Netgear WNDR3400v2 won't send logs

Discussion in 'Network Routers' started by badgolferman, Aug 18, 2014.

  1. badgolferman

    badgolferman Guest

    Can someone here help me with this issue? Netgear are complete
    buffoons and refuse to be helpful. See below support correspondence:


    ---------------------------

    Problem: Misrouted Call
    Cause: Customer initiated - Out of Scope Support
    Status: Open
    Notes:
    8/14/2014 11:10:00 PM

    My logs arent being sent lately. My SMTP settings are smtp.cox.net Port
    25. This has been working up to a week ago. I have reset the modem and
    changed the smtp settings to a google one and tried sending it to
    different addresses. Its still not working and I need that to work.
    Windows 7 Home Premium Cox Cable
    8/14/2014 11:25:00 PM

    Hi Mike,

    I see that your WNDR3400v2 is missing registration information. In
    order for me to complete the registration, please provide us these
    details or you may attach the proof of purchase of your device:

    1) What is the name of the reseller/retailer you purchased the product
    from?
    2) Is the product purchased as brand new, refurbished or second-hand?

    With the information that you have provided, I would suggest you try to
    update or reflash the firmware on the router to fix the issue. To
    download the latest firmware, please check the link below:

    NETGEAR Download Center - Firmware Version 1.0.0.38
    http://downloadcenter.netgear.com/en/product/WNDR3400v2#searchResults

    NOTE: Kindly click on “Release Notes†to view the installation
    instructions.

    If the information provided did not help in resolving your issues,
    please log into http://my.netgear.com and let us know of the results.

    For additional information about your product, please visit
    http://support.netgear.com/product/WNDR3400v2

    Thank you for choosing NETGEAR and have a great day!

    Regards,

    Katrina
    Expert ID: 74119
    NETGEAR Support Expert
    8/16/2014 1:24:00 PM

    My firmware was current but I reflashed it anyway. I then reset the
    router to factory defaults and manually reentered the settings. The
    router still will not send the log file to any email address I specify.

    This feature has worked fine until a week or so ago. I really need the
    logs to work. Please suggest another solution.

    The other Netgear router on my account worked fine for years and then
    it started exhibiting the same symptoms. That is why I purchased this
    new one, along with the desire for better security.
    8/16/2014 3:10:00 PM

    Hello Mike,

    Before we proceed with further troubleshooting steps, please let us
    know where you have purchased the unit and if it is acquired brand new,
    refurbished or second hand.

    Again, thank you for choosing NETGEAR.

    Regards,

    Liza
    Expert ID:74129
    NETGEAR Support Expert
    8/18/2014 5:39:00 PM

    I do not remember where I bought the router or what the date was. If
    you view case #21884620 you will see this is an ongoing problem with
    this router. It didn''t work when I first got it and then magically
    started to work. Now it is not working again.

    Please provide a solution to this problem. I have just about had it
    with Netgear products and am about to switch to something else.
    8/18/2014 6:08:00 PM

    Hello Mike,

    I do apologize for any inconvenience this might have caused you.
    However, we need to validate the product's support entitlement. If you
    can contact the reseller, please ask for a reprinted copy of the proof
    of purchase and attach a copy on an email and send it to
    .

    For additional information about product warranty, please visit
    https://my.netgear.com/registration/Product_WarrantyCheck.aspx.

    Thank you for choosing NETGEAR.

    Regards,

    Liza
    Expert ID:74129
    NETGEAR Support Expert
    8/18/2014 6:19:00 PM

    The router is clearly out of warranty! What else do you need to know? I
    am asking for email support, not live support.

    Your customer support is abysmal. You have lost a customer for life and
    you are about to lose many more future customers as I inform all the
    people I build and repair computers for. I can''t believe how evasive
    and useless you people are. Your products are faulty as well, as
    evidenced by the repeated problems I''ve had with my last two Netgear
    routers.
     
    badgolferman, Aug 18, 2014
    #1
    1. Advertisements

  2. badgolferman

    VanguardLH Guest

    <snipped the rant about wanting support without paying for it>

    I went online to look at this product's manual, specially the section
    describing how to setup e-mail reporting. There is very little
    configuration available if the manual is accurate.

    You say that you specified port 25 yet I see no mention of where to
    configure the port number for e-mail reporting by this router. Does
    your e-mail provider (which looks to be your ISP [Cox]) let you connect
    on port 25? Port 25 was intended for communication between MTAs (SMTP
    mail servers), not for client endpoints. Many ISPs and e-mail providers
    have since moved to port 587 which is the IANA-designated port for
    message submission. Many ISPs have long blocked client-generated port
    25 traffic but some are late to make the change. I see no setting
    described in the manual on which port to use for the router to connect
    to the SMTP server. Do they permit specifying the port number in the
    URL to the mail server (e.g., host.domain.tld:port)?

    There is no option for enabling/disabling SSL for the connection by the
    router to the server. What if your e-mail provider now requires SSL for
    connections to its SMTP server? Many e-mail providers have forcibly
    moved their customers to using TLS connections. In a response from the
    mail server, it indicates that it supports TLS (but the server actually
    demands use of TLS). SSL is no longer sufficient to connect to that
    mail server. The server that demands TLS will wait until the client
    issues a STARTTLS command. If the client doesn't support TLS (and only
    SSL or just non-SSL connects) then the server never gets that command.
    The server keeps waiting or it eventually times out with an error and
    aborts the mail session. I had to stop using Outlook 2003 which doesn't
    support TLS and switch to another e-mail client because a couple e-mail
    services started demanding TLS.

    You are trying to send the router's logs via e-mail. However, I see no
    option to log the mail session between the router and the mail server.
    How do you know that the e-mail service isn't issuing an error status
    back to the client (router)? Tis a frequent deficiency in routers that
    they don't show you a log of the commands it sent to the SMTP server and
    what were the status messages, good or bad, sent back by the server.
    You can't tell if the problem is on the client or server end. For
    example, what it the mail server got so overloaded that it could not
    accept further connections? What if there is a node between your client
    and the mail server that is so slow that it caused the server to timeout
    the mail session? What if the server now requires an SSL connect and
    will reject non-SSL connects? What if the server now demands use of TLS
    so it waits for the client to issue a STARTTLS command which never
    arrives because the client doesn't support TLS? Since the router
    doesn't have an option to record its mail session, you don't know if the
    problem is on the client or server end.

    In the manual, I see no option for specifying the port on which to
    connect at the SMTP server. Presumably that means the router only uses
    port 25. Does your ISP permit traffic into or across their network over
    port 25? Does the e-mail service to which you have the router connect
    permit inbound connections on their SMTP server on port 25?

    I see no option to specify how long to wait to establish a mail session
    before timing out. The mail server might be busy and refusing
    connections until it has the resources needed to allow a connection from
    your router. The route between your router and the SMTP server may have
    a dead or slow host in it which would cause a timeout. Without a
    setting as to how long to wait, the router might be aborting too quick.
    Unlike a real e-mail client, the router has very little recovery
    functionality.

    I see no option to enable/disable SSL connections and thereby no option
    to specify SSL or TLS. Does the e-mail service to which you have the
    router connect permit non-SSL connections to their SMTP server? If they
    demand SSL connects, do they permit SSL connects or demand TLS connects?
    You mentioned Google which presumably means Gmail (or Google Mail).
    Gmail demands SSL connects to its SMTP server (I don't know if it also
    demands TLS connects as does Hotmail). Since it appears your router
    does not support SSL then it cannot connect to Gmail.

    I see no option to log the mail session so you can determine if the
    problem with the e-mailing of router logs is at the client (router) end
    or at the server (SMTP) end. Can't tell if the problem is at the client
    end (router) or at the mail server (SMTP). There is little config
    available for e-mail setup in this router and apparently no recovery;
    however, I suspect this is typical of consumer-grade units.

    There is/was a utility called Wallwatcher that would connect to the
    router to retrieve its logs. It's been too long since I last trialed
    this to remember its features. The description says the retrieved
    router logs can be written to a specific file but I don't know if it has
    a schedule of when to save the retrieved logs. Perhaps you could use it
    (or a better tool to retrieve router logs) to retrieve the router's logs
    and then use batch or script file to send them via e-mail using a real
    e-mail client, like whatever you use now that you find reliable and
    robust. Of course, this means having to leave the e-mail client running
    all the time; else, the logs would get pent up waiting until whenever
    you next loaded the e-mail program. You would find a real e-mail client
    has recovery, can set the wait time to establish a mail session, has a
    log to show you what happened during a mail session, like why it
    aborted, will let you specify the port (to get away from 25), and let
    you enable SSL (and perhaps TLS if needed) to connect to the mail
    server.

    Otherwise, due to the lack of configurability in the router (no port, no
    SSL/TLS settings, no wait), you need to:
    - Check your ISP does not block port 25 traffic across their network.
    - Use an e-mail provider that permits non-SSL connections on port 25.
    - The e-mail provider doesn't have a quota less than how often you want
    to e-mail your router's logs (along with all your other e-mails).
     
    VanguardLH, Aug 18, 2014
    #2
    1. Advertisements

  3. badgolferman

    badgolferman Guest

    The router's newer firmware supports port selection. See screenshot:
    http://tinyurl.com/opb4dja

    I called Cox today and asked them if Port 25 has been disabled and they
    said it has not. 25, 465, 587 are available. As you said, the other
    ones require SSL/TLS enabled, but there isn't a provision available for
    that unless it can be put in the server address somehow. Can I put
    something like ssl://smtp.cox.net in the server line?

    I played around with all the port numbers and got various responses
    back from the server. See screenshot:
    http://tinyurl.com/lxghhv4

    The only one that didn't return a failure response was port 25, yet
    nothing seems to be getting through.
     
    badgolferman, Aug 18, 2014
    #3
  4. Do you use the Cox SMTP server for any actual outbound mail?
    Is that email program setup to use port 25?
    If using some other port try setting your routine email program to use
    port 25 with no security, just your username/password settings and see
    if that still works.

    The other suggestion would be to test the SMTP server using some of the
    suggested Telnet commands at the following web site.

    http://www.port25.com/how-to-check-an-smtp-connection-with-a-manual-telnet-session-2/

    If you the plain "telnet" (minus the quotes) command in a command window
    (using run as administrator) option then your version of Windows just
    has Telnet disabled.

    Depending on what version of Windows you are using you can turn it on in
    the control panel "Programs and Features", "Turn Windows features on or
    off". It is telnet client, not telnet server you want to activate.
    Then see if the telnet commands work as suggested by the above web site.

    At least you will be able to see if the SMTP server is even responding
    to the Hello or other commands. If the SMTP server responds to the
    telnet commands then the problem is most likely with the router, if not
    the problem is with Cox.
     
    GlowingBlueMist, Aug 19, 2014
    #4
  5. badgolferman

    VanguardLH Guest

    That kept "loading" so I couldn't see it. I believe you since you say
    you can see a port selection. Have you tried 587 with an e-mail
    provider? Check they support non-SSL connects on port 587. That would
    eliminate your ISP from blocking port 25 traffice across their network.
    Alas, I've had 1st-level tech reps tell me I can use non-SSL connects
    but testing shows otherwise. They've told me to use 587 but their
    server is still configured to accept connects on 465 (the old SSL port
    before the switch to 587). Often they don't even know if your account
    has been blocked on port 25 due to quota abuse (i.e., high volume
    outbound traffic beyond what they consider normal for personal-use
    accounts) and it takes digging past 1st-level support to find out you
    got blocked. Sometimes you can tell by their response whether they are
    knowlegeable or not. If they wander off on some keywords in your
    inquiry instead of focusing on what you asked, you need to get past
    their 1-level non-technically inclined reps.
    No. The protocol might be specified by the qualifier (e.g., https) yet
    most clients don't let you specify that. They only let you specify a
    server's hostname and its port. Just like in your e-mail client, you
    don't enter https://host.domain.tld for the SMTP server but only the
    host.domain.tld portion. The SSL/TLS is handled during the mail session
    between client and server, not introduced by a UNC protocol qualifier.

    Without an option to enable/disable SSL (and another option to elect
    TLS), you have no means to tell the router to establish an SSL/TLS
    connection with the server. You have to make non-SSL connects to the
    SMTP server. That means the server must accept non-SSL connects.
    Oh oh. The mail session log (something else that must be a new feature
    with the firmware update since the manual never mentioned it) says "Must
    issue a STARTTLS command". This comes back to my pondering if the
    server demands not just SSL connects but that they must also be TLS
    based. So your router has no option to enable SSL to encrypt the mail
    session (or, at least, the login to protect the USER and PASS command
    values) so your router also has no option to use TLS. The mail server
    aborts the mail session waiting for a STARTTLS command from the client
    that the client will never issue because it doesn't support TLS (or even
    SSL). Mail server demands SSL/TLS but your router doesn't have it.

    That example shows your router trying to connect to Gmail. Google
    demands the use of SSL to connect to their SMTP server. Your router
    doesn't have an option to enable SSL when connecting to their SMTP
    server. When you try to use your ISP's (Cox's) SMTP server, do they
    demand SSL connects or can you connect using non-SSL?
    Glad to see the firmware update lets you specify a port number. Many
    e-mail providers no longer allow connects via port 25 (which was
    intended for communications between MTAs, not for message submission).
    Depending with whom you speak at your ISP, they may not have a clue if
    port 25 trafic is blocked over their network or if you have exceeded
    some anti-abuse quota (which could be tested by using a real e-mail
    client that uses port 25 to the same SMTP server).

    Since the manual never mentions SSL (and obviously thereby use TLS) and
    since you say the config screens still don't mention SSL/TLS after the
    firmware update then it appears your router cannot use SSL/TLS to
    connect to the SMTP server. You have to test with an SMTP server that
    does not require SSL/TLS to connect to them; i.e., you need to test with
    an SMTP server that accepts non-SSL connects. That won't be Gmail.
    Yahoo Mail requires SSL connects to login. I think even Hotmail now
    requires SSL (and even demands TLS support, too). My ISP used to accept
    both non-SSL and SSL connects but I haven't used their e-mail service
    for a long time so they may have changed their requirements. So many
    e-mail providers now require SSL (to primarly protect the login
    credentials and not necessarily the rest of the mail session, like for
    the message), it might be tought to find an e-mail provider that permits
    non-SSL connect. Last time I trialed Inbox.com (maybe a year ago), they
    did permit non-SSL connects (which means TLS is a non-issue with them).

    While it is obvious why testing with Gmail failed (they demand SSL but
    your router doesn't support SSL), it's not obvious why the test failed
    when using your ISP's mail settings ... until I read:

    http://www.cox.com/residential/supp...icleId={a8fb24c0-6440-11df-ccef-000000000000}

    That says SSL is required to connect to their mail servers (and even TLS
    support is required to use their SMTP server on port 587). Can't use
    Cox to send your router's logs. No SSL support in the router.

    Without SSL/TLS support in the router, you need to connect it to an SMTP
    server that permits inbound non-encrypted (non-SSL) connections. That
    means Cox, Gmail, Hotmail, and Yahoo Mail are unusable. You'll have to
    dig around and even maybe trial some freebie e-mail providers to find
    out which ones allow non-SSL SMTP connects.
     
    VanguardLH, Aug 19, 2014
    #5
  6. badgolferman

    badgolferman Guest

    My current mail client SMTP/POP settings are using Port 25, 110 and no
    SSL or authentication or encryption. I send and receive messages with
    no problem. This is what has convinced me there is something wrong
    with the router.

    Are there any other routers I can buy that allow port / encryption
    settings to be adjusted?
     
    badgolferman, Aug 19, 2014
    #6
  7. badgolferman

    Char Jackson Guest

    If you're up to it, take a look at windump (Windows) or tcpdump (Linux),
    depending on the computing environment you're running. Both are packet
    capture tools that would very easily let you 'see' what's going on,
    especially when used along with Wireshark. Everything I mentioned here is
    free.
    You might be able to expand the answer to that question if you consider
    using third party router firmware. I haven't checked, but I'd be surprised
    if something like dd-wrt didn't allow the sort of tweaking you're looking
    for.
     
    Char Jackson, Aug 19, 2014
    #7
  8. badgolferman

    VanguardLH Guest

    Since the route for the e-mail traffic (to send the router's logs to an
    e-mail address) is between the router and an Internet e-mail server,
    packet sniffing would require adding a host between the router and the
    ISP (i.e., cable modem). How would a packet sniffer on one of his
    intranet hosts see the e-mail traffic on the other side of his router?
     
    VanguardLH, Aug 19, 2014
    #8
  9. badgolferman

    badgolferman Guest

    I just checked. My model router is WIP -- work in progress.
     
    badgolferman, Aug 19, 2014
    #9
  10. Too bad about the WIP or TBD listing on the chart.

    It appears the forums for it are heating up some so I expect them to get
    it officially supported in the next couple of months if not sooner.

    As for the port questions, have you actually told the router to use one
    of those encrypted port numbers. Possibly picking a port normally
    encrypted will actually turn on a (hidden) feature. Pick say port 465,
    save the settings and see if new option pops up, just guessing mind you.

    Either way pick port 465 and see what happens when it tries to send a
    log file to you. Can't be worse off then you are now.
     
    GlowingBlueMist, Aug 19, 2014
    #10
  11. badgolferman

    Char Jackson Guest

    You answered your own question. My assumption is that the email connection
    uses the WAN interface by default, so naturally that is where the sniffer
    connection needs to be. There are at least a couple of ways to do that.
     
    Char Jackson, Aug 19, 2014
    #11
  12. badgolferman

    badgolferman Guest

    Yes, I've tried both 465 and 587. I get [email failed] command
    unrecognized errors, The only one that doesn't give errors is port 25.
    But then the email never gets delivered either. Let me reiterate port
    25 is still open since my Outlook email client is configured to use it
    and I can send mail through it.

    This very same issue occured last year with this router when I first
    bought it. Netgear support was unhelpful then just as they are now.
    The router eventually fixed itself somehow and started sending logs
    again. Now it's been three weeks or so and nothing has cleared itself.
    I've rebooted, reset and reflashed it. There's nothing else I can do
    but buy a new one - but which one?
     
    badgolferman, Aug 19, 2014
    #12
  13. badgolferman

    David Guest

    Just out of curiosity, does the email have to be sent out of the WAN port?

    If you can send to any IP address then you could send to a mail server on
    your own LAN - this at least would allow you to test the connection and
    protocol to diagnose what (if anything) is happening.

    Also,
    <http://www.myopenrouter.com/download/44198/DD-WRT-for-NETGEAR-WNDR3400v2-
    With-Heartbleed-Protection/>
    indicates that DD-WRT is available for the router model you have specified.

    Cheers

    Dave R
     
    David, Aug 26, 2014
    #13
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.