Various sites and services being blocked - how to fix?

A Former User

@elmojo, Confirm if everything really works 100%

Because I still see a problem in your logs.

if it works 100% then ignore this alias.

the ip of your gateway will always be different, the monitor ip can use the one you want I like 8.8.8.8 it is only to monitor your ping

A Former User

@elmojo, Well, this alias is to block access to your pfsense and then allow everything as your old home router did, but if it already works well for you, I do not recommend doing this.

IT IS MUCH BETTER FOR SAFETY THE RULE YOU ALREADY HAVE IN WAN (DENY ALL TO ALL)

Elmojo

@silence Okay, cool. I will turn off that alias then.
Man, thank you so much for your help. There's no way I would have gotten this working without you, @Gertjan and @serbus. You guys have been so patient and helpful in getting this mess worked out! I can't imagine why it was such a mess. I'm sure I did something to cause it. lol
Unless you think you have some additional work or checking to do in there, I'm going to disable to the remote access for now.

On another note (I can start a new thread if that's cleaner), what's the preferred method for adding a wireless AP to pfsense? I read the netgate doc, and it just says "plug it into the switch", but there's a better way... It then talks about assigning an OPT interface and bridging to the LAN, but doesn't explain that process clearly enough for me to follow. I'd like to do it right, so that my wifi is protected and all traffic runs through the pfsense, just like my LAN. I'm not concerned about speed.

A Former User

@elmojo, This can be achieved, check a little the documentation of the captive portal (Validate if your ap) is compatible and I recommend you verify a little the configuration of your device, some have static dns this I do not recommend.

As for remote access, you just have to delete the user and the rule from the wan

it was a pleasure to help you.

Elmojo

@silence
Is captive portal required to do the OPT/Bridge as described in the doc?
It doesn't say anything about that, and I don't need any increased security at this point, or per-user login or tacking. I just want all the wifi traffic to run through the firewall rules like the LAN traffic does. Maybe it does this by default if the AP is plugged into the switch, but the doc makes it sound like it does not.

A Former User

@elmojo, well if you only want internet, via pfsense then just connect the ap to your lan.

Elmojo

@silence Will any clients connected to the wifi have access to the local LAN by default? It's fine if they do. I can lock them out later with a guest network or whatever. I just want to get it up and running for now. Those who connect will be trusted personnel anyway. We are an isolated location, so no one else is around to snoop the wifi. lol
I'm more concerned with protecting the connected wifi devices via the firewall rules.

A Former User

@elmojo, IF YOU HAVE A SWITCH You can create vlan in pfsense and manage everything in your switch

Elmojo

@silence I do indeed. :) I'll have to look into all that later.
For the moment, I'm just wanting to know this: If I plug an AP into the switch, with no other configuration, will the wifi traffic be protected by all the same Pass/Block rules from the pfsense as the LAN?

A Former User

@elmojo, yes

Elmojo

@silence Excellent.
Well thanks again for all your help!
Hopefully I'll be able to sort out my own messes for a while, but I know where to ask if things get to be too much for me to handle. ;)

A Former User

@elmojo, Excellent.

Brother, I have a cybersecurity company if you are interested you can always contact me via email WelinsonQuezada@Gmail.com

If you know of someone interested in some VPN or advanced configuration on networks (hardware or software does not matter) you can contact me.

Elmojo

@silence Thanks for that. I have a client who might need your services.
I will pass along the info.

A Former User

@elmojo, Thank you and have a merry Christmas and New Year.

Elmojo

I hate to open this old wound again, but I suspect you're correct @Silence, something is still not quite right with my configuration.
Mot everything works okay, but certain sites (specifically Google services) are constantly telling me that they don't recognize me, and are asking for identity verification.
Was there something you saw in the logs that could be causing that?
It's really annoying to constantly have to jump through those extra hoops just to prove I am who I say I am to Google. :/

Gertjan

@elmojo

Check this : Google doesn't recognize you if your WAN IP changed and/or the browser you use doesn't accept cookies.

Elmojo

@gertjan said in Various sites and services being blocked - how to fix?:

Check this

• My WAN IP hasn't changed, at least not recently.
• My browser does accept cookies, as far as I know. Again, it hasn't changed recently.

Actually.... I take that back... I did install a privacy extension on my desktop browser. Let me try disabling that and see if it's the problem. Thanks for the tips!

Gertjan

@elmojo said in Various sites and services being blocked - how to fix?:

My WAN IP hasn't changed, at least not recently.

@elmojo said in Various sites and services being blocked - how to fix?:

I did install a privacy extension on my desktop browser

So, your WAN IP did change.

The WAN IP here is the IP the browser uses.
The browser-VPN goes out over the pfSEnse WAN IP, true, but in this case that IP isn't visible. It's the VPN WAN IP that counts here.

When you manage to access Google, type :
What is my WAN IP ?
Using the browser extension you mentionned, it's probably not the pfSense WAN IP (if it is, you have a scam extension ;) )
This is why you use a VPN browser extension in the first place.

Using a VPN, or VPN look alike, will attribute you a IP that is probably known and listed by Google.
Even if your VPN WAN IP stays the same, Google will keep on asking you to click on 'traffic lights', 'bridges' or 'cars'. This is because they (Google) have difficulties handling the product (you are the product) and they know that collected data is nearly useless for them. So, yeah, they will make life difficult for you.

Elmojo

@gertjan What VPN? I didn't say anything about a VPN... lol
What I meant was that I'm sure my WAN IP has changed at some point in the past, but not since I've been able to access Google services without issue. The issues all started around the time when we were doing all the troubleshooting for the blocked sites.

Regardless, I think the problem may have been the privacy extension (not a VPN!) that I installed in my browser. It had nothing to do with the pfsense, but may have caused the Google issue, and just been bad timing, since it made it look like it was related. I'll do some additional checking and report back.

A Former User

@elmojo, I will be awaiting your next comment.