WinGate Forums

[BEKeeper]

Hi all,

I've been having problems with one https site in particular, not in accessing it but in uploading to it. After having spoken with the site's helpdesk they suggested I might take a look at our proxy settings, which I did, but couldn't really find something wrong with. After browsing the forum for similar items, I decided to look in the WWW Proxy Server Logfile and found the following:

Error: Caught socket exception in CWWWSession::OnRead() Connection Reset by Remote Host - terminating
Traffic 80486 39312 31525 80137 73s
Terminated exit code 2
Error: Caught socket exception in CWWWSession::OnRead() Connection Reset by Remote Host - terminating
Traffic 19194 31979 24192 18845 80s
Terminated exit code 2

Can anyone tell me what this means and if this might have anything to do with my problem?

Any help would be highly appreciated.

P.S. Using WinGate 6.0.4 on Win2K Server (SP4), Clients connecting with Java Authentication.

[adrien]

Exit code 2 means the sessions timed out due to inactivity.

You could try increasing the timeout on the WWW proxy (sessions tab).

Is this a large file you are uploading?

Adrien

[munrobasher]

Coincidence maybe but I've just had to turn the proxy off trying to upload a PDF to Yahoo groups files area.

Regards, Rob.

[BEKeeper]

Thanks for your quick reply.

Extending the timeout period in WWW Proxy ->Sessions didn't help.
The thing is, uploading a file to this website is done by selecting a file (in my case a 240kB PDF) and then clicking a save button. This then starts a Java application that is supposed to upload the file.
This application indicates <unknown> size being uploaded witn 0B/s. After about 10 seconds the Java application quits and after the WinGate WWW Proxy timeout period, a 'could not find page' error page is displayed.

Regarding the document size, I've tried uploading a very small text file (<1kB) and that works, anything larger (2 kB and up (either text or PDF)) doesn't.
It should be possible to upload MB's of data though.

What could be different between 'regular' https traffic (as in accessing and displaying the site) and traffic for uploading?

[adrien]

Hi

If it's a java applet uploading the file I think there's the problem.

Do you have NAT available to the client machine? the Java applet won't be using HTTPS most likely, but a TCP connection to the server.

So the proxy settings for HTTP, HTTPS, FTP don't apply to Java.

It can use SOCKS, NAT or the WinGate Client however, so if you either

a) specify a SOCKS server in your IE proxy config; or
b) allow NAT traffic for the client; or
c) install the WinGate Client on this machine (and remove all proxy settings)

then it should work.

I would try (a) first.

Adrien

[BEKeeper]

NAT should be available on the client machine. I enabled it in extended networking.

I've tried quickly setting up SOCKS by enabling the SOCKS service and adjusting client proxy settings to SOCKS on port 1080. I also enabled logging for the service to see if it was used.
Then tried the site again, upload failed, went to check the logfile only to find the following entries (literally, including the last 'cha'):

Service Stopped
Service Started successfully
Service Restarted
Configuration changed
Configuration changed
Configuration changed
Configuration cha

But nothing indicating the client might be using SOCKS.

Are the default settings enough to correctly configure SOCKS Service?

Port 1080
Bound to loopback and internal LAN only
Use any available Gateway
60 second Session Timeout
No SOCKS request checked (Reverse IP lookup and cleartext authentication)
Users must be authenticated
Default rights must also be granted
Logging on with default + debug

This is as far as I can try things out tonight. I'll check for any other replies in the morning and then try the WGIC option.

[adrien]

When the Java applet tries to do the upload, what do you see in Gatekeeper's activity window?

Just wondering what type of request the Java applet is making.

Adrien

[Nev]

When the Java applet tries to do the upload, what do you see in Gatekeeper's activity window?

Just wondering what type of request the Java applet is making.

Adrien

Try lowering the MTU 1460~520 either in Wingate in the external NIC properties or the modem if applicable, as per http://forums.qbik.com/viewtopic.php?t=4081&highlight=mtu

[BEKeeper]

When the Java applet tries to do the upload, what do you see in Gatekeeper's activity window?

Just wondering what type of request the Java applet is making.

Adrien

It just shows the four (4) threads to SSL://thesiteimtryingtouploadto:443.

Once the Java applet quits, one of the threads disappears, which would correspond with the exit code 2 statement.

[BEKeeper]

Tried the WGIC method, but couldn't quite get it to work properly. A bit more study is required. I'll try again tonight when there's no-one around.

About changing the MTU.... How much can I mess things up once I start changing this value? What I'm trying to avoid is a situation I can't back out of (remotely).

Call me chicken...

[Nev]

Tried the WGIC method, but couldn't quite get it to work properly. A bit more study is required. I'll try again tonight when there's no-one around.

About changing the MTU.... How much can I mess things up once I start changing this value? What I'm trying to avoid is a situation I can't back out of (remotely).

Call me chicken...

Hi,

Changing the MTU is reversible.

Just click the External NIC in GateKeeper --> Advanced --> Overide MTU.

Try something between 520 and 1460 to see if it helps or clears the error.

Cycling Wingate's engine Stop / Start never hurts with the change also, but probably unnecessary.

Well worth the try however if it doesn't correct, just uncheck the option again.

[BEKeeper]

Tried changing the MTU, 1460 didn't work, 520 did. Still testing the upload capabilities and limits (speed / filesize, etc.).

As I'm always curious as to why a certain change has a desired effect I tried to read up on MTU, and found that finding the optimum MTU is a case of trial and error. Is there still no tool or utility that does this for you? I'm willing to put in the time to change and check, but I could use some pointers on increments and such.

One website described a procedure using ping <website> -f -l xxxx (where xxxx is the packet size) and changing the packet size until no defregmentation occurred to find the optimum packet size, but unfortunately I'm unable to ping the secure site.
Is that true for secure sites, that they can't be ping'ed?

Sorry about all the non-WinGate related questions, and thanks to all that helped me with this problem.

[genie]

MTU (or rather MSS) issue is quite tricky because it depends on not only the immediate gateway but on the gateways/hops between the machines. Windows supports PMTU discovery mechanism where a specific route can be created automatically with lowered MTU but in some cases it does not work. Also, you netwrok card settings might affect MTU - like Jumbo frames support, for one.