I was trying to install Windows 11 ARM64 build on my spare Rasperberry Pi 4. This involves using a script generated by uudump to build a Windows installer ISO file. The script uses aria2 to download packages from Microsoft servers. Soon I realized the script didn't seem to work - specifically the aria2 tool was extremely slow and failed to download a lot of files.
It was late, so I decided to just let the script run overnight and check back next morning.
The next morning... no luck. The script was still running, with tons of error messages from aria2.
How come? aria2 claims to be "super fast". The error messages essentially all say that the target server didn't response to the request.
To confirm the issue is really what the error message indicated, I copied some of the target URLs from the error messages, then used the wget command to download from those URLs. And they all downloaded quickly without a single issue.
So it seems the problem is with aria2 itself? Then it ocurred to me that I should check the network logs on my router, the Unifi Dream Machine SE.
And there lies the answer.
In the Security Detections logs, there are a bunch of events from my VM running the script:
Potential Risk
This is associated with potential Trojan activity which may be harmful for your network.
Detection Category User Agents
Signature ET USER_AGENTS Aria2 User-AgentAppearantly the Unifi Network's IDS/IPS decided aria2 is potentially harmful and blocked the traffic. That's why aria2 never received response from Microsoft's download server for a lot of requests.
I need the script to work, but since IDS/IPS says these requests smell fishy, I moved the script from a sandbox VM on my "low trust" VLAN to a temporary VM in a dedicated "no trust" VLAN that can only access the internet and completely blocked from my local network; then I added the temporary VM to the Unifi Network's Security Detection Allow List. After that, the script worked quickly and I got the Windows 11 ARM installation ISO generated.
Note to myself: if the rest of the network seem fine, but a certain app is having issues, make sure to check the network security logs first.