some websites are being blocked not sure what i got miss configured
-
the nslook up worked this time... for elegoo but i cant access still from my desktop pc
from either a vpn or wan client
canada computers NS look up works.. but ping doesnt and neither wan or vpn clients cant ping or websites work
-
so i rebooted both computers i testing on and results are
VPN Client
Canada computers site works
elegoo website doesnt workWan Client
Canada Computers site doesnt work
elegoo website doesnt workso i not sure where i messed up things ? in my rules or what not
-
Hmm, well that's not good! What are those DNS servers? What do you have configured for DNS on the firewall? The default Unbound in resolving mode?
-
@stephenw10 those ones are the nord vpn ones
from above my orginal screen shots where i dunno why they do a none for the the 2nd dns i not sure why you do a none?
i even tried a ppoe on the 2nd dns that didnt work
if i added a 1.1.1.1 to the wan pppoe it buggers up my secure nord vpn where i dunno why as i figured if you specifiy general setup the dns if the 2 nord vpn dns are for the vpns and the 1.1.1.1 is for the pppoe then it be fine i dunno
and as for the dns on my firewall do you mean the dns resolver? if so here is a screen shot.. if not youd have to explain what id need to chec... and what is my default unbound resolving mode? i not sure?? where i find that?
-
Yeah I would expect to need both those servers set via the VPN WAN. They are probably only accessible over the VPN.
Are you passing DNS servers to the internal clients specifically via DHCP? BY default the pfSense interface IP is sent so clients would use Unbound in pfSense. But that means if pfSense can resolve elegoo.com then clients using it should. So that fact they cannot implies something is different.
The fact canadacomputers.com doesn't respond to ping is not an error. It should still respond to http/s.
This is probably failing because DNS requests are leaving over the VPN and https requests are not resulting in a mismatch. The same reason Netflix fails when requests don't match the DNS server locations.
When you use only the VPN providers DNS servers all traffic has to use the VPN to prevent that mismatch. -
@stephenw10 so
under the dhcp server lan i point the gateway and dns to 192.168.0.1and then the route policy bypass you or john told me to setup was to be able to get the vpn and wans to work properly a while back
ya like in the tutorial for nordvpn they set it up 2 dns servers under general setup 1 they setup to the nordvpn openvpn connection and they set the other one to none
now i dont know why you set it to none??? but you do... i have tried putting that dns for the the pppope wan port but that didnt help... and if i set it to 1.1.1.1 then it makes my nordvpn unsecure leaking so defeated the purpose the vpn
but ya i set it to 192.168.0.1 and the only thing thats different is the host over ride where it points to 192.168.0.32 which is my lancache and that just goes out 1.1.1.1 and i tried my dns but that didnt solve the 2 websites and i sure its not only these 2 websites ...
so can it be fixed you think? or what not or is there another page in pfsense i can screen shot for ya
its probably 1 little thing that is conflicting thats screwing up for everbody as it goes lol
-
or would the best be which i havent finished i did a Vlan DMZ
so LAN Be VPN and DMZ would be the WAN
would that solve the issues instead of that route policy bypass and the dns issue i having
where the vpn be secure and the dmz would be the gaming computer would be on the wan still point to 192.168.0.1 so that the lancache would still work but would go out the wan no issues
or would i still be running into issues?
-
and like now the
elegoo .com works on the WAN PC but the canada computers website doesnt
but both are working now on the the VPN its very strange... and i havent touched nothing on pfsense i just been letting it idle from your last reply
does that mean anything?
-
and now the WAN computer the elegoo webpage doesnt work like its something thats turning on and off thats making it work and then not work...
like how come not all websites just dont fail... or all work i know you mentioned about netflix but like the issue i having its up and then its down like frig it needs a kick in the butt lol
-
Try setting external DNS servers manually on a client that's using the WAN directly and restest. So maybe use 8.8.8.8/8.8.4.4.
If the Lancache server is already set manually to use 1.1.1.1 try to connect from there.
This is almost certainly a DNS issue IMO.
The only other thing it could really be is some sort of MTU problem but that would only likely apply when connecting via the VPN.
-
@stephenw10
so setting to 8.8.8.8 8.8.4.4 and connecting to elegoo and canada computers both works fine.. on the WAN PC no issuesi tried setting the the WAN PC to 192.168.0.33 which is the lancache DNS server for the lancache server at 192.168.0.32
both are currently working that way too..but at 192.168.0.1 nope fails on both elegoo works for a few minutes but fails after a bit and canada computers doesnt wanna work period
-
Ok it sounds like something is filtering that in Unbound then. Pretty much has to be DNS-BL in pfBlocker.
-
@stephenw10 here is the screen shots of the dns bl
and ill try disabling the pfblocker to see if that will fix it?
-
so disabling pfblocker and letting it sit 10 minutes the WAN computer can not still access either of the 2 websites... still cant ping them or goto the webpage
-
Can pfSense resolve both URLs correctly?
canadacomputers.com does not respond to ping so that will always fail. You need to try a TCP test on port 443. You can do that in pfSense using Diag > Test Port.
Or from a client using curl or telnet like:steve@steve-NUC9i9QNX:~$ telnet canadacomputers.com 443 Trying 52.233.38.251... Connected to canadacomputers.com. -
@stephenw10
so on the wan computer
caanada computers site will not work in the browser.... now the elegoo website it wont work then it will at at moment say maybe min or 2 part of the website works then it goes to page cant be found or what not... then might come back.. same like i mentioned ifi reboot pfsense typically both sites work then they stop working within 5 min or canada computer site wont work period but the elegoo will work for about 5 min after a pfsense reboot but then goes down
-
Ok check the states when that is failing. Is it sending traffic out of the WAN correctly?
-
@stephenw10 here is the states for the canada computers when it fails... i tried to find the ip for elegoo.com website but i couldnt find it so i couldnt do screen shot
-
Hmm, I note canadacomputers.com resolves to a completely different IP address for me. Does it resolve to that against 8.8.8.8 for example?
If not then there's something odd with the VPN DNS servers I'd suggest.
steve@steve-NUC9i9QNX:~$ dig +short @103.86.99.100 canadacomputers.com 52.233.38.251 steve@steve-NUC9i9QNX:~$ dig +short @103.86.96.100 canadacomputers.com 52.233.38.251 steve@steve-NUC9i9QNX:~$ dig +short @8.8.8.8 canadacomputers.com 52.233.38.251 -
@stephenw10 so i got
