Skynet PayPal is being blocked.

[muffintastic]

@Adamm
Is there a way just to whitelist www-fastly.glb.paypal.com in one go without doing individual IPs?

 

[dave14305]

I already mentioned that the Fastly CDN is whitelisted automatically in Skynet if CDN whitelisting is enabled. This includes 151.101.192.0/22. I would focus on determining if your CDN whitelisting is working and able to fetch the whitelists from api.hackertarget.com.

admin@router:/tmp/mnt/apps/skynet# grep -F "151.101.192" skynet.ipset
add Skynet-Whitelist 151.101.192.0/22 comment "CDN-Whitelist: AS54113"
admin@router:/tmp/mnt/apps/skynet# grep cdnwhitelist skynet.cfg
cdnwhitelist="enabled"

https://github.com/Adamm00/IPSet_ASUS/blob/master/firewall.sh#L888

 

[muffintastic]

I already mentioned that the Fastly CDN is whitelisted automatically in Skynet if CDN whitelisting is enabled. This includes 151.101.192.0/22. I would focus on determining if your CDN whitelisting is working and able to fetch the whitelists from api.hackertarget.com.

admin@router:/tmp/mnt/apps/skynet# grep -F "151.101.192" skynet.ipset
add Skynet-Whitelist 151.101.192.0/22 comment "CDN-Whitelist: AS54113
admin@router:/tmp/mnt/apps/skynet# grep cdnwhitelist skynet.cfg
cdnwhitelist="enabled"

https://github.com/Adamm00/IPSet_ASUS/blob/master/firewall.sh#L888

Like i said i've re-installed CDN whitelisting is already enabled by default. I haven't touched a thing. I'm only telling you what the logs are reporting back. Unless the logs are incorrect it seems we're going around in circles.

 

[dave14305]

Like i said i've re-installed CDN whitelisting is already enabled by default. I haven't touched a thing. I'm only telling you what the logs are reporting back. Unless the logs are incorrect it seems we're going around in circles.

Post the output of those two commands if you really want to solve this. Adamm doesn't maintain the content of the lists, so there's not a lot for him to do with this problem in my opinion.

Can you browse to this list used to populate the whitelist?

https://api.hackertarget.com/aslookup/?q=AS54113

 

[muffintastic]

That link just defaults to a page with "
API count exceeded - Increase Quota with Membership"

 

[SomeWhereOverTheRainBow]

Post the output of those two commands if you really want to solve this. Adamm doesn't maintain the content of the lists, so there's not a lot for him to do with this problem in my opinion.

Can you browse to this list used to populate the whitelist?

https://api.hackertarget.com/aslookup/?q=AS54113

here is what is says for me

 

[dave14305]

That link just defaults to a page with "
API count exceeded - Increase Quota with Membership"

So that's why your whitelists are incomplete. The site that hosts the lists is limiting requests, which has been a problem with a popular script like Skynet.

 

[muffintastic]

Don't understand why no-one else but two people are experiencing this issue... So basically to the users that it works for are physically opening up a Chrome / Firefox tab and going www.paypal.com and not getting any timeout errors. We've provided how many logs yet no simple solution

So the only sulution is either to disable Skynet or remove it just to get around the issue or whitelist all blocked IPs manually until a fix is found?

 

[SomeWhereOverTheRainBow]

So that's why your whitelists are incomplete. The site that hosts the lists is limiting requests, which has been a problem with a popular script like Skynet.

Typical. I guess it is a good thing Skynet has a manual whitelist.

 

[dave14305]

In other parts of the script, Adamm had created a semi-random User Agent string that may have worked around such a limit with other providers. Maybe a similar approach would work here. But you'd need @Adamm for that change.

Try running this command to see if it takes:

firewall whitelist asn AS54113

If it fails, try again at random times. Or force your WAN IP to change somehow. Not sure.

 

[SomeWhereOverTheRainBow]

In other parts of the script, Adamm had created a semi-random User Agent string that may have worked around such a limit with other providers. Maybe a similar approach would work here. But you'd need @Adamm for that change.

Try running this command to see if it takes:

firewall whitelist asn AS54113

If it fails, try again at random times. Or force your WAN IP to change somehow. Not sure.

Just ran it through TOR and a VPN still the same results, so i don't think an IP change will fly.

 

[SomeWhereOverTheRainBow]

In other parts of the script, Adamm had created a semi-random User Agent string that may have worked around such a limit with other providers. Maybe a similar approach would work here. But you'd need @Adamm for that change.

Try running this command to see if it takes:

firewall whitelist asn AS54113

If it fails, try again at random times. Or force your WAN IP to change somehow. Not sure.

It looks like despite not being able to access the page, skynet will still take the whitelist command. My whitelist appears to be much larger now after running your command.

 

[dave14305]

Another option is to try this manually one-time as a proof-of-concept:

curl -fsL --retry 3 --connect-timeout 3 -A "ASUSWRT-Merlin RT-N66U v$(nvram get buildno)_$(nvram get extendno) / $(tr -cd 0-9 </dev/urandom | head -c 20)" "https://api.hackertarget.com/aslookup/?q=AS54113" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}' | awk -v asn="AS54113" '{printf "add Skynet-Whitelist %s comment \"CDN-Whitelist: %s\"\n", $1, asn }' | ipset restore -!

I set the model as N66U since it can't run skynet and would not be a common UA String.

 

[SomeWhereOverTheRainBow]

Another option is to try this manually one-time as a proof-of-concept:

curl -fsL --retry 3 --connect-timeout 3 -A "ASUSWRT-Merlin RT-N66U v$(nvram get buildno)_$(nvram get extendno) / $(tr -cd 0-9 </dev/urandom | head -c 20)" "https://api.hackertarget.com/aslookup/?q=AS54113" | grep -oE '([0-9]{1,3}\.){3}[0-9]{1,3}/[0-9]{1,2}' | awk -v asn="AS54113" '{printf "add Skynet-Whitelist %s comment \"CDN-Whitelist: %s\"\n", $1, asn }' | ipset restore -!

I set the model as N66U since it can't run skynet and would not be a common UA String.

As proof of concept, I need to stop distracting you from that awesome FlexQoS. You are brilliant.

 

[dave14305]

As proof of concept, I need to stop distracting you from that awesome FlexQoS. You are brilliant.

In this case, as with many part of FlexQoS, I've just borrowed more of Adamm's own code.

 

[muffintastic]

Does that one piece of code work then? If that's the case i'll re-install Skynet and just use that code.

 

[dave14305]

Does that one piece of code work then? If that's the case i'll re-install Skynet and just use that code.

Update Skynet and try again. new version available.

 

[bluepoint]

Another associated IP blocked: 151.101.1.21

It appears the IP is blaclisted but also is whitelisted. Whitelisted IP's has the priority over blacklisted once so the site should be accessible.

 

[SomeWhereOverTheRainBow]

Update Skynet and try again. new version available.

Thank you for reporting the issue.

 

[noah way]

Still no issues here with PayPal.

Plenty of issues with PayPal, none that are relevant here. eBay is replacing them with Adyen as soon as their contract is up. I for one can't wait.