• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Unable to access some https websites.

General pfSense Questions
2
5
1.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • G
    giannidoe
    last edited by Jul 23, 2015, 4:49 AM

    I'm trying out pfSense as an alternative to an OpenBSD based setup, I have a PPPoE WAN configuration.

    Some sites such as https://twitter.com fail to load and I thought it might be to do with the WAN MTU, I've tried changing this to 1492 and 1452 but it makes no difference, I've also followed the suggestions here https://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites to no avail.

    The pf configuration seems to be the same as my OpenBSD box as does PPPoE.
    Any suggestions?

    1 Reply Last reply Reply Quote 0
    • N
      NOYB
      last edited by Jul 23, 2015, 5:25 AM

      Could you post a WAN packet capture for ports 443, and 53 TCP & UDP when trying to browse to https://twitter.com/ .  That may give some clues as to why?  My first guess is DNS name resolution failure.

      Able to ping twitter.com ?

      1 Reply Last reply Reply Quote 0
      • G
        giannidoe
        last edited by Jul 23, 2015, 5:41 AM

        It's definitely not a DNS issue, twitter.com resolves fine and I can ping it.
        Packet capture here https://dl.dropboxusercontent.com/u/249827/packetcapture.cap

        1 Reply Last reply Reply Quote 0
        • N
          NOYB
          last edited by Jul 23, 2015, 8:30 AM

          Have you verified that 185.45.5.43 is a correct Twitter address?  I doesn't resolve back to Twitter for me.  In fact it doesn't resolve back to anything for me.

          C:>nslookup 185.45.5.43
          Server:  pfSense.localdomain
          Address:  192.168.2.1

          *** pfSense.localdomain can't find 185.45.5.43: Non-existent domain

          C:>

          Here Twitter resolves to these addresses using DNS Resolver and root servers.
          C:>nslookup twitter.com
          Server:  pfSense.localdomain
          Address:  192.168.2.1

          Non-authoritative answer:
          Name:    twitter.com
          Addresses:  199.59.148.82
                    199.59.148.10
                    199.59.150.7
                    199.59.149.230

          C:>

          1 Reply Last reply Reply Quote 0
          • G
            giannidoe
            last edited by Jul 23, 2015, 9:47 AM

            It looks good to me and I'm also using the same resolver on my OpenBSD router where twitter.com displays fine:

            leiter% drill -T twitter.com
com.	172800	IN	NS	h.gtld-servers.net.
com.	172800	IN	NS	i.gtld-servers.net.
com.	172800	IN	NS	l.gtld-servers.net.
com.	172800	IN	NS	e.gtld-servers.net.
com.	172800	IN	NS	m.gtld-servers.net.
com.	172800	IN	NS	g.gtld-servers.net.
com.	172800	IN	NS	c.gtld-servers.net.
com.	172800	IN	NS	j.gtld-servers.net.
com.	172800	IN	NS	d.gtld-servers.net.
com.	172800	IN	NS	b.gtld-servers.net.
com.	172800	IN	NS	a.gtld-servers.net.
com.	172800	IN	NS	f.gtld-servers.net.
com.	172800	IN	NS	k.gtld-servers.net.
twitter.com.	172800	IN	NS	ns1.p34.dynect.net.
twitter.com.	172800	IN	NS	ns2.p34.dynect.net.
twitter.com.	172800	IN	NS	ns3.p34.dynect.net.
twitter.com.	172800	IN	NS	ns4.p34.dynect.net.
twitter.com.	30	IN	A	185.45.5.32
twitter.com.	30	IN	A	185.45.5.43
twitter.com.	86400	IN	NS	ns1.p34.dynect.net.
twitter.com.	86400	IN	NS	ns3.p34.dynect.net.
twitter.com.	86400	IN	NS	ns2.p34.dynect.net.
twitter.com.	86400	IN	NS	ns4.p34.dynect.net.
            1 Reply Last reply Reply Quote 0
            3 out of 5
            • First post
              3/5
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.