Accessing secure banking sites
-
I have a default VLAN switch config on my LAN, but I can't access secure banking sites from my LAN.
I have only 1 WAN port, and no squid setup.
-
@gil can you ping a public IP address? Resolve any websites? Are you getting an IP from the default VLAN (1)?
What happens when you ping... [pfsense LAN IP]? 8.8.8.8? Yahoo.com?
If you have interfaces for all the VLANs in the pf, as well, are you blocking traffic on the interfaces? What does it show in System Logs -> Firewall?
-
Yep. resolving almost every website. but not https://banking.westpac.com.au/
This site is accessible and valid on the internet side of the firewall.Nothing TCP under the firewall logs.
-
@gil said in Accessing secure banking sites:
resolving almost every website. but not https://banking.westpac.com.au/
Are you unable to resolve the name or to load the page?
What do you get in the browser exactly?
-
@gil said in Accessing secure banking sites:
banking.westpac.com.au
clearly some issues going on with their dns
https://dnsviz.net/d/banking.westpac.com.au/dnssec/
-
It look likes who ever manages the zone "banking.westpac.com.au" activated DNSSEC without really knowing what he was doing.
The registrar hasn't has not activated DNSSEC for that host name, but there are DNNSEC records in the zone. That's ... not done.banking.westpac.com.au or westpac.com.au isn't set up for DNSSEC usage.
@Gil : if you have a VPN, go to some place in Europe, or the States.
I can visit banking.westpac.com.au just fine from France.
Looks like some upstream DNS issue.edit : Using https://www.zonemaster.net and was told : "this domain name is a mess" (for the moment).
PS : It's not a Russian bank, right ? ;)
-
@gertjan yeah agree its a mess..
Maybe they are in the middle of migration, or someone thinks they are and didn't tell the rest of the team, etc. ;)
-
@gertjan said
PS : It's not a Russian bank, right ? ;)
Not exactly but they have had other "problems"