some websites are being blocked not sure what i got miss configured
-
so i have notice i cant access some websites like www. canadacomputers .com and www. elegoo. com
but i can ping them through the pfsense page
and i not sure if its due to the host override page... or if its the bypass policy or what is there any tests i can do to see where its stopping it
so how its setup is
i give out 192.168.0.1 to everything... host over ride points to 192.168.0.32 which is my Lancache server for game and windows update caching and it points to 1.1.1.1but for some reason my vpn and my lan can not access either website yet i can ping them... so like to know if there is a way i can see whats blocking it
trace it where its being blocked if its possible?
-
Are those hosts accessing the sites directly via the pppoe WAN or via the VPN group? If it's via the VPNs do they connect as expected if you bypass the VPN?
-
@stephenw10
not sure what you mean to be honestit should be going out the WAN so the ppoe i take some more pics
the vpn group is for the nord vpn it was so i had a fail over and the WAN was for the gaming computer and xbox so its not behing the vpn
so it should go all out i get you the NAT i think
and if i add say under General for the DNS and add 1.1.1.1 for WAN PPOE then that buggers up things it doesnt keep my VPN secure which i dont understand
which i dont see why wan cant go out the 1.1.1.1 the vpn goes out the 103.86.96100 and the 103.86.99.100 is set to none which i dunno why its set to none its per instruction on the nordvpn website tutoral... but if i add the 1.1.1.1 i forget i think it works but it then buggers up the secure vpn part of the nordso i not sure whats causing the blockage of the websites is there any screen shots you need? i not fluent in certain words so you may need to ask more detailed question for me to explain what i got
-
oh and what i find is i did un gray the one NAT that i have for my gaming comp the 192.168.0.227/32 on the wan does nothing but when i reboot pfsense
my gaming computer i can ping and goto the elegoo .com website for about 5 10 min then the website is unping able but the canada computers website i cant access period.
what does that mean that when it reboots i can access it for like 5 min then it doesnt let me access it at all like i can ping it after pfsense reboots but after 5 min or so then its un ping able from the desktop pc
-
Yes I meant are you testing from a client that is having it's traffic routed via the 'VPN_group' gateway (group). The gaming comp and anything in the NoVPN alias is using WAN_PPPoE directly.
A ~15min timespan like that sounds like an ARP cache expiring. That wouldn't apply to just some sites though. Or to TCP and not ICMP. However an ICMP redircet might. If for some reason those sites are resolving to something local and being redirected for example.
I would look at the state table in Diag > States whilst trying to connect and see where that traffic is actually going.
-
so it happens on my gaming computer which is on the WAN connection the 192.168.0.227 in the rules as i was adding that in there to trouble shoot things
and it happens on the VPN_group both sides both loose it
so when i reboot pfsense they both cant access canada computers website for some reason but they both can access elegoo website for like the 5 10 min
but then both clients on the VPn group and Wan clients both can not access either sites well it cant seem to access canada computersbut if you go on the ping page on the pfsense page
both pages can be pingedsoo the elegoo isnt showing up in the ping but the ip is showing up for canada computers but cant be reached and so it shows up in the states but it cant be reached here is a screen shot
-
i dunno if these will help they my connections
-
canadaconpters.com doesn't appear to respond to ping The states look correct though.
elegoo.com does respond to ping for me though. It's not resolving for you. Does it resolve in pfSense in Diag > DNS Lookup?
-
@stephenw10
no its not resolving either
-
and i should be able to access canada computers website as they canadian computer store just weird.. and im sure its something i done wrong anyways as pfsense pretty flawless just my user errors makes things messed up
-
the nslook up worked this time... for elegoo but i cant access still from my desktop pc
from either a vpn or wan client
canada computers NS look up works.. but ping doesnt and neither wan or vpn clients cant ping or websites work
-
so i rebooted both computers i testing on and results are
VPN Client
Canada computers site works
elegoo website doesnt workWan Client
Canada Computers site doesnt work
elegoo website doesnt workso i not sure where i messed up things ? in my rules or what not
-
Hmm, well that's not good! What are those DNS servers? What do you have configured for DNS on the firewall? The default Unbound in resolving mode?
-
@stephenw10 those ones are the nord vpn ones
from above my orginal screen shots where i dunno why they do a none for the the 2nd dns i not sure why you do a none?
i even tried a ppoe on the 2nd dns that didnt work
if i added a 1.1.1.1 to the wan pppoe it buggers up my secure nord vpn where i dunno why as i figured if you specifiy general setup the dns if the 2 nord vpn dns are for the vpns and the 1.1.1.1 is for the pppoe then it be fine i dunno
and as for the dns on my firewall do you mean the dns resolver? if so here is a screen shot.. if not youd have to explain what id need to chec... and what is my default unbound resolving mode? i not sure?? where i find that?
-
Yeah I would expect to need both those servers set via the VPN WAN. They are probably only accessible over the VPN.
Are you passing DNS servers to the internal clients specifically via DHCP? BY default the pfSense interface IP is sent so clients would use Unbound in pfSense. But that means if pfSense can resolve elegoo.com then clients using it should. So that fact they cannot implies something is different.
The fact canadacomputers.com doesn't respond to ping is not an error. It should still respond to http/s.
This is probably failing because DNS requests are leaving over the VPN and https requests are not resulting in a mismatch. The same reason Netflix fails when requests don't match the DNS server locations.
When you use only the VPN providers DNS servers all traffic has to use the VPN to prevent that mismatch. -
@stephenw10 so
under the dhcp server lan i point the gateway and dns to 192.168.0.1and then the route policy bypass you or john told me to setup was to be able to get the vpn and wans to work properly a while back
ya like in the tutorial for nordvpn they set it up 2 dns servers under general setup 1 they setup to the nordvpn openvpn connection and they set the other one to none
now i dont know why you set it to none??? but you do... i have tried putting that dns for the the pppope wan port but that didnt help... and if i set it to 1.1.1.1 then it makes my nordvpn unsecure leaking so defeated the purpose the vpn
but ya i set it to 192.168.0.1 and the only thing thats different is the host over ride where it points to 192.168.0.32 which is my lancache and that just goes out 1.1.1.1 and i tried my dns but that didnt solve the 2 websites and i sure its not only these 2 websites ...
so can it be fixed you think? or what not or is there another page in pfsense i can screen shot for ya
its probably 1 little thing that is conflicting thats screwing up for everbody as it goes lol
-
or would the best be which i havent finished i did a Vlan DMZ
so LAN Be VPN and DMZ would be the WAN
would that solve the issues instead of that route policy bypass and the dns issue i having
where the vpn be secure and the dmz would be the gaming computer would be on the wan still point to 192.168.0.1 so that the lancache would still work but would go out the wan no issues
or would i still be running into issues?
-
and like now the
elegoo .com works on the WAN PC but the canada computers website doesnt
but both are working now on the the VPN its very strange... and i havent touched nothing on pfsense i just been letting it idle from your last reply
does that mean anything?
-
and now the WAN computer the elegoo webpage doesnt work like its something thats turning on and off thats making it work and then not work...
like how come not all websites just dont fail... or all work i know you mentioned about netflix but like the issue i having its up and then its down like frig it needs a kick in the butt lol
-
Try setting external DNS servers manually on a client that's using the WAN directly and restest. So maybe use 8.8.8.8/8.8.4.4.
If the Lancache server is already set manually to use 1.1.1.1 try to connect from there.
This is almost certainly a DNS issue IMO.
The only other thing it could really be is some sort of MTU problem but that would only likely apply when connecting via the VPN.
