HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE
-
Can you ping your DNS?
-
@stephenw10 In System > General Setup the DNS Servers are 8.8.8.8 and 8.8.4.4 (I set them during the initial setup).
In System > Routing > Gateways there's a WAN_DHCP and a WAN_DHCP6.
I edited the WAN_DHCP gateway and set a new monitoring IP 8.8.8.8.
The gateway is now up.
In Diag > Routes there's a default gateway 10.0.2.2, Flag UGS, Uses 8, MTU 1500 and Interface em0. There are 7 more IPv4 Routes.
Also, in Diag > Routes do I need to enable "Resolve names" under Routing Table Display options?
FINAL RESULT: I still cannot reach any website in my Kicksecure browsers, except for Tor which works fine. I rebooted pfSense but I still cannot browse through Firefox in Kicksecure. I tried with Brave as well, same result. Should I change anything in the browser's network settings maybe? Tor is working and can reach any websites, I don't know why.
I went to Diag > Ping and pinged both 8.8.8.8 and google.com, it worked.
-
When you tested in Diag > DNS Lookup do you see all configured DNS servers responding?
If Torbrowser is working from the Kicksecure VM then it must have a route out. Pings to an external IP should also work?
-
@stephenw10 I entered 8.8.8.8 and google.com in Diag > DNS Lookup and this is the result:
- 127.0.0.1, 10.0.0.243 and 192.168.1.1 DNS servers responded
- 8.8.8.8 and 8.8.4.4 DNS servers didn't respond
I didn't change any settings in Tor nor in the other browsers, nevertheless Tor seems to have a route out. Any idea?
-
Tor doesn't rely on the system DNS servers.
But it still needs a valid route. Did you try to ping out from Kicksecure to an external IP as I asked? That should also work. Try 1.1.1.1 since you have added static roues for google's DNS servers.
Did Diag > DNS Lookup show valid responses for the query for the servers that did respond.
-
@stephenw10 I went to Diag > Ping and pinged 1.1.1.1, it worked. I'm not sure if this is what you asked me to do.
In Diag > DNS Lookup I made a DNS lookup for 1.1.1.1, it showed valid responses for the query for the 3 servers that did respond (query time 2 msec, 32 msec and 2 msec). 8.8.8.8 and 8.8.4.4 did not respond.
-
@stephenw10 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
Did you try to ping out from Kicksecure to an external IP as I asked?
Test pings from he Kicksecure VM not from pfSense, we know it works from pfSense.
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
In Diag > DNS Lookup I made a DNS lookup for 1.1.1.1,
You need to query an FQDN like google.com not an IP address.
-
@stephenw10 Sorry, I pinged now 1.1.1.1 from the terminal window of Kicksecure VM and it worked.
In Diag > DNS Lookup I made a DNS lookup for proton.me, it showed valid responses for the query for the 3 servers that did respond (query time 4 msec, 55 msec and 3 msec). 8.8.8.8 and 8.8.4.4 did not respond.
In Firefox's network settings the "Use system's proxy settings" option is selected, I've never changed it since Firefox has been installed.
-
Hmm, OK.
So why are 8.8.8.8 and 8.8.4.4 not responding.... though it shouldn't matter because by default pfSense resolves dircetly with Unbound and passes that to clients to use.Did you enter a gateway for those DNS servers in System > General Setup?
However the actual problem here appears to be that the Kicksecure VM has no DNS. Which is odd because, as I say, pfSense will have passed it 192.168.1.1 to use for DNS.
Does Kicksecure use it's own DNS or something weird?
Try to resolve something from a terminal there like:
steve@steve-NUC9i9QNX:~$ dig netgate.com ; <<>> DiG 9.18.18-0ubuntu0.22.04.2-Ubuntu <<>> netgate.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15033 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 65494 ;; QUESTION SECTION: ;netgate.com. IN A ;; ANSWER SECTION: netgate.com. 2 IN A 199.60.103.104 netgate.com. 2 IN A 199.60.103.4 ;; Query time: 8 msec ;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP) ;; WHEN: Fri May 10 17:06:58 BST 2024 ;; MSG SIZE rcvd: 72That's in Mint where (unfortunately) systemd caches everything locally so you can see 127.0.0.1 as the reported server.
-
@stephenw10 In System > General Setup I didn't enter any gateway since no default values have been modified.
I don't know if Kicksecure uses its own DNS. I know for sure that, when making updates to its packages, it connects through Tor.
I forgot to say that the host system runs a VPN and Kicksecure VM uses that VPN when it's in NAT mode. However now it's set to intnet.
I found this link:
https://www.kicksecure.com/wiki/DNS_Security#Browser_Tests
and in Kicksecure terminal window I entered "dig +multiline . DNSKEY", the result is:
; <<>> DiG 9.18.24-1-Debian <<>> +multiline . DNSKEY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 51152
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;. IN DNSKEY;; Query time: 0 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Fri May 10 16:19:20 UTC 2024
;; MSG SIZE rcvd: 28I've tried to enter also "dig netgate.com", this is the result:
; <<>> DiG 9.18.24-1-Debian <<>> netgate.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 2721
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;netgate.com. IN A;; Query time: 4 msec
;; SERVER: 192.168.1.1#53(192.168.1.1) (UDP)
;; WHEN: Fri May 10 16:39:46 UTC 2024
;; MSG SIZE rcvd: 40I entered "dig +dnssec nic.cz @localhost" and this is the result:
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to ::1#53: connection refused
;; communications error to 127.0.0.1#53: connection refused; <<>> DiG 9.18.24-1-Debian <<>> +dnssec nic.cz @localhost
;; global options: +cmd
;; no servers could be reached -
@TheWall2 said in HELP: CANNOT BROWSE AFTER INSTALLING PFSENSE:
https://www.kicksecure.com/wiki/DNS_Security#Browser_Tests
Oh so it's configured to use DNSSec by default?
Ok I would install Ubuntu in a new VM and test that first. Kicksecure has a bunch of features that are getting in the way and just confusing the testing.
I think in fact pfSense is working fine. Though it's unclear why 8.8.8.8/8.8.4.4 will not resolve.
-
@stephenw10 I will do it, thanks a lot for your patience and your help
