We have been using Vyatta version 6.3 routers and now upgraded to Ubiqiti EdgeRouter pro 8 port running Version 1.8 software.
When we have changed over the routers using basically the same configuration from Vyatta we are finding some websites using HTTPS cannot be loaded.
Example is http://www.bom.gov.au/products/IDR023.loop.shtml#skip
where the actual radar image does not load. I have found the loading of the image to use TLSv1 encription'
Also some site's like www.dailysudoku.com do not load.
The router uses PPPOE connection and fault has been proven into the router.
Configuration minus passwords, some eth configuration and some addreses,
vyatta@PBR-R-E1:~$ show configuration commands
set firewall all-ping enable
set firewall broadcast-ping disable
set firewall ipv6-receive-redirects disable
set firewall ipv6-src-route disable
set firewall ip-src-route disable
set firewall log-martians enable
set firewall name pppoe0in default-action accept
set firewall name pppoe0local default-action drop
set firewall name pppoe0local rule 10 action accept
set firewall name pppoe0local rule 10 protocol icmp
set firewall name pppoe0local rule 11 action accept
set firewall name pppoe0local rule 11 destination port 123
set firewall name pppoe0local rule 11 protocol udp
set firewall name pppoe0local rule 13 action accept
set firewall name pppoe0local rule 13 description BelgraveSDSL1
set firewall name pppoe0local rule 13 protocol all
set firewall name pppoe0local rule 13 source address 210.0.xxx.xxx
set firewall name pppoe0local rule 14 action accept
set firewall name pppoe0local rule 14 description Lakeside
set firewall name pppoe0local rule 14 protocol all
set firewall name pppoe0local rule 14 source address 124.246.xxx.xxx
set firewall name pppoe0local rule 15 action accept
set firewall name pppoe0local rule 15 description Kings
set firewall name pppoe0local rule 15 log disable
set firewall name pppoe0local rule 15 protocol all
set firewall name pppoe0local rule 15 source address 59.100.xxx.xxx
set firewall name pppoe0local rule 16 action accept
set firewall name pppoe0local rule 16 description Menzies
set firewall name pppoe0local rule 16 protocol all
set firewall name pppoe0local rule 16 source address 124.246.xxx.xxx
set firewall name pppoe0local rule 17 action accept
set firewall name pppoe0local rule 17 description Emerald1
set firewall name pppoe0local rule 17 protocol all
set firewall name pppoe0local rule 17 source address 124.246.xxx.xxx
set firewall name pppoe0local rule 18 action accept
set firewall name pppoe0local rule 18 description Belgrave1
set firewall name pppoe0local rule 18 protocol all
set firewall name pppoe0local rule 18 source address 124.246.xxx.xxx
set firewall name pppoe0local rule 19 action accept
set firewall name pppoe0local rule 19 description Moondarra1
set firewall name pppoe0local rule 19 protocol all
set firewall name pppoe0local rule 19 source address 124.246.xxx.xxx
set firewall name pppoe0local rule 20 action accept
set firewall name pppoe0local rule 20 description Gembrook1
set firewall name pppoe0local rule 20 protocol all
set firewall name pppoe0local rule 20 source address 124.246.xxx.xxx
set firewall name pppoe0local rule 24 action accept
set firewall name pppoe0local rule 24 description 'xxxxxxxx'
set firewall name pppoe0local rule 24 protocol all
set firewall name pppoe0local rule 24 source address 119.17.xxx.xxx
set firewall name pppoe0local rule 25 action accept
set firewall name pppoe0local rule 25 description 'Allow FTP Data'
set firewall name pppoe0local rule 25 destination
set firewall name pppoe0local rule 25 protocol tcp
set firewall name pppoe0local rule 25 source address 0.0.0.0/0
set firewall name pppoe0local rule 25 source port 20,80
set firewall name pppoe0out default-action accept
set firewall name pppoe0out rule 1 action accept
set firewall name pppoe0out rule 1 protocol icmp
set firewall receive-redirects disable
set firewall send-redirects enable
set firewall source-validation disable
set firewall syn-cookies enable
set interfaces ethernet eth4 address 192.168.xxxx.xxxx/24
set interfaces ethernet eth4 description 'Nextnet ADSL connection'
set interfaces ethernet eth4 duplex auto
set interfaces ethernet eth4 firewall in name pppoe0in
set interfaces ethernet eth4 firewall local name pppoe0local
set interfaces ethernet eth4 firewall out name pppoe0out
set interfaces ethernet eth4 pppoe 0 default-route auto
set interfaces ethernet eth4 pppoe 0 mtu 1492
set interfaces ethernet eth4 pppoe 0 name-server auto
set interfaces ethernet eth4 pppoe 0 password xxxxx
set interfaces ethernet eth4 pppoe 0 user-id xxxxxx@isp.xxxxx.net.a
set interfaces ethernet eth4 speed auto
set interfaces ethernet eth5 address 192.168.xxx.xxx/24
set interfaces ethernet eth5 description 'Kilvinton Drive 192.168.xxx.xxx subnet'
set interfaces ethernet eth5 duplex auto
set interfaces ethernet eth7 duplex auto
set interfaces ethernet eth7 speed auto
set interfaces loopback lo
set protocols bgp 65003 neighbor 10.30.xxx.xxx remote-as 65003
set protocols bgp 65003 neighbor 10.99.xxx.xxx remote-as 65001
set protocols bgp 65003 neighbor 10.99.xxx.xxx remote-as 65002
set protocols bgp 65003 neighbor 10.99.xxx.xxx remote-as 65005
set protocols bgp 65003 neighbor 10.99.xxx.xxx remote-as 65007
set service dns forwarding cache-size 150
set service dns forwarding listen-on eth1
set service dns forwarding listen-on eth0
set service dns forwarding listen-on eth2
set service dns forwarding listen-on eth5
set service dns forwarding listen-on eth6
set service dns forwarding name-server 10.1.xxx.xxx
set service dns forwarding name-server 10.1.xxx.xx
set service gui https-port 443
set service gui listen-address 192.168.xxx.xxx
set service nat rule 5010 outbound-interface eth4
set service nat rule 5010 type masquerade
set service nat rule 5020 outbound-interface pppoe0
set service nat rule 5020 type masquerade
set service ssh port 22
set service ssh protocol-version v2
set system domain-name xxx.xxx.xxx
set system host-name xxx
set system name-server 10.1.xxx.xxx
set system name-server 10.1.xxx.xxx
set system ntp server 0.au.pool.ntp.org
set system ntp server 1.au.pool.ntp.org
set system ntp server 2.au.pool.ntp.org
set system ntp server 3.au.pool.ntp.org
set system offload ipv4 forwarding disable
set system offload ipv4 pppoe disable
set system offload ipv4 vlan disable
set system syslog global facility all level notice
set system syslog global facility protocols level debug
set system time-zone Australia/Melbourne
vyatta@PBR-R-E1:~$
I think there is an issue with SSL or Https messages traversing the router. Any clues would be most helpful.
Thanks,