[Solved] MEGA-app and SSL

14 Posts
3 Users
2 Reactions
58 Views
 RobF
(@robf)
Trusted Member
Joined: 3 Jahren ago
Posts: 68
Topic starter  

I'm using the MEGA-app on my iPad. When using the eBlocker and starting this app, i get a message as shown below (MEGA can't connect via SSL).

D5939745 FC2A 4A17 A27D CAD572F49AA1

To connect anyhow, i can

1. disable/pause the eBlocker

2. deactivate eBlocker's HTTPS support in the dashboard

In the list of trusted apps i found 'Mega.nz' with the domains mega.nz, mega.co.nz and mega.io, but these settings don't prevent the behavior as described above.

Using the manual HTTPS diagnostics (recording) didn't give further clues. Otherwise, eBlocker is behaving normal (all available tag-boxes is the dashboard are green).

Does anybody have a similar experience?

Rob

Client OS
eBlocker hardware
Client OS version
eBlockerOS version

   
ReplyQuote
 RobF
(@robf)
Trusted Member
Joined: 3 Jahren ago
Posts: 68
Topic starter  

Solved since i stopped blocking IPv6 in my FRITZ!Box.

Best regards, Rob


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2061
 

Posted by: @robf

Solved since i stopped blocking IPv6

I fear this is the worst "solution" as you are now by-passing eBlocker. See here: https://eblocker.org/community/bugs-features/will-enabling-ipv6-in-fritzbox-7490-cause-trouble/#post-5573

We'll come up with eBlocker 3 and IPv6 support in a few. But same as with IPv4 you will then still need to add a Trusted App for Mega. From my perspective there is no other solution - or you just hit Pause in eBlocker before using Mega alternatively.

THX!


   
ReplyQuote
 elch
(@elch)
Active Member
Joined: 2 Jahren ago
Posts: 5
 

Same issue here with a linux-PC and an android smartphone.

I had to add the IP 66.203.125.14 to the mega rule to get the linux app working and the .13 for the android app.

I suspect, the whole range 66.203.125.* is needed at some point since they all belong to mega (see whois website).

Is there a possibility to add a wildcard in the rules? Or just making 256 entries?

Greetings


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2061
 

Posted by: @elch

Is there a possibility to add a wildcard in the rules? Or just making 256 entries?

To HTTPS whitelist a whole sub-network you can use the Internet network masking standard: https://en.wikipedia.org/wiki/Subnetwork

So in your case you might want to use "66.203.125.0/24" as whitelist entry.

But we generally do not recommend adding IP-addresses as trusted since they bear the risk of moving from one company to another. Thus uses this at your own risk... 😉

THX!


   
elch reacted
ReplyQuote
 RobF
(@robf)
Trusted Member
Joined: 3 Jahren ago
Posts: 68
Topic starter  

@random @elch

Thank you both for the info; will use the suggested address prudent. 

For now it works, even with IPv6 blocked in the router 🙂 Rob


   
Random reacted
ReplyQuote
 elch
(@elch)
Active Member
Joined: 2 Jahren ago
Posts: 5
 

Well, yesterday it worked. Today no connection is possible. The manual HTTPS diagnosis gives no clue.

@RobF does it still work for you?


   
ReplyQuote
 RobF
(@robf)
Trusted Member
Joined: 3 Jahren ago
Posts: 68
Topic starter  

@elch With the settings for the Trusted App 'Mega.nz' shown below, i can open the App MEGA on my iPad as if (!) eBlocker was Paused or Disabled. Hope it helps. Rob

808A625C 2AE2 4C51 BC6E FA7562521F79

   
ReplyQuote
 elch
(@elch)
Active Member
Joined: 2 Jahren ago
Posts: 5
 

thanks @RobF , same settings here. But connection is only possible when I disable/pause eblocker.

I can't see what has changed since yesterday evening. Well, I'll keep you updated. 😉


   
ReplyQuote
(@random)
Illustrious Member Admin
Joined: 6 Jahren ago
Posts: 2061
 

Posted by: @elch

I can't see what has changed since yesterday evening.

Well, that's exactly what I meant: Trusting IP addresses can be delicate as today they work, tomorrow they are in use of other applications (or even companies) and stop working.

If Mega is using IPs without a proper reverse lookup domain, adding the IPs as trusted will likely break over time. Sorry, for the bad news...

One thing you might want to try: enable the Auto Trust App (ATA). I'm not sure whether ATA will recognize IP addresses at all - but it's worth the trial.

@rob @all

Adding a top level domain as trusted will also trust all sub-domains. I.e mega.co.nz is sufficient as this will also trust api.mega.co.nz (which is redundant).

Good luck 👍 

THX!


   
ReplyQuote
 elch
(@elch)
Active Member
Joined: 2 Jahren ago
Posts: 5
 

Thanks, appreciate the support! Unfortunately, ATA did not recognized anything.

But I guess I figured it out: When opening the mega.nz website an error occurs:

grafik

Opening the link directly in the browser, Parental Controls blocks it: "The domain .mega.co.nz is part of the restricted web page category Illegal Filesharing."

Disabling Illegal Filesharing for my user leads to a working mega app (extra IP range in trusted app still needed).

Is there a possibility to include the domains from trusted apps into parental control? Don't know anything about the structure, complexity, ... Just a thought.

 

Posted by: @elch

I can't see what has changed since yesterday evening. Well, I'll keep you updated. 😉

Obviously Parental Control Settings. 🙄 

 

Greetings


   
ReplyQuote
 RobF
(@robf)
Trusted Member
Joined: 3 Jahren ago
Posts: 68
Topic starter  

@random 

1. Switched off Trusted App 'Mega.nz'

2. Made sure ATA was ON

3. Tried starting MEGA-app; got message about SSL again

4. Searched for 'mega' in ATA, found 2 entries shown below

5. Switched Trusted App 'Mega.nz' to ON again

6. Started the MEGA App anew; smooth and easy

Rob

4F437AD7 7FC1 44A5 AC50 AECD6FBF867A
DBC729B3 02C0 40A8 8909 8A2E40FF89A6

 


   
ReplyQuote
 RobF
(@robf)
Trusted Member
Joined: 3 Jahren ago
Posts: 68
Topic starter  

@elch When i open 'mega.nz' in my iPad-Safari, i'm shown 'mega.io'

eBlocker NOT paused or disabled. No message and no problem 🙂


   
ReplyQuote
 elch
(@elch)
Active Member
Joined: 2 Jahren ago
Posts: 5
 

@robf

Is Parental Control with Illegal Filesharing activated in your case?


   
ReplyQuote

Nach oben scrollen