Cannot access single web page on pfsense 2.7.2
-
Dear all,
There is a single website that does not work on my pfsense 2.7.2 firewall:
https://uk-24-25.brightpay.com/
It works on my other workstations that go out onto the internet via different firewalls.
Any suggestions? I've tried a few things already to no avail. I'm pretty sure it is not a DNS issue.
thanks in advance.
gm
-
@gocman100 said in Cannot access single web page on pfsense 2.7.2:
https://uk-24-25.brightpay.com/
That works fine here through two pfSense boxes.
Do you have IPv6?
How does it fail when you try to connect?
Steve
-
yeah interesting it works on my home pfsense also......(I rememberd I had one after I posted)
No IPv6, it basically just spins round in the middle that circle style icon.
Also seems to work fine from my vmware hosts, but on my hyper-v hosts no joy - so I dont believe my IP addresses are blocked by cloudflare or whatever they might have.
-
That page just redirects to a different page, does it hit that?
Do you see states open to it? With two way traffic?
-
it doesnt hit the redirect, thats the thing its struggling with.
I think I've discounted pfsense now, my windows vm on vmware esxi works fine going through the pfsense, my hyper-v windows vm does not! Obviously both hypervisors have their own vswitches etc so will need to drill down into that to find the answer I think. may try mtu settings on the network card inside the vm.
-
@gocman100 I show it resolving to this
;; QUESTION SECTION: ;uk-24-25.brightpay.com. IN A ;; ANSWER SECTION: uk-24-25.brightpay.com. 3600 IN A 104.21.9.192 uk-24-25.brightpay.com. 3600 IN A 172.67.189.135Your not using any networks locally that would overlap with these are you? Seen users say they can't get to xyz, well no since you think the network xyz is on local network of yours.
Are you policy routing any traffic out a vpn?
-
no local networks for those addresses and no vpn
-
Can you visit https://www.test-domaine.fr/ ?
-
yes works fine
-
Then you have no DNSSEC issues, and the site is using IPv6 and IPv4, so a good working choice was made on your side.
Hummmm, probably not your pfSense.Your IP ? Can you connect another device behind this pfSense, and test again ? Then fire up a VPN on this device, and test again ?
-
@gocman100 you sure all these devices are using the same dns? Devices using different dns could be resolving different IPs for the same site.. Browsers being used could be using doh or something.
Are you running anything through a proxy on your end?
I would just sniff on your wan, do you see the syn go out? What is the difference between traffic you sniff on wan for client that works, and for one that doesn't work?
-
just firing up a vpn on a test hyper-v vm now! will update you soon!
-
no difference when using winscribe vpn.......strange but I guess its still ultimately using a hyper-v vm network card/vswitch etc.
