pfSense mangling packets?
-
What might also be interesting is that TLS handshakes with some sites (according to firefox) take very long through the vpn and cause a timeout.
-
@Tueem said in pfSense mangling packets?:
with some sites (according to firefox)
How does this info present itself? While I don't run normally through a vpn, I do now and then testing stuff.. Not some service my own vpn that I run on a vps out on the internet, etc. And have never seen any such info presented..
Long handshakes through a vpn would get me concerned about a mitm on the cert or some sort of proxy doing a bump on the ssl.. While sure a vpn can add some latency to the connection. There should be nothing really different in the handshake time other than whatever latency your seeing through the vpn for all traffic.
Can you post up screenshot of how firefox is presenting that little tidbit of info?
-
@johnpoz Its this pop-up in the bottom left I'm referring to:
-
Try opening the Firefox debug console and looking at the network connections/timing while doing that.
-
@stephenw10 Here is the entire log:
As you can see the result is missing css
-
It looks like you have a an adblocker and it's blocking the css file along with all the actual ads.
-
@stephenw10 hmmm thats weird. I'm gonna ask the VPN provider because I definitely don't have one
-
@stephenw10 I've asked the VPN provider and waiting for an answer but I don't think that will be the problem since im using google dns and the same issues happens if I use another Wireguard VPN. I'm guessing its some kind of wireguard problem
-
@Tueem
Do you have IPv6 enabled and working? -
@w0w no I don't
-
@Tueem I just confirmed, it's definitely not the VPNs fault. I booted up a quick instance of OpenWrt and there having my server routed through the VPN works fine.
-
@Tueem
Interesting. I have similar issues with the same addresses 13.x.x.x and pfSense when I use a specific PPPoE connection, but the problem only arises when I use IPv6, which I also obtain via DHCP. Interestingly, everything works fine without pfSense in the loop. There must be something in pfSense itself, and in my case, IPv6 is just the trigger. -
Hmm, but you're not actually using IPv6 to reach it? And also over Wireguard?
-
I just wanted to throw in, that OpenVPN also works fine so I'm 99% sure there is something wrong with the wireguard plugin.
-
@stephenw10
No wireguard in my case. Now I use PPPoE only for IPv4 and HE GIF for the IPv6 testing and fallback. No problem with 13.x.x.x based sites currently, but I did not tested all of them.
I honestly don't understand what the relation to IPv6 is at all if packet capture shows that the connection is going through the IPv4 stack. I would be sure that it's some configuration error either from the provider's side or somewhere else on my end, but in fact, everything works directly, without pfSense.
