Telegram not connecting.
-
Hello all,
I have the latest Pfsense installed. Packages: Pfgblocker and Snort.
I use messenger apps (WhatsApps, Signal, Telegram and Viber) to keep in contact with others. All are working well apart from Telegram which keeps on saying "connecting". This takes place on my desktop, laptop and smart phone. I do not get any connections at all with Telegram unless I use a VPN. I have not changed any settings at all on either Telegram or Pfsense. Could a Pfgblocker or Snort update blocking this?
If this is the wrong section, then could it be moved to a correct part of this forum. -
Any blocks from Snort will be shown on the ALERTS tab. It will be up to you to look at the IP addresses blocked there and determine if any are part of Telegram's IP infrastructure. Same for pfBlocker.
Why would you install packages that block things without fully understanding in advance how they work and how to troubleshoot issues they may cause you? Any package that blocks stuff is nearly guaranteed to block something you want to pass at some point.
-
Hello BMeeks,
thanks for all your hard work.
I had Telegram working a few days ago, then this started to happen.
I have not added anything apart from:
Service_Watchdog sysutilsUpdate: I got it working again. I must have denied GeoIP to the British Virgin Islands where Telegram IP address blocks are based.
-
Remove this :
@Waqar-UK said in Telegram not connecting.:
Service_Watchdog
The package is for developers that like to "dev in death" mode.
The setup of services that stop should be corrected.
-
OK. I have removed this package.
-
@Waqar-UK said in Telegram not connecting.:
Update: I got it working again. I must have denied GeoIP to the British Virgin Islands where Telegram IP address blocks are based.
Expect things like that to continue to happen to you when you use huge lists of IPs that you block. Whether GeoIP or simple IP lists, all of them have issues with accuracy. Since the IPv4 address space is now fully utilized and empty blocks are non-existent, there is a lot of buying and selling among IPv4 address block holders. This back and forth swapping of IPv4 space around the world makes some of the GeoIP lists of dubious accuracy. At the very least they have a hard time staying "current".
With huge lists of IPs that someone says "block", how do you know they are really bad? Heck, not very long ago some idiot (or idiot automated system) added the Google DNS servers to a popular IP list that some folks used in pfBlocker. That resulted in blocks of Google DNS!
So my point is that if you do things with GeoIP blocking and/or use other lists of "bad" IPs that you block, expect fairly frequent issues of stuff suddenly not working. If it was working yesterday, and today it's not, then the first place you need to look is at the alerts/blocks generated by all of your blocking packages. So that would be Snort/Suricata/pfBlockerNG/DNSBL.
-
So true. I just hope that this is sorted out. Since Telegram is a very popular package.
-
@Waqar-UK said in Telegram not connecting.:
So true. I just hope that this is sorted out. Since Telegram is a very popular package.
Sorting it out may require abandoning the use of so-called "malicious IP" lists. In your case, it does not seem that Telegram was the actual problem. The problem was a GeoIP block you put in place using a list. Without that block, I suspect Telegram would work just fine.
GeoIP blocking is fine in theory but can be burdensome in practice. Mostly because of two reasons. The first is the use of world-wide CDNs (content delivery networks) that have servers spread all over the globe in different countries. You never know with certainty which of the servers you will get referred to. The second reason is the aforementioned swapping around of IP address space between owners around the world. An IP block that formerly was used in the US might this week now be used in Southeast Asia, for example. It may take the GeoIP list vendors a long time to get that update (if they ever do).
-
True,
then I have to keep an eye on what IP is being blocked. As GeoIP has to be monitored why certain programs are not able to connect to their servers / services.
Thanks.
-
-
There is a good explanation here:
https://forum.netgate.com/topic/139724/snort-ignoring-passlist -
-
This post is deleted!
