Android Limited Connectivity
-
@gwaitsi said in Android Limited Connectivity:
It seems the devices want to talk to google directly.
Change the settings of the device-OS, so they don't insist on wanting to talk to Google anymore ?
Or block (firewall pfSense) connections to 8.8.8.8 - and hope the device will use the local DNS (pfSense) eventually, even if it doesn't stop to 'call home' = polluting your network with useless traffic.
It's open source "do what you want" software, right ? (I'm not sure, never actually used or even had a android device in my hands).Or use an OS that is also - keyword : sold - to enterprises : these OSes will never show that behavior as company won't buy them anymore.
-
@Gertjan i have blocked google dns. All external dns is forwarded back to pfsense. that is the root of the problem. if i don't block the dns, then the android devices do show any issue.
-
@gwaitsi If you're certain that the android devices show your local pfsense address as the DNS address in their network settings, and if blocking the google DNS on the firewall causes this behavior, then it's logical to assume that there is one or more app/os on the android device that is not using the configured DNS server. If that's the case, I agree with @Gertjan that these are problematic devices/apps.
I wonder if setting the rule to 'Reject' the DNS traffic to google DNS vs. 'Block' might trigger the devices to fail back to the configured pfsense DNS server address.
-
There are instructions in the pfSense docs to NAT DNS so the device does not know it it not talking to the DNS server of it's choice. I have done it with PiHole, the method to do it for pfSense DNS is a little different.
Or don't worry about it since it is working fine.
-
@AndyRH I have
Rules
- rule to allow DNS to pfsense interface
- rule to block all other DNS not to pfsense interface
Port Forwards
- DNS not to pfsense interface, redirect to pfsense interface
but what i don't understand is, i have 3 WIFI IDs 2 give the error and 1 does not. The have exactly the same DNS settings
-
@gwaitsi, from what I know they use a host to check if "Internet" is available.
There's no good way to differentiate network vs Internet, so all mobiles do this.
Androids HTTP/S to connectivitycheck.gstatic.com or clients3.google.com or www.google.com
iPhones HTTP/S to captive.apple.com
Missing response they assume there's no Internet reachable from current connectivity. -
@gwaitsi said in Android Limited Connectivity:
I have my DNS setup to forward all requests to pfsense.
And use the DNS Resolving to forward to cloudsense all requests not handled by resolver.Are you using DHCPv6 on your LAN? Android devices won't work with it, thanks to some genius at Google. You normally use SLAAC and select Provide DNS configuration via radvd.
-
@JKnott no, just IP4. but it is weird and seems to be something to do with the client/s.
some phones connect to WIFI1, WIFI2, WIFI3 without issue
my phone connects to WIFI3 without issue, but WIFI1 and WIFI2 with limited connectivityI tried to forget the connect and re-establish, but i get the some results.
-
@gwaitsi said in Android Limited Connectivity:
rule to allow DNS to pfsense interface
Android phone ? DNS, problems ? .... I hope this one is done now.
-
@Gertjan all android phones.
WIFI1, WIFI2 and WIFI3 are all on the same devices and forward dns queries to the pfsense interface for the vlan.But different devices, get different results
-
@gwaitsi said in Android Limited Connectivity:
forward dns queries to the pfsense interface
And just to be sure : using '53' TCP and or 53 UDP, like the good old days. Not 'only 853 or nothing'.
I owned/used never saw an Android device ... so dono how these devices behave.@gwaitsi said in Android Limited Connectivity:
But different devices, get different results
Like : a pc works, but a byod doesn't ?
-
@Gertjan i mean different android devices get different results.
no windows or linux machines are effected -
@gwaitsi
AS shown in the other thread I've mentioned above : packet capture on the interface used, and add the IP of the device.
Start the capturing.
Now, connect the device.Tell us what you saw ....
@gwaitsi said in Android Limited Connectivity:
no windows or linux machines are effected
Neither apple devices, they work fine also, right ?
