Android phones can no longer update apps
After upgrading to gigabit internet recently, I built and configured a computer to act as a router for our home network, running vanilla pfSense. It worked like a charm. Almost immediately, I configured it to push all but a couple specific devices' traffic through OpenVPN (PIA specifically). Likewise, this worked great.
Last week, I began exploring pfSense packages, starting with pfBlockerNG. At some point since then, both our household's cell phones almost completely stopped being able to update Android apps. Likewise, some of my other apps that check for updates and download data (e.g. my podcast app), appear to be having trouble checking for new data and downloading it.
Often, when connecting to the network, my phone connects but tells me that there is no internet. This generally resolves after a couple seconds, but sometimes requires me to toggle wi-fi on and off for my phone. Likewise, when I VPN into my home network from my office, any period of inactivity (e.g. leaving for 10 minutes and coming back) will cause my browser to fail to display websites. The error displayed in Chrome is general, and not specific to DNS.
So why post this here in General Questions, and not in pfBlockerNG? Well, even when I've deactivated pfBlockerNG and completely powered off my phone before restarting it, the problem persists. It is also unlikely that it's related to the DNS Resolver, as I've also tried disabling that and switching to the DNS Forwarder. Honestly, I'm just completely lost at this point.
Phones can no longer download updates to apps, and also have trouble with data downloads within some specific apps.
Problem seemed to start with installation of pfBlockerNG, but looks like it isn't directly related to it.
Problem persists even with pfBlockerNG disabled entirely.
A period of inactivity often causes the phones to display a little X in their wi-fi indicator, indicating that there is wi-fi connectivity but no internet.
I've tried whitelisting the domains that pop up in the log when an update is attempted, but this has no effect on the issue.
Problem persists even when I turn off the DNS Resolver and completely uninstall pfBlockerNG.
I sometimes get a 495 error from Google Play when an update fails. Probably 50% of the time.
I've tried a number of things, mostly returning settings to their original state after ascertaining they did not help.
Very possibly irrelevant:
Every time I change pfBlockerNG settings, I update/reload.
I have also tried going to Diagnostics / States and clearing the state table after many changes, although this should not be necessary when making pfBlockerNG changes, as I have the "Kill States" option engaged.
It almost certainly obvious from the above, but I am a complete moron when it comes to networking. I didn't even understand the concept of a DNS resolver until configuring pfBlockerNG. I am willing to try just about anything, and am happy to post further screenshots if necessary. Any suggestions are welcome.
Is OPT1 your PIA interface? Maybe try it with DNSSEC disabled and see if that makes any difference?
I don't use OpenVPN, but this might help:
It doesn't seem like its DNSBL related, but you can use this trick to quickly bypass DNSBL while debugging this issue…
- Disable Cron in the General Tab
- Put a # in front of the "Server: include:" line in the Resolver and "Save/Apply"....
To reverse - remove the #, save and apply to re-enable DNSBL.
Configure the cron setting.
You could try to run a tcpdump command in pfSense to collect all DNS requests, and see whats getting blocked from those specific devices... See the details in the DNSBL Enable checkbox - blue info block icons.