some websites are being blocked not sure what i got miss configured
-
or would the best be which i havent finished i did a Vlan DMZ
so LAN Be VPN and DMZ would be the WAN
would that solve the issues instead of that route policy bypass and the dns issue i having
where the vpn be secure and the dmz would be the gaming computer would be on the wan still point to 192.168.0.1 so that the lancache would still work but would go out the wan no issues
or would i still be running into issues?
-
and like now the
elegoo .com works on the WAN PC but the canada computers website doesnt
but both are working now on the the VPN its very strange... and i havent touched nothing on pfsense i just been letting it idle from your last reply
does that mean anything?
-
and now the WAN computer the elegoo webpage doesnt work like its something thats turning on and off thats making it work and then not work...
like how come not all websites just dont fail... or all work i know you mentioned about netflix but like the issue i having its up and then its down like frig it needs a kick in the butt lol
-
Try setting external DNS servers manually on a client that's using the WAN directly and restest. So maybe use 8.8.8.8/8.8.4.4.
If the Lancache server is already set manually to use 1.1.1.1 try to connect from there.
This is almost certainly a DNS issue IMO.
The only other thing it could really be is some sort of MTU problem but that would only likely apply when connecting via the VPN.
-
@stephenw10
so setting to 8.8.8.8 8.8.4.4 and connecting to elegoo and canada computers both works fine.. on the WAN PC no issuesi tried setting the the WAN PC to 192.168.0.33 which is the lancache DNS server for the lancache server at 192.168.0.32
both are currently working that way too..but at 192.168.0.1 nope fails on both elegoo works for a few minutes but fails after a bit and canada computers doesnt wanna work period
-
Ok it sounds like something is filtering that in Unbound then. Pretty much has to be DNS-BL in pfBlocker.
-
@stephenw10 here is the screen shots of the dns bl
and ill try disabling the pfblocker to see if that will fix it?
-
so disabling pfblocker and letting it sit 10 minutes the WAN computer can not still access either of the 2 websites... still cant ping them or goto the webpage
-
Can pfSense resolve both URLs correctly?
canadacomputers.com does not respond to ping so that will always fail. You need to try a TCP test on port 443. You can do that in pfSense using Diag > Test Port.
Or from a client using curl or telnet like:steve@steve-NUC9i9QNX:~$ telnet canadacomputers.com 443 Trying 52.233.38.251... Connected to canadacomputers.com. -
@stephenw10
so on the wan computer
caanada computers site will not work in the browser.... now the elegoo website it wont work then it will at at moment say maybe min or 2 part of the website works then it goes to page cant be found or what not... then might come back.. same like i mentioned ifi reboot pfsense typically both sites work then they stop working within 5 min or canada computer site wont work period but the elegoo will work for about 5 min after a pfsense reboot but then goes down
-
Ok check the states when that is failing. Is it sending traffic out of the WAN correctly?
-
@stephenw10 here is the states for the canada computers when it fails... i tried to find the ip for elegoo.com website but i couldnt find it so i couldnt do screen shot
-
Hmm, I note canadacomputers.com resolves to a completely different IP address for me. Does it resolve to that against 8.8.8.8 for example?
If not then there's something odd with the VPN DNS servers I'd suggest.
steve@steve-NUC9i9QNX:~$ dig +short @103.86.99.100 canadacomputers.com 52.233.38.251 steve@steve-NUC9i9QNX:~$ dig +short @103.86.96.100 canadacomputers.com 52.233.38.251 steve@steve-NUC9i9QNX:~$ dig +short @8.8.8.8 canadacomputers.com 52.233.38.251 -
@stephenw10 so i got
-
Hmm, that non responding server is that one set without a specific gateway?
None are returning that 198 IP address though. That was the client resolved that?
-
@stephenw10 the none under general setup where i have it set to none for that one thats not showing a result
and ya on the wan client computer id get the 198.x.x ip but isnt that the range of the 192 for private networks i forget now
and how its all setup is
the dns resolver is set for nordvpn
all ips use 192.168.0.1 as the the dns and gateway ip
the 192.168.0.32 is for the host over ride to point for those lancache
i do use Avahi service to access my other networks to help with Home assistant it just helped
oh also i found the rededit website doesnt work on the wan client too... i figured it was my site to site openvpn connection connecting to my sisters lan always.. was issue but disabling it and letting it sit 15 min didnt solve that issue either
so something conflicting
but if i add 1.1.1.1 wan ppope under general setup makes things work but it defeats the purpose of my vpn as it makes it unsecure its too bad you cant block the wan gateway going on the vpn side... its just leaks over or what not
-
That 198.18.1.187 IP is a public address but it's unclear where it's coming from. Just Googling it shows that subnet is used by some services to speed up connections where DNS resolution fails.
You have anything running on the test host locally that filters DNS? Antivirus program? Browser extensions etc?
-
@stephenw10 if you mean test host like the Wan PC which is my gaming pc
no no dns filtering or extensions i really dont know what those are or i guess i do plugins i guess
but no dont have stuff and i only have microsoft antivirus
does it help if i send you my pfsense configuration file and then you can look at it to see if something is mis configured on it?
and i thought on the general setup page when you set the the dns to the specific gateways
that they would be seperateso the Wan PPOE if you set it to 1.1.1.1 then only the WAN(LAN) rules would access the 1.1.1.1
and when you set the VPN Nord to the 103.x.x.x then the NordVPN (LAN) rules would access the 103.x.x.x. and they wouldnt mix but thats not true
that was my undersstanding on that page where i though they be seperate... but as soon as you setup for the WAN PPOE it leakes over to the VPN and becomes unsecure yet it worksso im guessing you really can only have 1 or the other right? or no thats not right you should be able to have both.. and be able to seperate them securely
or you have to just run a 2nd dns server like i have on my unraid box but i only use it for my lancache prefill to run
-
The DNS servers you set in System > General Setup are what the system itself uses for resolution. They are also when Unbound uses if it is set to forwarding mode.
The gateways set next to each of those DNS entries cause pfSense to add a static route for that address via whichever address is set. So in a dual WAN situation it's recommended to set at least one DNS server on each WAN to allow access to something if one WAN goes down.
If you don't set a gateway there the system will just use the system default route which might vary.
However when you set outbound interfaces in Unbound the route-to rules will always force traffic via the gateway on those WANs (if there is one).
So when you add a DNS server without a gateway like that is allows pfSense to resolve things before the VPN connects or if it ever goes down. And that allows it to resolve the DNS server itself for example.
-
@stephenw10 i kinda understand... i a visual learner so i with my dislexia i have to re read things you write sometimes 10 times to understand and i kinda understand but i need pictures but i kinda understand.... i guessing we still cant solve the issue easilly...
cuz thats how in my head i thought thought things that the general setup you can specify the specificit dns for each gateway and then it keep it seperate.. but its mostly for dual wan not for a WAN and vpn and keep them secure seperately... and work perfectly fine like isolated...
ya no dual wan here... my little 5megabit dsl i cant even get 3 megabit half the time lol but i try to learn pfsense and set it up properly
i guess another way ? 2 pfsense boxes 1 for wan and 1 for vpn and that way they would be be isolated.. right and then there be no issues?
or how would you do it... as i try to get the dns for my local network as i dont always remember my ip address but i remember the server names i gave them.. but i guess i should learn or least write the ips down that way you dont relie on the dns to resolve the local ips.
always learning and trying to get a secure vpn a wan and a lancache and all use the 192.168.0.1 as the dns
and i always wonder... does microsoft use microsoft windows server for there server or they use a different brand things that run through my head lol
