Avaliable Packages missing cant seem to find

comet424

well im on tech support with nordvpn hopefully they can fix this 2 errors the packagemanger and the cipher thing

comet424

so much for a fix... the warnings are ok they say..
and they said the package manager can be buggy at times.. and its not a vpn issue

so im back to square one.. package manger or dns lookup works after a reboot.. but for only so long then next day say its non responsive... so I no further ahead... guess I keep playing with settings.. cuz this confusing and there is no defenite answer whats causing this.. if I get too frustrated gues don't matter as it still gives internet to all my devices just itself cant get internet unless you do a reboot

thanks for all the help... ill keep fiddling

stephenw10

If you have the resolver still set to forwarding mode you do need at least one DNS server set in System > General.
I would leave 8.8.8.8 in there for now. You can remove it later if you want.

The error you are now seeing is different. Previously is was 'no address record' but now it's 'network is unreachable'.
That implies some routing error or maybe something just blocking the traffic.
Check the routing table when you are in that situation. Try pinging pfsense.org from Diag > Ping.

Steve

comet424

I had it at 8.8.8.8 but was told not to do it.. I confused and when dealing with nordvpn they cant figure it out..
here ill post 4 pics.. this is after a reboot 15 min.. you will see it all works.. but then later say few hours or next day... I get the issues you see above.. and nordvpn says they cant figure it out probably a glitch with pfsense… they had me revert back to the settings I had before.. so I erased the 8 8 8 8 and such..... Nordvpn said try a format and reinstall

its almost like the dns server times out.. but cant fix itself unless a reboot of the computer happens as a Filter reload does nothing.. but here the pics after a reboot

stephenw10

When you had 8.8.8.8 in there though the error you were seeing was not DNS.
If I were trying to solve this I would put that back in and then look at the routing when it next fails.

Steve

comet424

ok so remove the 2 dns's and add it 8.8.8.8. and do I add it to my poppe connection

and where do I look at the routing or what would I be looking for?
ill change it back now to 8.8.8.8. wan_ppoe and ya not sure the routing but ill look when it fails..
its like a car engine when it stalls while your driving you turn the key to start but doesn't start... but it will start if you turn the key to off then proced to the start.. then it works again for a while lol frustrating
thanks for the inputs so far

comet424

@stephenw10 so I set it to that... and ill wait till it fails again and by then ill find this routing thing

comet424

im guessing this the routes.. this here is a pre failure one.. I found this under diagnostic
so we have something to compare too.. ill take another when it fails

stephenw10

Ok. When it fails try pinging files00.netgate.com and files01.netgate.com.
If that fails but they do resolve still try running a traceroute to those IPs.

Steve

comet424

sorry for delay wasnt home to send but here is some pics anything else i should send

stephenw10

Hmm, OK.
So DNS is working fine. It looks like the routing is messed up there. In fact it looks like the default route is via a gateway which is it's own interface IP. Hence the TTL timeout is from itself. Except that that hasn't changed since it was working and that IP/gateway is being passed to you by the VPN server anyway....

I expect your default route there to be via the remote end of the VPN tunnel. I assume that Status > OpenVPN shows 10.8.8.9 as your virtual address for that connection? In which case the gateway should be 10.8.8.1. Hmm

Steve

comet424

so not 100% what you all mean.. but its confusing i figured maybe a glitch so i formated and reinstalled pfsense and re imported my backup of the config file never fixed it...
and here couple other pics.. what else do i look for ill post the nat and rules too ... if this doesnt help what else do i look for to check

stephenw10

Hmm, so it really is using the virtual address as the gateway. I'm not sure how that is working at all to be honest....

You might want to add an outbound NAT rule for 127.0.0.1 via the VPN interface. That will allow the firewall to use the VPN for localhost sourced traffic.

You could just add static routes for the update servers via the PPPoE WAN, that will allow it to work.

You could set the default gateway to the PPPoE WAN instead of 'automatic'. You are policy routing everything out of the VPN anyway. You would have to be sure DNS goes that way though.

Steve

comet424

hmm with my dislexia i have to re read what you wrote several times and to try to understand and with my learning disability im more a visual learner then a word learner.. reason i get in trouble on here somestimes and i not indepth IT guy like most of you guys on here.. just regular home user wanting more options then a asus router.. so bear with me...

so from what your saying is it a glitch? or what you mean you not sure how its working.... like i mentioned if i do a reboot nothing is wrong... but after a while problems.. i setup my sisters pfsense and she has same setup as mine.. and hers been up 5 days and not a problem vpn is setup the same with those crappy dns servers i was told.. and she doesnt have the webservers but has the game consoles what i setup so virtually exact same setup... thats why i mentioned its like a car stalled and you crank it but doesnt start unless you shut it off(power off) then restart then fires up... and i confused why does my entire network have internet.. doing ipleak.net or dnsleaktest.com shows vpn working... and internet works fine.. but the pfsense itself internally stalls out and looses internet itself..
and is this being caused by the vpn this issue? and this is how i setup nordvpn on the pfsense
https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

and i have tried the static route thing but i must buggered it up where i figured i could static route all game consoles to the wan_ppoe but in end it killed all internet to all computers so i deleted that.. as i tried to also setup a kill switch if vpn server goes down my downloading computer cant bypass and just use regular internet.. but i didnt mind if vpn went down the rest of the network could use the regular internet... probably more complicated... and sorry if i make it confusing dislixeia and learning disability makes it hard at times to express what i know in my head...

which of the setups be the best.. and is it just a simple check box that buggered this up? only difference between my sister and mine too is our ISP are different companies..
and how would i setup static routes for update servers..

i appreciate you helping and no getting mad for me not knowing stuff like i been in trouble before.. very kind i appreciate it

johnpoz

These vpn companies are such shit bags... They want you to route everything through them.. That is not how you would set itup for policy routing and wanting to send some traffic through them and some out your normal connection.

Where are their instructions for that setup... Since it seems that is what you want to do.. Also your outbound nat is a MESS.. Just use hybrid mode when you wan to policy route..

If I were you I would start over... Use pfsense out of the box, make sure everytihng works... Then add your stuff you want to policy route out some vpn service.

comet424

well everything was working the package manger was just recently not showing up.. i wouldnt know i had a problem if i wasnt having issues with squid proxy and i uninstalled it but then found package manger wasnt working..
as for the outbound the greyed out were stuff i was experimenting with... i only actually added 2 game consoles and nord

as for policys routing i not sure... what you mean... and as for the instructions setup i posted it but here it is again
https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/

and they set it manual mode not hybrid... like i have no issues everything works computers get internet game consoles too.. webservers work it was just recently that the package manger and the dnslookup etc wasnt working on the pfsense itself.. but everything else works no issues there..

thanks for your input

comet424

and here i fixed my messy outbound

stephenw10

Their instructions are at least pretty clear. But even in their example the gateway is not the local tunnel IP.
Something there seems broken.

It could be the new default gateway options in 2.4 that are not happy with that.

I too would not allow them to push a new default route. You can still policy route everything to the VPN if required.

Steve

comet424

i do know i had no issues before i upgraded to the recent pfsense.. the one before this version i had no problems... like i mentioned even if i have messy stuff it is working

steve you mentioned there exmaple is not the local tunnel ip what did you mean.. and do you think there setup instructions is broken something wrong as that was for the 2.4.3 and that worked fine for me before i upgraded to 2.4.4
and how do i do this policy route..
as what i want to stay routed i guess you can say is... game consoles just go to the wan.. and everything else goes through the vpn.. as if the game consoles go through the vpn then i get double nat'd
if you have any pics be great i could enter it...
should i ask nordvpn to check there instructions that it doesnt work right for 2.4.4?
and you said the new default gateway options in 2.4 is that the 2.4.4 or the 2.4.3 pfsense.. and is there a fix for that..
because everytime i reboot the pfsense a physical reboot there is no issues with the dnslookup ping package manger.. they all work but after time like you seen it stops.. like its stalled and flilter reload or a turn off openvpn client and turn back on doesnt fix it .. just a reboot system solves it

thats why i figured maybe its corrupt.. norvpn told me its probably a the package manager they find it buggy at times.. so i dunno maybe its a small glitch in pfsense i dont know.. im no where expert in this program i just like it works better then my older asus routers..

but i guess i can reinstall start over blank like the john guy said.

Derelict

Do not set your VPN provider as the default gateway in System > Routing. Set your WAN as default gateway.

If you want your VPN provider to get all traffic, check Don't Pull Routes in the VPN Client configuration and POLICY ROUTE the traffic you want to go over the VPN on the interface rules for those devices.

I would edit the default IPv4 gateway there at the bottom and set the PPPOE gateway there and save.

That is completely wrong. Your default gateway should always be your WAN and never a VPN provider. If you want all traffic to go to the VPN provider with a route, they don't push a default route, they push 0.0.0.0/1 and 128.0.0.0/1 to you to prevent breaking your existing default gateway like this. (That's why it's called redirect-gateway def1).