Try smartphone?
Stay in front of router, then download via chrome, see how.

2 possible
1. DNS give you slow routing of server
2. your routing got too many users, like too many 2Gbps users keep downloading 24/7 hours, so slow speed.

Try midnight or morning 8 AM?

1. Try google dns, will give you prefer on Malaysia server than cloudflare which prefer SG server.
2. Nope, based on my testing, they got lower buffer allowed.
For example, me now 100Mbps, I can burst to 150Mbps for a short period(like 3s), but 500M customer always unable burst over 500M for short period, and more strict the speed limit.

I means is, the total bandwidth is used by them, yes it is a shared bandwidth.
During sharing of bandwidth, it is depend on latency of the server reach to your router.

So, if your server is far, higher latency, means you will be getting lower speed than those people who get lower latency, like Google local YouTube server etc.
If your speedtest to TM server is working, but not those download oversea, then it mean this la.

But I am kind of unsure who will watch YouTube 24/7 hours, lol.

Yes, possible.

The best will be keep argue together with your neighbor, let TM pull another/more port/fiber for your taman for load-balance, else it will be like that forever.
As your local speedtest got speed drop, easy for report.

For most normal customers(that just 100M-500M), the issues is the speed throttling on CloudFlare server at SG, which is yuck.
If you report to MCMC, TM just telling them it is at oversea SG, they can't do anything.

Yes, but need skill.

https://forum.lowyat.net/topic/4925452

There is 2 different on mobile network and Tm network.

1. routing
2. DNS

Maybe check both issues first?
Try use 1.1.1.1 as VPN and see can this issues resolved.

If issues solved, then know it is DNS or routing issues, else, need more troubleshoot.

Yes, just to identify it only happen on TM network or not, using VPN which act as another network for testing ma.

If mobile network and TM + VPN works, means it is TM only network got issues la.
Then the route to the answer is showing up, need start troubleshoot on TM only thing, just like my DNS issues, if I test it on VPN first, I should discover the packet drop issues on DNS router side.

Understand, yours is more on white, as it is allowed to look into the configuration of CCTV and router, while me just simple blackbox testing lol.
Which works because router's firmware is blackbox, and are the cause.

Yup, came into same conclusion as yours, as I got the orange router, UPnP is disabled by default.

Even I don't wanna enable it, as you know, sometimes UPnP just leak internal network for those outside network request....
As IPv6 is public by default, so I just leave it as disable la, IPv4 which under CGNat enabled also useless, lol.

PS: I guess you means SPI firewall, yes, it is normally enabled by default, and yes, I always disabled it to prevent such issues, I faced a lot of time on it as well...


Better don't, I sense a lacking knowledge of your side...
If you have no idea about that VID_500, it means you don't know about
1. Your PPPoE account and password
2. The configuration of VLAN 500 and 600 etc

It will take more time to switch router I will say, in days, yes.
Which quicker to take a look into your router's configuration and fix it.

It was sound like router issues, as mention by kwss, seek for those configuration.
Screenshot it, post it out if you know nothing.

For SPI firewall, it look like this.


ALG is like this, got a lot like FTP, IPSEC etc.


And UPnP just UPnP.


Also, useless DoS.


Screenshot it, post it out, then kwss will tell you disable or enable it.

If you not gonna wait, then simple configuration is
1. Enable UPnP, select as 1_INTERNET_R_VID_500 if it asking you to choose which WAN Interface.
2. Enable all ALG
3. Disable All SPI in firewall configuration
4. Disable all DoS

Screenshot first, then do the change la, for the record to revert it back.

Just saying, firewall bring more trouble than it should be, default, got it reason.
I guess it just kind of blocking incoming connection, so it is "safer", but p2p getting blocked as result.

Not bad la, RM 100 to learn about, understand how's Firewall works, before changing it.

There is many thing we don't really understand, but just use it, change it, and break it.

Just like car, most people know is, drive a car, bare min.
Smartphone, calling people, using app, bare min.

But, to use it max, well, it is a headache, and depend on learning skill.
There is too many stuff to be learn in this world, and there is not enough time for that, lol.

And hei, even most kids know nothing about a PC, but smart on smartphone, saying keyboard+mouse are slower than smartphone key in.

PS: Next time you should call via unifi mobile, 100 on unifi mobile is free.

It is 30M, if you need, go buy those SWU 3.0 mesh unit, a lot are selling.

Maybe DNS?
If you get no respond from DNS, sure there will be no single request to bitwarden.

Just test for fun.

It might be request the server list data from in.appcenter.ms, so there is some misconfiguration on Microsoft side.
If you connect directly, there is no server loaded, only bitwarden.com available, and no connection made to vault.bitwarde.com.


But...
If you use a VPN(I tested using 1.1.1.1 WARP, on KUL and on SG), it will success on receiving correct data from in.appcenter.ms.

By testing without clear data.
First, it request you to select "Self-hosted" at "logging in on", then saved it, there will be new server bitwarden.eu shown as second choice.
Then, it will success for connecting to vault.bitwarden.com, or vault.bitwarden.eu if you select .eu server.

And, if you reset app(clear data) with VPN enabled, the server list will be requested successful, and showing 2 server which is .com and .eu.
---
So, conclusion, someone at bitwarden fxxked up their server configuration list, and give the wrong server list + configuration to TM/UniFi IP range.
Or
Someone at Microsoft la.

I will said, complain to bitwarden to speed up the fixing.

And correction to my part, so it seem like there is some skip over DNS that I failed to capture, maybe DNS caching happen on my Android phone, lol.

So I find the f-droid version which removed Microsoft appcenter.

https://github.com/bitwarden/mobile/issues/1828

And confirmed it will request the server list from vault.bitwarden.com.
And yes, same issues, the server list will be failed to request.

If I keep looking into github for bitwarden's source code, I sure gonna find which API they are looking to fetch the server list.
But, nah, better keep complain to bitwarden la, lol.

After retest a few time, confirmed it should be cloudflare or bitwarden side issues, because I tried to changing the CloudFlare IP address by modifying the host file, still the same result.

So there is special result given to TM/UniFi customer IP address la...

As above, it still requesting the list of server configuration from vault.bitwarden.com or vault.bitwarden.eu.
For the which get or post request it is asking from, I kind of lazy on performing MiTM the request, lol...

Anyways, if you interesting on looking the source code, here it is.

https://github.com/bitwarden/mobile/pull/2454
https://github.com/bitwarden/mobile/blob/ma...nmentService.cs
https://github.com/bitwarden/mobile/blob/ma...nmentUrlData.cs

Still seeking which one is for the requesting server list, lol.
I wonder why they setup different API than the website version, which is https://vault.bitwarden.com/api/config

A bit tired to looking forward, as I not sleep yet.

Done a bit with mitmproxy, it is getting as this.

https://vault.bitwarden.eu:443/api/config.

GET /api/config/ HTTP/1.1
Accept: application/json
Device-Type: 0
Bitwarden-Client-Name: mobile
Bitwarden-Client-Version: 2023.12.0
User-Agent: Bitwarden: Mobile/2023.12.0 (Android 10; SDK 29; Model HMA-L29)
Accept-Encoding: identify
Host: bitwarden.eu
Connection: Keep-Alive

Then it is dead silence from cloudflare, until timeout.
But should be the MiTM app got issues la, as it get frozen, lol.
---
Hmm, either MiTM app got issues, or it is the real cause found.
Nothing captured, except request head and empty body.

So cloudflare somehow refuse to answer?
Let me see with VPN.
-
And forgot MiTM is works as VPN lol.
Anyways, should enough data, wget etc with http/1.1 might get the answer out la.

vault.bitwarden.eu seem working, only vault.bitwarden.com got issues, hmm...

As the app got cert pin written, so I kind of failed to intercept it la...
---
Yes, if I fill in valut.bitwarden.eu as self-hosted, it works.
Only bitwarden.com down.

And this MiTM not working as it should be lol, lazy to install self-cert then go with fiddler on windows laptop.
Then let it go la, bitwarden issues, lol.

This post has been edited by BenYeeHua: Dec 18 2023, 09:15 AM

Done, with the power of, FIREFOX!!!!!

Someone was DDoS with TM/UniFi IP range of address, with the stupid of HTTP/1.1
So CloudFlare blocked TM/UniFi IP range with the power of, well, "Checking if the site connection is secure"

Solved, bitwarden is stupid one by requesting with old HTTP/1.1, and not supporting the blocking of CloudFlare, lol.

Result out, simple, blocked of cloudflare with request of HTTP/1.1, someone must be brute force with bot/zombie/infected computer running on TM IP range, lol.

And app failed to handle the blocking of cloudflare, double lol.
While app requesting with HTTP/1.1 or app's UA, triple lol!!!
(As that mitm app got issues, it might forcing downgrade the app's connection to HTTP/1.1 for capturing, based on my Tachiyomi skill, CloudFlare partial block based on UA)

In the end, lol!!!
---
Also extra, it is same blocking happen on IPv4 and/or IPv6, as long as it is under TM la.

This post has been edited by BenYeeHua: Dec 18 2023, 09:25 AM

Yes, 60.53.x.x.

Can be me testing too much and get blocked, possible, but I was testing on my phone, which is under different IPv6 address, hmm....
Did cloudflare block whole IPv6 range that assigned to each TM customer?
---
Retested again, Firefox

Disabled HTTP2 and HTTP3, only HTTP/1.1 get blocked by CloudFlare
Reenabled HTTP2 and/or HTTP3, solved this issues.

Might better look into the source code of this bitwarden app, see did it support HTTP2/HTTP3 or not?

This post has been edited by BenYeeHua: Dec 18 2023, 09:29 AM

Then it is kind of bitwarden's app issues la, even my comic reader app Tachiyomi know to inform me it get blocked by CloudFlare, and asking me to passing the test by opening website via WebView...

Who the hell still using HTTP/1.1 at year 2023, aiyo...

Conclusion, bitwarden(at least Android version) is a lazy developer product, it is better to skip using it, as it seem like iOS app out of this issues...
---

https://github.com/bitwarden/mobile/issues/...mment-975740275


https://github.com/bitwarden/mobile/issues/...ment-1823211981

Kind of reminding me that app showing tips of "Network issues" when it is server caboom, lol.

This post has been edited by BenYeeHua: Dec 18 2023, 09:41 AM

Well, ya, and this app kind of failed the testing.
Because to bypass the pinned cert of app, you just choose https://vault.bitwarden.eu as server, then MiTM can happen.

Which means, if you trust the privacy of EU, and put your data on EU server, then it just becoming less secured than the defaulted US server...

Also how strangely https://vault.bitwarden.eu safe/excluded from this Cloudflare DDoS protection....

Why the hell still got people using this kind of app, lol!!!

lol.
Still, they need to solve the cert pin issues for EU customer, by default they are not cert pin protected.
---
So, any comment for why they put it as 1, 0?
Let me see the commit history.