Google.com blocked but local google domains are not....
-
@cool_corona i don't have any solution. but please follow up if you find one ... a lot of folks will be interested enable this feature (especially fascist governments and such)
-
Something is being blocked or null routed etc. Either an IP or by DNS.
It will be logged somewhere if you have enough logging enabled.
You should be able to see exactly what domain or IPs are failing to load when you search.
Steve
-
@cool_corona said in Google.com blocked but local google domains are not....:
I can visit google.com but search doesnt work. Results dont show.
How do you think this is a pfsense thing? You understand when you go to google.. Your inside a https tunnel.
Pfsense has zero idea what your doing in this tunnel.. Pfsense is not stopping you from searching google. It could stop you from getting to google.. But once your there - what you do there is not something pfsense has any control over..
-
@johnpoz said in Google.com blocked but local google domains are not....:
@cool_corona said in Google.com blocked but local google domains are not....:
I can visit google.com but search doesnt work. Results dont show.
How do you think this is a pfsense thing? You understand when you go to google.. Your inside a https tunnel.
Pfsense has zero idea what your doing in this tunnel.. Pfsense is not stopping you from searching google. It could stop you from getting to google.. But once your there - what you do there is not something pfsense has any control over..
Thank you. It works when pfsense is not a part of the equation. On a local pc on an ASUS RT-AX88U it works like a charm.
Switching to pfsense, it does not. Same pc, same settings.
So you tell me.
-
@cool_corona said in Google.com blocked but local google domains are not....:
On a local pc on an ASUS RT-AX88U it works like a charm.
Then use that.. Lets go over this again... Pfsense has NO freaking clue what your doing inside a https tunnel.
Are you doing mitm with pfsense? Are you running proxy? I know for sure your not doing that with your asus router.
Lets actually see this problem - go to google and search something.. What happens..
Your IP would be different using your asus router vs pfsense - maybe google is blocking you?
How would pfsense know that google.com (ipX) intercept internal traffic inside this https via "magic"?? going to google.tld (ipY) don't intercept the search via "magic"
-
Mmm, it could be Google blocking you.
Though they usually throw an error at you when they do that.I imagine it could be some subdomain you are blocking somehow.
Steve
-
Maybe he is blocking the captcha they would present him in some browser tool?
But what he is saying is happening has nothing to do with pfsense.
When you go to google.com and search sonething - its inside a tunnel.. You do not get redirected to some other url/IP for the answer to your query.
sniff it - what do you see.. You going to ipX.. and then traffic flow..
How would pfsense just kill off the search results inside this https tunnel? Sniff show if connection is being reset? Having connectivity issues - lots of retrans? But pfsense isn't going to go inside this https tunnel and say oh your searching - kill this connection..
-
The content of the google search results page does not come only from www.google.com or from one IP. I could certainly imagine it blocking partially.
I would expect the page to fail to load correctly before the search results also. But I could imagine it failing like this with the right sub domain blocked. I've never tried. -
@stephenw10 said in Google.com blocked but local google domains are not....:
The content of the google search results page does not come only from www.google.com or from one IP. I could certainly imagine it blocking partially.
I would expect the page to fail to load correctly before the search results also. But I could imagine it failing like this with the right sub domain blocked. I've never tried.I have no clue since its very odd.
-
Fire up web developer in firefox.. What is not loading exactly..
I agree stuff from your results could be hosted elsewhere - images and stuff.
But the overall results are returned via the same tunnel you opened to go to www.google.com
Lets see this when you go to google and then search..
-
Yup, exactly. Do that ^.
It should be pretty obvious what's failing load.Steve
-
-
So your not going to google at all..
That is not what you stated..
Can you even resolve www.google.com
I can visit google.com but search doesnt work.
No your not visiting google.com at all..
Try and ping www.google.com, do you even get an IP back?
$ ping www.google.com Pinging www.google.com [216.58.192.164] with 32 bytes of data: Reply from 216.58.192.164: bytes=32 time=9ms TTL=117 Reply from 216.58.192.164: bytes=32 time=12ms TTL=117
-
@johnpoz said in Google.com blocked but local google domains are not....:
So your not going to google at all..
That is not what you stated..
Can you even resolve www.google.com
I can visit google.com but search doesnt work.
No your not visiting google.com at all..
Try and ping www.google.com, do you even get an IP back?
$ ping www.google.com Pinging www.google.com [216.58.192.164] with 32 bytes of data: Reply from 216.58.192.164: bytes=32 time=9ms TTL=117 Reply from 216.58.192.164: bytes=32 time=12ms TTL=117
I am and its resolvable
-
google.com is not www.google.com
Pinging google.com [216.58.192.206] with 32 bytes of data: Reply from 216.58.192.206: bytes=32 time=10ms TTL=116 Pinging www.google.com [172.217.164.100] with 32 bytes of data: Reply from 172.217.164.100: bytes=32 time=72ms TTL=111
Your get in your "video" is for www.google.com
When fails...
You never WENT to www.google.com - you did a search in firefox browser... You didn't load www.google.com in your browser like I show in my example.
-
@johnpoz said in Google.com blocked but local google domains are not....:
google.com is not www.google.com
Pinging google.com [216.58.192.206] with 32 bytes of data: Reply from 216.58.192.206: bytes=32 time=10ms TTL=116 Pinging www.google.com [172.217.164.100] with 32 bytes of data: Reply from 172.217.164.100: bytes=32 time=72ms TTL=111
Your get in your "video" is for www.google.com
When fails...
You never WENT to www.google.com - you did a search in firefox browser... You didn't load www.google.com in your browser like I show in my example.
The search from FF times out when searching www.google.com. When I visit www.google.com from the browser it works fine.
-
This is what I get when searching from FF on a startpage....
This is what I get if I type www.google.com directly
-
Where is that working - I see a get.. I don't see the OK (200) response. Where is the rest of what that would show if you actually went there and pulled data.. Again see my example.
I want nothing more than to help you figure out what the problem is.. But I fail to understand why this has to be like pulling teeth with a pair of chopsticks..
Here is a simple test.. do a fetch www.google.com from pfsense. Look what you get..
Then do the same test from something behind pfsense.. If pfsense works but your machine is not..
-
@johnpoz said in Google.com blocked but local google domains are not....:
Where is that working - I see a get.. I don't see the OK (200) response. Where is the rest of what that would show if you actually went there and pulled data.. Again see my example.
I want nothing more than to help you figure out what the problem is.. But I fail to understand why this has to be like pulling teeth with a pair of chopsticks..
Here is a simple test.. do a fetch www.google.com from pfsense. Look what you get..
I know but I dont get anymore than that as a reply and then it times out.
Looking a local google domains, its not a problem
-
If you get no response from www.google.com then how does it work when you visit the page?
-
I get this from pfsense
fetch: https://www.google.com: No route to host
I cant visit the page. I get no reply.
Everything else than .com works flawlessly
-
Ah, so a routing problem.
Run
host www.google.com
and show us your routing table.Though you see to be able to ping it..... but maybe not from pfSense itself.
Steve
-
-
...and your routing table?
This could be an IPV6 issue....
Steve
-
@stephenw10 Some IP info in there that I dont want on the forum...
Running netstat -r
-
Can you ping6 to (www.)google.com?
Do either of those other google domains return v6 IPs?
You'll have to check your own routing tables then. Does it all look correct?
Steve
-
-
That would never work.. You don't have a global address it seems, that source is link-local
But not sure how you could not have a route, you have to have a default route.
Do a traceroute to the IPv4 that comes back for www.google.com
But as we have now seen, you are not able to go to www.google.com at all - not that you can go there but searches are not working ;)
Something seems really odd that you can ping, but fetch says no route. Can you ping from pfsense? Or that ping was from your client.
Do you have any vpn setup on pfsense, where your doing policy routing for your clients?
-
Pings work from a client behind pfSense but we have not seen them work from pfSense itself.
So client traffic could be policy routed maybe.
-
@johnpoz said in Google.com blocked but local google domains are not....:
That would never work.. You don't have a global address it seems, that source is link-local
But not sure how you could not have a route, you have to have a default route.
Do a traceroute to the IPv4 that comes back for www.google.com
But as we have now seen, you are not able to go to www.google.com at all - not that you can go there but searches are not working ;)
Something seems really odd that you can ping, but fetch says no route. Can you ping from pfsense? Or that ping was from your client.
Do you have any vpn setup on pfsense, where your doing policy routing for your clients?
The ping was from pfsense itself
-
@stephenw10 said in Google.com blocked but local google domains are not....:
Pings work from a client behind pfSense but we have not seen them work from pfSense itself.
So client traffic could be policy routed maybe.
Outbound NAT
Outbound rules for interface
-
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those. -
@stephenw10 said in Google.com blocked but local google domains are not....:
The ping you showed above was from a Windows client it looked like.
Otherwise I have no idea how that succeeded whilst fetch shows no route. Unless something changed in between those.Just upgraded to 2.5.0 without issues and problem is gone. Why I havent got a clue about....
-
Ha, well take the win.
-
Yeah I say take the win - but makes no sense..
The problem with such solutions - if you want to call them that. Is you never know what the actual cause of the issue was.
If you could ping it - clearly there was a route.. And there is always the default route. I don't know enough about fetch to know why it might show such an error. But clearly if fetch could not load www.google.com something going on. The no route error could be a red herring sort of error.. Where that is not actually the problem.
-
@johnpoz I do agree. The update shouldnt have fixed it, but it did.
And yes its been bothering me for quite some time and I havent got a clue why. There is just no logic at all.
-
I was to quick....
Its back with no contact with google.com
-
So sniff on your wan and try to go to www.googhe.com - do you see a syn go out?
-
@johnpoz said in Google.com blocked but local google domains are not....:
So sniff on your wan and try to go to www.googhe.com - do you see a syn go out?
Not at all. It seems the UDP traffic is routed via the RDP client via the local client connected. I see a lot of UDP back and forth to the external IP of the client machine
Its mega weird...
-
@cool_corona said in Google.com blocked but local google domains are not....:
UDP traffic is routed via the RDP client via the local client connected. I see
UDP ?
RDP ?Where is google.com ? That one is TCP - and what has Google to do with RDP ?