[Tracking] Caching Origin not possible due to SSL #98
Comments
|
What fix have you seen? We are still seeing origin downloads going over https (and thus uncacheable). |
|
You're running Origin Version 10.5.40.26928, which predates the switch to SSL I'm currently running Origin version 10.5.41.27263, which is definitely only downloading via SSL |
Same here, also sticking to old version will not work as it will require update before login, and will fail if SSL is blocked, already tried that by stopping SNI and pointing ssl-lvlt.cd.ea.com to 127.0.0.1 Edit: Older versions will only work directly after client is installed, will force an update after being stopped and reopened |
|
any updates on this guys ? i hope they go back to http , i've also contacted EA help on twitter https://imge.to/i/TtjSH < photo |
|
we are still trying to get some sort of communication with EA to see how this can be progressed... |
|
I've tried messing with R&D mode. Tried changing So I tried adding |
they have removed origin from the DNS service "in uklans domains" so make sure to add it yourself if you can do that , or request them to readd it |
|
You are obviously free to fork this repo and add origin back in for testing. I don't think we would re-add it to the main repo whilst it remains totally uncacheable - as that is just confusing for most users. It depends how you are using this repo, but if its in conjunction with lancache then they do have a feature to point to a different domain repo for testing: https://github.com/lancachenet/lancache-dns#custom-forksbranches |
|
i was just contacted by EA HELP on twitter and he asked me for additional info that he can provide to his manager , so can any one of knowledge give me a technical paragraph of what should be said ? |
|
@manafoo we've been trying to reach out to eahelp. if you could reference https://twitter.com/MintopiaUK/status/1145709393205506049 and https://uklans.net/openletter/ and get them to reach out to [email protected] |
Done. https://imge.to/i/F8L3O << image |
|
@manafoo if you could also reply to the original twerk explaining this is affecting your event as well that would be great |
|
i'd like to say in regard to contacting ea help , please explain to them what caching does , tell them it allows faster downloads to clients because the update would be stored locally instead getting it from the servers every time , " just remember the twitter handler is probably clueless to those technical terms and they will be just a messenger to their colleagues and IT department so it's crucial to make them understand that there is an issue also maybe adding whats in it for them is nice too and that is , lower load on their download servers! |
Done :) |
|
FYI @manafoo there is an official case open at EA, -zac is very helpful and understands about the problem! I'll update here if i hear anything. |
thats great!! i got a response from zac on twitter here ,link to check it out : |
|
@peerau yeah, we're working closely with the guys at ea to get a poc going. So far they've actually been really helpful! |
|
Hi everyone, any update on this? |
|
Nothing specifc to confirm at this time, but we know that Origin are still working on something and hope to have an update fairly soon in the new year from them. |
|
Beta Version 10.5.63.37653 - 758549 of the client now has a feature to fall back to HTTP if a cache is present. We will have a chat about when to update the main line. see #126 |
|
I just installed a a fresh lancache and testing with Originin Client Version 10.5.63.37653 - 758549. I am not sure, but i think at the moment the installed Origin Client realized the Hosts is redirected to a local IP it was asking me to Update the Client. after that i got the Question. I have a custom DNS Setup (Note the Docker Image) witch redirects these Hosts to the Cache: I will do some more testing with different games and Client OS. Thanks for your Work |
|
@therealseeku we're not going fully public this as apparently there are still a few issues with the beta implementation and wording (somewhat confusing). Hopefully EA will roll a new update soon and then we can share the love into mainline :D ! Good to know more of it is working, we're also trying to get an up to date cdn list from EA as well to confirm |
|
Released to mainline Origin client. Domains have been reinstated into master. I'll keep this open for tracking, as the Origin client does have some "behaviour" around how it works. Probably worth a support document to explain? |
|
NOT WORKING ,deleted old containers docker rm mono dns sni |
|
What do you get if you do |
|
its also worth making sure your origin client is off, that you have your containers started and that you have flushed your dns locally |
I get the caching machine ips. All other caching platforms works. Steam blizzard epic. Etc |
Dns flushed origin off. Restarts. Does not prompt me to disable safe downloads |
|
Origin client 10.5.64.37936-758832 |
|
is your dns container upto date? what does |
I believe im updated and origin is service is enabled i see it in there. Dockdr log Dns |
|
What is the output when you actually run |
|
You need to assign RFC1918 addresses to your cache, and not public IP addresses. Some CDN providers (Steam, Origin, Riot) require a "trigger domain" to be set that resolves to one of these addresses before they will consider using the cache, otherwise they will use https and you will not be able to cache the traffic. |
why do they need to be RFC1918 ? we also don't use RFC1918 on our event to avoid NAT. |
|
It works that way because that's what the content providers have decided as an easy way to change the behaviour of their clients for most cases. Other events that operate on an entirely public IP range have their lancache on a RFC1918 range that is routable from within their event. |
That's helpful but can't we workaround that? since the isp is lazy and doesn't program local ips in their cisco router which i cannot access. Any help would be appreciated. Thanks |
|
The behavior is programmed into the game launchers. I'm afraid its outside of the scope we can control. Where we have used the lancache solution at the thousands of people end of the LAN we have used a locally routed RFC1918 subnet for the cache. |
|
Many of the game launchers require the RFC1918 before they will enable their built in TLS downgrade / HTTP fallback modes, so its not something that can be worked around. If the hostnames resolve to anything else they will remain TLS/HTTPS and thus can't be cached as expected. I'd expect its a failsafe measure to ensure that they are only downgrading when they are 100% sure they are talking to a local cache and not sending unencrypted traffic over the internet to a public ip that could be anywhere, but we don't really know. The best approach to handle that depends heavily on your network setup. We've had success with giving the cache two interfaces - one with a public IP on the WAN side for internet access / downloading games from the web and a second with an RFC1918 which is client facing on the LAN and the IP we override the hostnames in DNS to. Alternatively you could look at using NAT and putting the cache on single interface with an RFC1918 that sits behind a firewall/router that holds the public IP. |
|
I can confirm switching to local ip solved the issue. I only added a virtual connection then added a - e origincacheip and pointed to the local one and whatever is ok with public ip takes the rest. |
|
virtual connection wasn't a good idea because it doesn't stay after a reboot ,simply adding the ips to the network interface was the right way to do it, ofcorse you will need a local ip pool available , thank goodness the isp cooperated and made one, even though it was lazy work they all routed to a single public ip but it did the job. |
i'd advice you to do it in local or mix the 2 , in both cases ,take care of the firewall rules , you will need to add some protection from external ips or else you might lose bandwidth,lags , bufferbloat, SEVERELY slow your caching machine to near non-operational state |
|
I'm also having this issue. on the client I go to download a game in Origin, never prompted to disable safe downloading, no disk write activity in the cache and sniproxy is very busy passing through everything without touching. |
|
if your client isn't showing you the warning box you can try turning the client off and on again. If the application doesn't pick up the prompt it will continue to use https |
|
In the Origin app settings you have this it's on by default if you turn it
off it should use your cache for pulling updates.
note if you close the client and open it back up it turn back https
downloads. if you want to use http it looks like you have to go there each
time.
[image: image.png]
…On Mon, Aug 3, 2020 at 1:56 AM Proto ***@***.***> wrote:
if your client isn't showing you the warning box you can try turning the
client off and on again. If the application doesn't pick up the prompt it
will continue to use https
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#98 (comment)>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AD6BDALG6ZLVC4K7JREKMJDR6ZNR5ANCNFSM4H4UBBRQ>
.
|
|
Strange, I got it to work, but all of the following did NOT work. Rebooting the client, rebooting the server, tried opting into origin technical releases, tried opting out. Reinstalling Origin worked though, I'm prompted on first game download. Weird. |
As of 2019-07-01, Origin has switched to HTTPS for downloads.
They have been approached by Twitter and EA Support Forum.
The text was updated successfully, but these errors were encountered: