Some sites cannot be browsed…

costasppc

Hi,

I have a new Pfsense setup in a client's site. The setup is kind of simple (1 WAN, 1 LAN) and OpenVPN for remote workers.
I have connected the ISP router and set PFsense to dial the connection via PPPoE.
I have implemented all the necessary for OpenVPN to work, and works fine.

All went OK until today, when suddenly the client could not browse his company websites only (no http or e-mail).

Those websites have the same public IP.

To be more clear for the issue: the websites are hosted outside the company and there is no DNS related stuff inside (split horizon setups for ex.).

Here is a traceroute from a successful connection from my office:
1  babel.asfa.gr (195.130.76.34)  10.136 ms  1.592 ms  4.897 ms
2  asfa-2-gw.eie-2.access-link.grnet.gr (195.251.25.45)  4.688 ms  3.002 ms  1.838 ms
3  grnet.rt1.ath.gr.geant.net (62.40.124.89)  2.249 ms  2.685 ms  2.030 ms
4  as0.rt1.vie.at.geant2.net (62.40.112.165)  31.286 ms  36.436 ms  33.556 ms
5  xe-3-0-0-vlan100.rt1.vie.at.geant.net (62.40.98.43)  34.064 ms  32.079 ms  32.070 ms
6  212.73.203.101 (212.73.203.101)  32.980 ms  32.947 ms  37.017 ms
7  ae-12-12.ebr2.frankfurt1.level3.net (4.69.153.146)  43.835 ms  44.223 ms  43.295 ms
8  ae-63-63.csw1.frankfurt1.level3.net (4.69.163.2)  44.073 ms  48.983 ms  44.883 ms
9  ae-1-60.edge7.frankfurt1.level3.net (4.69.154.11)  52.088 ms  53.643 ms  51.281 ms
10  195.16.162.254 (195.16.162.254)  53.880 ms  53.809 ms  54.576 ms
11  hos-bb2.juniper1.rz12.hetzner.de (213.239.240.155)  146.024 ms  146.159 ms  145.883 ms
12  hos-tr1.ex3k14.rz12.hetzner.de (213.239.228.143)  158.690 ms  154.431 ms  153.122 ms
13  static.223.97.63.178.clients.your-server.de (178.63.97.223)  144.115 ms  145.243 ms *

And here is a traceroute from the pfsense box, which stops in hop 11:

1  80.106.108.171 (80.106.108.171)  55.542 ms  23.608 ms  4.686 ms
2  79.128.248.61 (79.128.248.61)  4.884 ms  16.960 ms  4.931 ms
3  athe-crsa-athe7609c-1.backbone.otenet.net (79.128.227.25)  7.655 ms  5.090 ms  8.034 ms
4  athe-inet2.backbone.otenet.net (212.205.223.218)  4.907 ms  4.417 ms  4.665 ms
5  inet2-athe.backbone.otenet.net (212.205.223.217)  4.684 ms  4.592 ms  4.983 ms
6  79.128.227.89 (79.128.227.89)  4.839 ms  14.515 ms  11.773 ms
7  62.75.3.21 (62.75.3.21)  7.842 ms  8.448 ms  8.080 ms
8  62.75.4.206 (62.75.4.206)  48.028 ms  49.036 ms
    62.75.4.214 (62.75.4.214)  45.078 ms
9  62.75.4.214 (62.75.4.214)  48.771 ms  45.613 ms  45.341 ms
10  decix-gw.hetzner.de (80.81.192.164)  49.733 ms  49.812 ms
    hos-bb1.juniper2.rz12.hetzner.de (213.239.240.252)  51.984 ms
11  hos-bb1.juniper1.rz12.hetzner.de (213.239.240.251)  56.657 ms
    hos-tr2.ex3k14.rz12.hetzner.de (213.239.228.175)  52.970 ms  56.021 ms

Maybe it is MTU issue?

Best regards

Kostas

marvosa

Without more details all we can do is tell you to consult your client's website hosting vendor and/or their ISP about a possible DNS or routing issue.

costasppc

Thank you,

The WAN connection is done via PPPoE.

I have contacted the hosting company, they claim the website is fine (because they can browse it).

There was not issue before setting up pfsense in the client's premises and there was no issue for a day with pfsense up and running.

What more details are needed? What should I check?

Best regards

Kostas