Lot of TCP_TUNNEL_ABORTED

Good morning
I have my iPhone working behind the Web Proxy (squid) and I’m trying to understand why some apps (nest thermostat, ewelink, foscam camera viewer, etc) don’t work as they should.
Checking the squid logs (/var/log/squid/access.log) I see that ALL calls to home.nest.com are truncated with TCP_TUNNEL_ABORTED

1639997 367.520 218205 192.168.1.41 TCP_TUNNEL_ABORTED / 200 6129 CONNECT home.nest.com:443 - HIER_DIRECT / 34.117.101.60 -
1639997 367.520 317565 192.168.1.41 TCP_TUNNEL_ABORTED / 200 6079 CONNECT home.nest.com:443 - HIER_DIRECT / 34.117.101.60 -
1639997 367.520 321159 192.168.1.41 TCP_TUNNEL_ABORTED / 200 13865 CONNECT home.nest.com:443 - HIER_DIRECT / 34.117.101.60 -

with very high times despite the four data it transmits.
I tried, as suggested by the squid forums, to set the parameter dns_v4_first on and restarting squid (/etc/init.d/squid restart) it seems that the times improve (but the apps still don’t work); however, if I restart the Web Proxy from IPFire I lose that parameter

Can you help me understand how to make these apps work through the Proxy?

Can’t help on your question, but if you want to make permanent changes in the config of the proxy:

https://wiki.ipfire.org/configuration/network/proxy/extend/conf_edit

2 Likes

Have you tried putting the home.nest.com to bypass the proxy see if that works ?

Yes Mike, but nothing changed: the Nest App (on my iPhone) still trying to connect :weary:
image

Hi,

this is because the “custom whitelist” does not mean a request to one of the FQDNs listed in it will bypass the proxy completely, but rather will always be permitted - there’s a misunderstanding here. :slight_smile:

Aside from that: Well, there is some communication going on, otherwise the second integer after TCP_TUNNEL_ABORTED would be zero. Could you run a tcpdump and try to get more details on the communication behaviour of the Nest app? Perhaps it decides to abort the connection by itself for whatever reason.

Thanks, and best regards,
Peter Müller

2 Likes

Thanks @pmueller
this is the result of tcpdump

please note also that if i’m trying to search this IP address (60.101.117.34) over my log files (/var/log/messages and also /var/log/squid/access.log) i didn’t find any row

Hi,

um, this is unfortunately not really helping.

I’d need a dump of a connection affected by this problem, ideally in a PCAP format so I can inspect it myself. Just the bare tcpdump output of all related connections is like searching for a needle in a haystack. :slight_smile:

Thanks, and best regards,
Peter Müller