Blocked SSH and some HTTPS communications - clarification, please?

  • 2
  • Problem
  • Updated 1 year ago
  • (Edited)
For most of yesterday, computers on my home network were unable to establish SSH connections with remote servers, several HTTPS websites were unreachable (https://developers.google.com/https://github.com/https://www.nytimes.com/https://news.google.com/ and others), and YouTube videos would not play. This problem affected my Windows 10 PC, a Window 7 PC, a Ubuntu (Linux) server, several Raspberry Pi's running Raspbian (Linux), and all my Android devices. If I run my SSH connections through a proxy they work fine. If I access the HTTPS sites through a proxy, they work fine, too.

After spending all day yesterday troubleshooting on my own, I went ahead and called support. I was in data restriction so during my call, the rep added 1GB of data as a troubleshooting step, but that didn't seem to affect the problem. As I explained more about the issue, she said it sounded like a problem with the web accelerator and disabled the web accelerator on my account, at which point everything began working again.

I was glad to get everything working again, but she also said that the problem would return if my modem lost power and that I'd have to call in again to have the web accelerator disabled any time the modem lost power.

This morning (twelve hours later) as I was transferring a file from a remote server to my PC, I went into data restriction again and my problems returned. I called back into tech support, and the support rep found that my web accelerator was still disabled. She added more data, which took me out of data restriction, then we reset the modem & router and rebooted my PC and everything started working again.

I don't know at this point whether the issue was/is with the web accelerator or my being in data restriction, but I do know that I have spent most of the past two years in data restriction (5GB Evolution plan), I assume the web accelerator has been enabled all this time, and I have never had this problem before.

I'm able to work again now, but I'm quite concerned about this issue at this point. Support has told me that the problems might be related to the weather (clear here in Texas and in surrounding states) and/or slow connection speeds due to being DAP'd, but the fact that everything works perfectly when accessed through proxies really seems to suggest that some bit of Exede technology is blocking some secure protocols.

Has something changed in the past 30 days where I should now expect to lose access to secure sites and protocols when in data restriction?
Photo of Chuck Mayo

Chuck Mayo

  • 16 Posts
  • 3 Reply Likes
  • frustrated

Posted 1 year ago

  • 2
Photo of Chuck Mayo

Chuck Mayo

  • 16 Posts
  • 3 Reply Likes
Update: I finally received a reply from my email to tech support yesterday. They gave me instructions on how to power-cycle my modem and closed my case.

Nice.
Photo of Brad

Brad, Viasat Employee

  • 2810 Posts
  • 915 Reply Likes
Hi Chuck

Sorry to hear that's the reply you got. Those sites typically don't give us problems but the web accelerator could certainly cause that issue (and likewise it being off can help gain access to secure sites..namely education sites). The data restriction should affect you if you're on Liberty Pass during the mornings or afternoons. It's possible if in the peak hours it'll time out due to speed. Anyway hopefully moving forward you don't see this again. Feel free to email us anytime at exedelistens@viasat.com 
Photo of Brad

Brad, Viasat Employee

  • 2810 Posts
  • 915 Reply Likes
Some of that could have been related to the Evolution update. I may have answered this before we realized that went through. 
Photo of Chuck Mayo

Chuck Mayo

  • 16 Posts
  • 3 Reply Likes
Brad, what Evolution update? Is this something we can expect for now on, i.e. we lose not only bandwidth but protocols and functionality when in data restriction? The Evolution plan description still reads "Unlimited Access to Web Pages," not "Unlimited Access to SOME web pages."

I don't know how to reconcile Evolution's "Unlimited Access" with Jonathan's report of being told that 'the [Exede] contract states they can "restrict your service".' It doesn't seem like both statements can be true.
Photo of Jonathan Berent

Jonathan Berent

  • 5 Posts
  • 1 Reply Like
So, I already blew through my additional 5GB -- don't know what did it, but seem to be Windows updates going around -- but that isn't what is interesting: My modem reset and after it was back on I found out I was in restricted-mode again - BUT, I could get to GitHub and others.  Great right ?! I thought they fixed it. A couple of hours later though, the power went out briefly and rebooted the modem again, his time GitHub etc are all blocked again.  dangit.
Photo of Jonathan Berent

Jonathan Berent

  • 5 Posts
  • 1 Reply Like
Sorry, about the contract stuff, I found this post before i realized I have the same problem but on a different plan, I'm EXEDE12-25. While the contract provides CYA on this, my understanding of it when they sold it to me meant they wouldn't purposely block email and normal web browsing (e.g. outlook.com, SharePoint, etc.).
Photo of Chuck Mayo

Chuck Mayo

  • 16 Posts
  • 3 Reply Likes
Either way, I don't see how it would make sense for them to intentionally block SSH/TLS. Even as a squeeze to sell more add-on data, it would affect so few subscribers that I can't see it being of much benefit. 

When my SSH was down last month, I was able to get my work done using a proxy, which is part of a VPN package I'm subscribed to. The VPN portion is pretty useless with the high latency of satellite, but by setting up a proxy, my SSH communications worked fine. For web pages, using any of a number of free proxies would get me access to those blocked sites. (which seems odd since all that traffic has to go through Exede before it gets to the proxy server and if Excede is blocking the protocols, how are the protocols getting through to the proxy?)

Unfortunately, Windows doesn't support proxy authentication, but my research last month turned up some standalone go-between apps which will make the authenticated proxy connection, then become an authentication-free proxy that Windows can talk to.

That's a lot of rigmarole to go through to accomplish connectivity that was SOP a month ago, especially since I have 4 or 5 machines that need SSH at one time or another and they'd all need a similar setup, but it's at least a way I can continue to make a living while Exede tech support is blaming the problem on the weather and telling me to power-cycle my modem.