Help?! No internet from LAN unless using a vpn client?



  • So I came home yesterday to no internet on anything on then LAN. I checked phone, laptop, FreeSat box and nothing. Jumped on the pfsense box and did a ping test, it was fine. So the pfsense has access to the internet.

    I was tired last night so after restarting the pfsense box and then updating to the latest version I left it.

    Today I thought I'd try and have a proper look. While looking around I noticed that the facebook app on my phone works, as does the mail client on Windows 10 but I still cannot access any websites. I ran the mullvad VPN client on my laptop and can no access the internet and view websites fine. If I turn the the client off / disconnect from the VPN I loose access to the internet and websites again.

    Anyone have any thoughts on this? I am still new to pfsense and its capabilities.



  • I think your connectivity is probably fine but your DNS is not fine.

    From a computer on the lan, like a desktop or laptop console, type:

    pink 8.8.8.8

    What happens?



  • Yes I can ping 8.8.8.8 from my laptop.

    I currently have Cisco/openDNS set as the DNS on pfsense. I have just tried ticking to allow DNS to be overridden by dhcp. Still the same issue.



  • Its your DNS, so focus there.  Also look for firewall rules that would block DNS.



  • That's what I am thinking. But nothing changes when I change the DNS settings. The FW wasn't touched over the weekend, but something obviously happened for it to suddenly stop working yesterday.

    I have attached a shot of the nat rules and LAN rules. if it helps. Again, none of these have changed though.

    ![firewall rules.PNG](/public/imported_attachments/1/firewall rules.PNG)
    ![firewall rules.PNG_thumb](/public/imported_attachments/1/firewall rules.PNG_thumb)
    ![nat rules.PNG](/public/imported_attachments/1/nat rules.PNG)
    ![nat rules.PNG_thumb](/public/imported_attachments/1/nat rules.PNG_thumb)



  • Add a rule, which you can delete later on the Lan to allow any to any.  See what happens.



  • I created a new LAN rule to allow any to any and put it just under the anti-lockout rule. No difference.



  • "I currently have Cisco/openDNS"

    Could you try resolver and see if it works?



  • Sorry, what do you mean try resolver? DNS resolver is enable on the fw if that's what you mean?



  • I'm confused now…  I though you were using an external Cisco/openDNS for DNS?



  • Sorry I should have explained better. When I set up the fw I put openDNS server IPs into the DNS server under the general setup. 208.67.222.222 and 208.67.220.220, both of which I am able to ping.

    I have also tried replacing with google DNS IPs and enabling the over ride with DHCP/PPP on WAN.

    All with no luck.



  • Yes - But in your services TAB…

    Do you have resolver or forwarder activated?



  • sorry resolver is enabled, forwarder is not.



  • If you are trying to get your DNS served from another place, turn off resolver and turn on forwarder.



  • Thanks. I have tried that to no avail. I'll have to keep looking tomorrow and try to work out what has changed over the weekend.


Log in to reply