able to do everythign as expected when I am on my 3G USB dongle so am convinced this is a Sat Broadband issue. BW have escallated it to their networks team for assitance.

So far, no good!
Back to top
 
 
IP Logged
 
Heathy65
Ex Member


Reply #6 - Jul 22nd, 2011 at 11:42am  
Quote:
Just as a quick update for anyone else who cares, this problem still persists. I have confirmed I am able to do everythign as expected when I am on my 3G USB dongle so am convinced this is a Sat Broadband issue. BW have escallated it to their networks team for assitance.

So far, no good!


Hiya,

How's your SSL problem?

I have Tooway now (10Mbps/2Mbps/13GB service).

I don't seem to be having as much trouble with SSL as you but I'm seeing some 'funnies' at times.  I'm going to do some more investigation/testing then speak to my provider.

Cheers Ian
Back to top
 
 
IP Logged
 
fendweller
Ex Member


Reply #7 - Jul 24th, 2011 at 7:27pm  
Hi Ian, Which supplier did you go with in the end. I must moderate some of my earlier comments by saying that Bentley Walker have been looking into my issues quite diligently. Apparently there has been a patch issued for the modem (not sure why we wouldn't have been told in advance). The patch has been applied and without saying too much because my p.c. is listening and it might take advantage, so far the system seems to be working better than it has hitherto. I'm not getting all the faffing about when accessing web pages and speed is good.
Regards, Colin
Back to top
 
 
IP Logged
 
Powys
Ex Member


Reply #8 - Jul 25th, 2011 at 4:54pm  
I have not seen any SSL problems, no abnormal delays.

There have just been a few problems with sites like MoneyBookers which detect that the connection passes through a satellite proxy and refuse the secure aspects of their service for reasons only they know, but that is not a problem with the SSL itself.

Regards,  John
Back to top
 
 
IP Logged
 
Heathy65
Ex Member


Reply #9 - Jul 27th, 2011 at 5:10pm  
Quote:
Hi Ian, Which supplier did you go with in the end. I must moderate some of my earlier comments by saying that Bentley Walker have been looking into my issues quite diligently. Apparently there has been a patch issued for the modem (not sure why we wouldn't have been told in advance). The patch has been applied and without saying too much because my p.c. is listening and it might take advantage, so far the system seems to be working better than it has hitherto. I'm not getting all the faffing about when accessing web pages and speed is good.
Regards, Colin


Hi Colin,

I went with ToowayDirect in the end.

Glad things are improving for you.

With regard to the modem patch was that updated remotely?

Do you know what version you are on now? Mine is UT_1.1.2.1.2

Cheers Ian
Back to top
 
 
IP Logged
 
fendweller
Ex Member


Reply #10 - Jul 28th, 2011 at 8:58pm  
Quote:
Hi Colin,

I went with ToowayDirect in the end.

Glad things are improving for you.

With regard to the modem patch was that updated remotely?

Do you know what version you are on now? Mine is UT_1.1.2.1.2

Cheers Ian


Ian,
Yes, that's the version I've got. They told me when the update was ready and I just had to do an ipconfig /release /renew. Only thing is I switch my modem off overnight and from what they said I could miss an update that way. Seems a bit wasteful to leave it on all the time when it's quite watty. Not to mention the MTBF figure, but perhaps it's better for the TRIA to leave it on all the time.
Regards, Colin
Back to top
 
 
IP Logged
 
Heathy65
Ex Member


Reply #11 - Jul 29th, 2011 at 8:16am  
Quote:
Ian,
Yes, that's the version I've got. They told me when the update was ready and I just had to do an ipconfig /release /renew. Only thing is I switch my modem off overnight and from what they said I could miss an update that way. Seems a bit wasteful to leave it on all the time when it's quite watty. Not to mention the MTBF figure, but perhaps it's better for the TRIA to leave it on all the time.
Regards, Colin

Hi,
So that's the version you have now (post-upgrade) or what you had previously?
Cheers Ian
Back to top
 
 
IP Logged
 
fendweller
Ex Member


Reply #12 - Jul 30th, 2011 at 10:28pm  
Quote:
Hi,
So that's the version you have now (post-upgrade) or what you had previously?
Cheers Ian


Ian, that's the post-upgrade version or I would have made it clear that yours was out of date. I just wonder how often upgrades might happen, presumably anytime, and whether it's going to be easy to catch up if you miss one. Have we got to keep watching for them? I'm about to go away for 10 days. I'm not going to leave  the system on all that time if only because it doesn't seem sensible to do so. Regards, Colin
Back to top
 
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #13 - Sep 12th, 2011 at 12:19pm  
An update for those of you interested in my SSL issues (and it seem there are a lot more of you suffering from it that ISPs are letting on).

Whilst I thought most of the problems had gone away from the last time I updated this thread it seems that alas I was wrong. I am still unable to use SSL connections to many sites which is having an impact on my business and ability to do 'normal stuff'. 

I have now taken wireshark logs from my LAN for 3 different connections and sent them to BW for analysis last week. So far no results back, they have raised a ticket with the NOC.

I've had 2 people contact me directly with similar issues so I wonder if it is worth (Eric?) putting together a log of issues from people to try and get more support for ISPs to fix the problems. Similarly if people are finding everything does work ok then we need to know that too. It would be great to know whether this Tooway will ever work like ADSl (latency aside) or is it only fit for none time critical connections like HTTP?

So far sites that don't work reliably are:

Facebook
Twitter
Apple Store/ itunes store/ photo services - ok, anything with Apple!
Asda and Tesco shopping
Google Apps web interface as well as sync (cal, contact, mail etc).
Loxley Color ROES print shop
My Employers Webmail (Lotus Notes *spit*)

These problems are regardless of device or connection so far.

Back to top
 
 
IP Logged
 
bunoire14
Ex Member


Reply #14 - Sep 12th, 2011 at 1:31pm  
Simon,

Having spoken to you earlier I have to firstly say I'm relieved to find I'm not the only one!!

Heres a break down of my issues that have been ongoing since the day the systems were installed in April.

We have a Tooway 10 Plus Business Package installed at our warehouse facility in County Durham, and a Tooway 10 DOmestic System installed in our home office location 5 Miles down the road.

Both Systems are experiencing  VERY Slow or non existent connections to Secure Websites. We can't access our online Banking, any of our own Shopping Carts Admin panels, Twitter, MSN Messenger and have intermittent issues using our Exchange Email.

This is having a direct impact on our business, and we have been forced to have to continue using our BT Broadband system as a backup despite taking on the Tooway as a direct replacement for the BT Setup.

I have tested our internal infrastructure by systematically taking our LAN to pieces and re testing the connection just to be absolutely sure it wasn't an issue at our end, I've tried new routers and even had a IT Consultant in to check our setup, all at a great inconvenience to my Colleagues who were unable to fulfil their functions while this was going on.

Finally I have plugged the modem directly into both a PC and a Mac and after all this still get the same results.

We seem to have gone through the same support channels as you, with several tickets going into Bentley Walker who seemed to be looking into it. But there has been no progress in finding a solution. The last response I had from the Support Ticketing System was:

"There are no restrictions placed specifically on SSL traffic. However, as the traffic is encrypted, the network cannot compress the data as it would with non-encrypted data, and thus there is no possibility of speeding up the data transfer on SSL connections.
Do you have any further questions regarding the service?"

I don't know about anyone else but the above reads to me like theres nothing they can do to fix this issue?

We took steps early on to make it Clear to Bentley Walker that we felt this system was not fit for purpose (How can something being advertised and sold as a Internet Service only give access to half the internet?), and following this response from the support system requested that the system be removed and a full refund given for all moneys paid to date.

Since then we have been dealing directly with the Bentley Walker Management and updates have been coming through daily, however there seems to be a myriad of tests they want to run with no real resolution on the horizon.

We agreed to give Bentley Walker 2 Weeks to resolve the issues, which ended today. They now want to run yet more tests.  

It strikes me that the whole Tooway system may have serious underlying issues that are going to render it useless as a "Internet Service" and that no one really knows how to fix it. I my mind it should never have been released given the potential for this to happen.

As we stand at the moment I really just want this system out , as its caused nothing but problems and business downtime.

I would be interested to hear from anyone else suffering similar issues to us, either on this forum or directly.

I'll keep this thread updated with our progress, whichever route we decide to take.

Cheers,

Back to top
« Last Edit: Sep 13th, 2011 at 9:55am by N/A »  
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #15 - Sep 12th, 2011 at 2:38pm  
Thanks for the info, I'm glad to hear I'm not the only one with problems - thats 4 systems now (mine, your two and another user I have spoken to).

It certainly does look like there is a significany underlying problem.

BW's response to your problem seem to miss the point completely - speed is not the issue here (anything is going to be better than 900kBps ADSL for me) as long as it passes and works with ALL standard protocols - HTTP, HTTPS, FTP etc.

HTTPS is run of the mill standard these days. Any internet connection should work with these protocols.

Sincerely

Simon

Back to top
 
 
IP Logged
 
europe-satellite.com
Ex Member


Reply #16 - Sep 12th, 2011 at 8:00pm  
...

I am aware that my response is not really helpful in solving your existing Tooway KA-SAT problem but if you swap to an Avanti-Hylas-hughes system you can be sure you are connected to a 100% open network with no restrictions. The gateway to internet is provided by Telehouse in London and you also get a UK IP address.

The blame shouldn't be with BW or any other reseller/provider !! they all depend on Skylogic, we have done hundreds of tests in the past and most of the time no result, our list of tickets is/was very long, it can be a long time before your problem is solved.

"Dear Frits, I have been using a Tooway KA system, installed by you, for he last 2.5 years, and I have not been very impressed as it keeps dropping the connection even though I am normally well below my usage limits (barely get to 20% at any one time) - it has already dropped it about 4 times today while I have been working with VPN open to my company intranet - really annoying."

Above is a copy of an email from a user we received today (the list is growing weekly with all different problems).

We still have network/connection issues with installs we did years ago, most of the users even "don't bother to complain anymore", this is not good for our (or any other reseller/installer) reputation* etc.

Avanti-Hylas-Hughes hardware, network performance and support may cost a bit more but in the end you get what you pay for as the results will prove.

*This was one of the main reasons why we finally chose to go for the new Avanti-Hylas-1 service and Hughes hardware.

ps. Dear bunoire14, We are happy to install a test setup with a Hylas system at your office on a "No Cure - No pay" basis, if tests are sucessful you just pay the travel costs of our engineer based in London; you can report the results on this board.
Back to top
« Last Edit: Oct 26th, 2011 at 5:50pm by N/A »  
 
IP Logged
 
Eric Johnston
YaBB Moderator
*****
Offline


Personal text from Profile,
Options, Top line

Posts: 2107
Reply #17 - Sep 12th, 2011 at 10:45pm  
It might be an IP issue with Tooway and you may need to request them to have the dynamic IP lease to your connection increased so that it does not time out before you log on the secure website.

Incidentally, has anyone got an explanation for the strange  tracert results on Tooway.  Why do you start in private address space, then go public, then back to private and eventually back to public onwards towards the wanted web site?

In case the problem is associated with one of the eight gateway teleport hubs of the Tooway system, I have today added the outlink beam numbers ( 1 to 82 ) and the Gateways ( GW1 to GW8 ) to the beam maps on page http://www.satsig.net/tooway/satellite-dish-pointing-ka-sat-tooway-europe.htm
Just put your mouse on the coloured square ( beam types 1 to 4 ) at the centre of the your outlink beam.

Does anyone know where hubs GW7 and GW8 are located ?
wxw
Some more ideas ( I can't vouch for these ):

In command prompt, enter netsh winhttp show proxy  
Expect "Direct Access (no proxy server).   This command may help: netsh winhttp reset proxy

Internet Explorer

Tools, Internet Options. Advanced, Security section, set SSL 2.0 and SSL 3.0

Firewall Check that SSL port 443 is open.

Delete Temporary Internet Files

Security, Content, Advanced Settings, Trusted sites zone, Default Level, Type site addresses into Trusted zone

Tools, Internet Options, Content tab, Certificates, Clear SSL State

Under Personal information, AutoComplete, Clear AutoComplete history, Clear Forms.

Firefox

Options. Advanced, Encryption, Set SSL 3.0 and TLS 1.0

Options. Advanced, Network, Settings, proxy server not in manual
Back to top
« Last Edit: Sep 13th, 2011 at 10:39am by Admin1 »  
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #18 - Sep 13th, 2011 at 10:45am  
As for moving to Huges etc. Nice idea but its a significant increase in costs. Whilst I agree one gets what one pays for - we are paying for an Internet connection with Tooway (all be it FAP limited) and that should include the ability to use the basic Internet protocols like HTTP and HTTPS, not just HTTP only. At the moment we are NOT getting what we pay for.

Eric,

The lease time for DHCP shouldn't be so short that its having to renew mid connection when I browse to a site. Nornmally I would expect it to be in the order of hours or days. I see no reason why it would change sooner - since its effectively an 'always on' service. I'll have to check the Wireshark logs to see if there is any DHCP traffic during the SSL connection. Long shot but I do appreciate everyones ideas and help.

All of the test you describe have been tried - all be it the Mac equilavents - I don't run Windows at home apart from an occasional Virtual Machine (and that suffers the same too).

No proxy, direct connection to the modem with two different machines (one rebuilt fresh with Snow Leopard and then Lion) and the problem persists = thus its nothing to do with my config or LAN equipment.
Back to top
 
 
IP Logged
 
A.Walker
Ex Member


Reply #19 - Sep 13th, 2011 at 11:49am  
Dear All

There is a handful of customers experiencing some issue with SSL and indeed the vast majority are not having any trouble however I escalated this matter to a Senior Technical Director in Eutelsat who has replied (see below ) soon as we know they have appied the work around which should not be long we shall ask for your feedback in the meantime we thank you for your patience :


Dear Anthony,

We are working on this issue which is a difficult matter due to the fact that it seems to be an erratic behaviour. We have identified a possible cause and we are applying a workaround. Please keep us updated when you have feedbacks from your customers.

Skylogic


Back to top
 
 
IP Logged
 
A.Walker
Ex Member


Reply #20 - Sep 17th, 2011 at 3:41pm  
We have been working hard with Skylogic and so far the good News is that the SSL issue seems to be fixed , essentially looked as though there was a random  DNS mismatch but its looking much better now =))

Bentley Walker  
Back to top
 
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #21 - Sep 19th, 2011 at 4:25pm  
Hello,

I can confirm that for me, MOST of the SSL issues are fixed for normal web browser connections. There are still some issues with iTunes and Twitter which I am sure will get fixed soon. I have been away for most of the weekend so have not been able to do a complete test but so far so good.

On the whole it seems BW have done a good job kick Skylogic into touch and to avert a major refund program for all of us who are were not getting a service that was fit for purpose.

Keep up the good work BW!
Back to top
« Last Edit: Sep 19th, 2011 at 5:37pm by Admin1 »  
 
IP Logged
 
James-BW
Ex Member


Reply #22 - Sep 20th, 2011 at 10:45am  
Thank you for the kind comments Simon, our efforts are ongoing with regard to this issue and the anomalies experienced with Itunes/Twitter applications and we will keep you posted.

Regards,

James - Bentley Walker.
Back to top
 
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #23 - Oct 19th, 2011 at 7:37pm  
An Update: 3 months after installing the system - we still don't have a fully functioning Internet system. SSL connections are still unreliable and most of the time impossible to make. So far Skylogic have performed 3-4 tests capturing Wireshark logs for analysis but their feedback and progress is pretty dreadful.

Its such as shame that this system has been so poor when it promises so much for us rural customers with useless BT provision of ADSL.

Back to top
 
 
IP Logged
 
Eric Johnston
YaBB Moderator
*****
Offline


Personal text from Profile,
Options, Top line

Posts: 2107
Reply #24 - Oct 19th, 2011 at 8:49pm  
It might be worth trying to find (or make) a friendly and cooperative SSL site, where the problem can be reproduced reliably, and then studying the log files of that web site server to see what urls are, or are not, actually being requested when a test is made.

This satsig site does not use SSL, but I do see 404 errors due to intermediate proxy servers not creating the correct full url request, particularly when the original url (embedded in the html web page or javascript) is not an absolute complete url but short relative one.

Does anyone have a server with SSL and is also willing to co-operate with tests via Tooway ?

Best regards, Eric
Back to top
 
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #25 - Oct 19th, 2011 at 9:05pm  
Now that is a pretty damn good idea Eric! I have my own web host which I am sure I can configure to work on SSL for my website as well as HTTP. I'm more familiar with IIS on windows whereas this is a Linux host but it could just work.

Simon
Back to top
 
 
IP Logged
 
MrMuckyPaws
Ex Member


Reply #26 - Jan 17th, 2012 at 2:07pm  
Good news - the SSL issues seem to be fixed properly now. I have used the system for about 3-4 weeks since the fix and hardly ever get SSL issues now.

It took them 4+ months to fix but we got there in the end.
Back to top
 
 
IP Logged