My pc isn't DNS resolving but my pfSense box is

Neoveo

@Gertjan I solved the problem.
It turns out that I have to plug in the WAN and LAN cables before booting up the pfsense router.
If I plug them in after it is booted up, then I cannot access the internet.

Gertjan

@Neoveo said in My pc isn't DNS resolving but my pfSense box is:

It turns out that I have to plug in the WAN and LAN cables before booting up the pfsense router.

Wow ...
Over 18 years of using pfSense, and I have never thought of doing that.
Booting a router that can't route ... like driving a car with the wheels taken of.
I'm curious now. I'll put that on my to-do list : I'll be watching the console what happens when I do this, and after the boot I'll hook up the WAN & LANs and see what happens.

stephenw10

Probably no default route present or the wrong one.

Make sure WAN_DHCP is set as the default IPv4 gateway in System > Routing > Gateways rather than automatic.

Neoveo

@stephenw10 Thanks, I will try that, they are both set to automatic.

Here is a screenshot of my gateway, they both show 100% packet loss and offline.
This is with either automatic or their respective WAN_DHCP selected.

file:///home/neo/Pictures/Gateway2.jpg

stephenw10

Ok, well that's not good! If you are able to connect out still it's probably just that your gateway doesn't respond to ping. Try setting some alternative external monitoring IP:
https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html

Steve

Neoveo

@stephenw10 Many thanks Steve, I really appreciate your help.
I took a look at the link you kindly provided and my head is swimming!
I am not sure what to do with all that information.

As I mentioned earlier, I am very new to pfSense; I think I need a little more detailed instructions.

Since my internet appears to be working, is this Gateway offline a non-issue?

Gertjan

@Neoveo

For your WAN_DHCP :
Go here : System > Routing > Gateways and edit the 'WAN_DHCP'
Add / edit the "Monitoring IP" :

Add an IPv4 that you know taht it will answer on ping request. 8.8.8.8 is a usable example.

Save - and then Apply changes.

If your issues was : "the default gateway didn't answer to ping (hence the 100 % Packet loss)" then now you should see :

If you have now a green "Online", you'll know that your on the right track.

Your WAN_DHCP6 : same treatment. Just keep in mind that this interface is for IPv6. So you have to enter a IPv6 as a ping-able IPv6.
Ask the oracle : what is the IPv6 equivalent of 8.8.8.8 ? and you have one.

If all goes well, your WAN_DHCP6 will be marked as Online now.

Neoveo

@Gertjan MAGIC!!! Many thanks for your wonderful help @Gertjan, I really appreciate it!

I used cloudfare 1.1.1.1 for IPv4 and 2606:4700:4700::1111 for IPv6 (thank you Google for that).
Now my Gateway shows IPv4 online and IPv6 as "pending" and "unknown".

That's better than what I had before!

Now my question is, since I had working internet, was able to ping and otherwise surf the net all while my gateway was showing offline with 100% packet loss, what purpose does the gateway serve?

stephenw10

The gateway itself is what pfSense routes all your external traffic to at your ISP.

By default pfSense sends pings to it to check the status but the ISP is under no obligation to respond to ping. Setting the monitoring pings to something external gives better data anyway.

Besides logging the latency and packet loss pfSense uses the gateway status if you have more than one gateway in a failover or load-balancing.

Steve

Neoveo

@stephenw10 gotcha, thank you so much for the education, I so much appreciate it.

My IPv6 still shows as pending and unknown.

Is this something that will resolve on it's own or do I have some more troubleshooting to do?

stephenw10

Unlikely it would just start working, unless it's something broken at your ISP that they then fix.

Does your ISP support IPv6?

Gertjan

@Neoveo said in My pc isn't DNS resolving but my pfSense box is:

while my gateway was showing offline with 100% packet loss

Get back to System >Routing > Gateways and edit the WAN_DHCP, just to look.
At the bottom of the page, click also on "Advanced settings".
The gateway monitoring is used for two things : in measures the round trip of a constant ping so nice graphs can be produced.
Also : the action part : it will cycle the interface : taking it down for a short period to rebuild the connection. This in the hope that it will be better (== more stable ping.
Knowing that the WAN interface(s) are use by other processes like unbound, the resolver, they will also restart at that moment. This could very well explain what you've been experiencing all along.

IPv6 : First : make things visible. Go to System > Advanced > Networking and check

Start DHCP6 client in debug mode.

From now on, the DHCP6 client (close friend, but not related the DHCP servers on your LAN will log more details.
The logs : Status > System Logs > DHCP

Look for "dhcp6c", that's the one.
During initial WAN (IPv6) construction, there will be more lines.

Keep in mind :these days, after severals decades of experimenting, most of the time, you set your WAN IPv4 to 'DHCP' and you'll be good.
For IPv6 it isn't that easy. DHCPv6 is sued, but most probably more settings have to be selected, as every ISP can offer you IPv6 with it's own sauce. It will probably standardize in a decade or two ;)

This is the idea :
Your WANv6 interface gets an IPv6, might be a GUA and/or the other thing, starting with a fe80......, the link local.
You will also have a IPV6 DNS, IPv6 gateway and a IPv6 subnet mask.

But there is more, we'll get to that.

Neoveo

Okay, I've set up the monitor as you have suggested and here is a screen shot of the logs (for all of the dhcp6c entries it simply says "sending solicit"

b075a053-0dd4-4836-b8c6-aa409d86c705-DHCP logs.jpg file:///home/neo/Pictures/DHCP logs.jpg

stephenw10

Seems like your ISP doesn't support IPv6 then. Or at least isn't responding to DHCPv6.

Unless they have some special requirement. What does the ISP docs show?

Neoveo

@stephenw10 said in My pc isn't DNS resolving but my pfSense box is:

Seems like your ISP doesn't support IPv6 then. Or at least isn't responding to DHCPv6.

Unless they have some special requirement. What does the ISP docs show?

I have sent my ISP a message asking them if they support IPv6, I think they do but we'll see what their answer is.

Neoveo

@Neoveo it turns out that my ISP does not currently support IPv6.

Gertjan

@Neoveo

That's strange.
But make live simpler, for now.
The perfect settings :

Under System > Routing > Gateways delete the IPv6 gateway, and select :

Save, Apply and done.

You could use an alternative : Configuring IPv6 Through A Tunnel Broker Service, I've been using their IPv6 services ( free ! ) for years. Their IPv6 is, IMHO, even today far better as what most ISP offer.

Neoveo

@Gertjan So what is the downside if I didn't set the Default gateway IPv6 to none?

I change it to none a few minutes ago but DHCP6 Gateway is still showing up as Pending and Unknown.

stephenw10

@Neoveo said in My pc isn't DNS resolving but my pfSense box is:

what is the downside if I didn't set the Default gateway IPv6 to none?

You have the DHCPv6 process running continually trying to get an IPv6 address on the WAN. You likely won't notice but at the very least it spams the logs with pointless errors hiding potentially useful info.

johnpoz

@Neoveo said in My pc isn't DNS resolving but my pfSense box is:

DHCP6 Gateway is still showing up as Pending and Unknown.

Delete the now pointless gateway.