Avaliable Packages missing cant seem to find
-
because derelict said to set it to 8,8,8,8
ok ill delete that dns too.
-
hopefully that's right... and if so whats next
-
you can point your clients to 8.8.8.8 if you want.. But pfsense sure doesn't need to be using it.. It can resolve anything it needs to get to.. And also provide that to your clients.. It is way better to resolve than forward or ask some forwarder. That is why that is what pfsense does out of the box resolve.
-
ok ill delete the dns servers then.. so do I leave it unchecked under general the do not enable dns forwarder..
I looked under the system logs only error I found was under OpenVPN
Oct 25 08:29:45 openvpn 35104 WARNING: 'cipher' is used inconsistently, local='cipher AES-256-GCM', remote='cipher AES-256-CBC'
Oct 25 08:29:45 openvpn 35104 WARNING: 'auth' is used inconsistently, local='auth [null-digest]', remote='auth SHA512'so I don't understand though why doesn't the package manager working or the pkg update its like it has no internet.. yet im talking to you with the internet... its like it works for a day then its blocked... a reboot fixes it for the time being then comes back... and I have tried several filter reloads as I was told a while ago its stupid to reboot the pfsense only use filter reload.. but I find it doesn't fix the issue.. but a real reboot fixes it for a while.
is there anywhere else I can look...
would a backup the config file.. format the hard drive and reinstall pfsense and import the file possibly fix it?
-
fix your client setup for your vpn client clearly its tell you there is a problem
With your cipher and your auth.
-
well that's for the client and what does that error mean how do I fix it.. have no idea what that means
so then that is affecting the package manger then
have no idea how to fix that that's a nordvpn
-
well im on tech support with nordvpn hopefully they can fix this 2 errors the packagemanger and the cipher thing
-
so much for a fix... the warnings are ok they say..
and they said the package manager can be buggy at times.. and its not a vpn issueso im back to square one.. package manger or dns lookup works after a reboot.. but for only so long then next day say its non responsive... so I no further ahead... guess I keep playing with settings.. cuz this confusing and there is no defenite answer whats causing this.. if I get too frustrated gues don't matter as it still gives internet to all my devices just itself cant get internet unless you do a reboot
thanks for all the help... ill keep fiddling
-
If you have the resolver still set to forwarding mode you do need at least one DNS server set in System > General.
I would leave 8.8.8.8 in there for now. You can remove it later if you want.The error you are now seeing is different. Previously is was 'no address record' but now it's 'network is unreachable'.
That implies some routing error or maybe something just blocking the traffic.
Check the routing table when you are in that situation. Try pinging pfsense.org from Diag > Ping.Steve
-
I had it at 8.8.8.8 but was told not to do it.. I confused and when dealing with nordvpn they cant figure it out..
here ill post 4 pics.. this is after a reboot 15 min.. you will see it all works.. but then later say few hours or next day... I get the issues you see above.. and nordvpn says they cant figure it out probably a glitch with pfsense… they had me revert back to the settings I had before.. so I erased the 8 8 8 8 and such..... Nordvpn said try a format and reinstallits almost like the dns server times out.. but cant fix itself unless a reboot of the computer happens as a Filter reload does nothing.. but here the pics after a reboot
-
When you had 8.8.8.8 in there though the error you were seeing was not DNS.
If I were trying to solve this I would put that back in and then look at the routing when it next fails.Steve
-
ok so remove the 2 dns's and add it 8.8.8.8. and do I add it to my poppe connection
and where do I look at the routing or what would I be looking for?
ill change it back now to 8.8.8.8. wan_ppoe and ya not sure the routing but ill look when it fails..
its like a car engine when it stalls while your driving you turn the key to start but doesn't start... but it will start if you turn the key to off then proced to the start.. then it works again for a while lol frustrating
thanks for the inputs so far -
@stephenw10 so I set it to that... and ill wait till it fails again and by then ill find this routing thing
-
im guessing this the routes.. this here is a pre failure one.. I found this under diagnostic
so we have something to compare too.. ill take another when it fails
-
Ok. When it fails try pinging files00.netgate.com and files01.netgate.com.
If that fails but they do resolve still try running a traceroute to those IPs.Steve
-
sorry for delay wasnt home to send but here is some pics anything else i should send
-
Hmm, OK.
So DNS is working fine. It looks like the routing is messed up there. In fact it looks like the default route is via a gateway which is it's own interface IP. Hence the TTL timeout is from itself. Except that that hasn't changed since it was working and that IP/gateway is being passed to you by the VPN server anyway....I expect your default route there to be via the remote end of the VPN tunnel. I assume that Status > OpenVPN shows 10.8.8.9 as your virtual address for that connection? In which case the gateway should be 10.8.8.1. Hmm
Steve
-
so not 100% what you all mean.. but its confusing i figured maybe a glitch so i formated and reinstalled pfsense and re imported my backup of the config file never fixed it...
and here couple other pics.. what else do i look for ill post the nat and rules too ... if this doesnt help what else do i look for to check -
Hmm, so it really is using the virtual address as the gateway. I'm not sure how that is working at all to be honest....
You might want to add an outbound NAT rule for 127.0.0.1 via the VPN interface. That will allow the firewall to use the VPN for localhost sourced traffic.
You could just add static routes for the update servers via the PPPoE WAN, that will allow it to work.
You could set the default gateway to the PPPoE WAN instead of 'automatic'. You are policy routing everything out of the VPN anyway. You would have to be sure DNS goes that way though.
Steve
-
hmm with my dislexia i have to re read what you wrote several times and to try to understand and with my learning disability im more a visual learner then a word learner.. reason i get in trouble on here somestimes and i not indepth IT guy like most of you guys on here.. just regular home user wanting more options then a asus router.. so bear with me...
so from what your saying is it a glitch? or what you mean you not sure how its working.... like i mentioned if i do a reboot nothing is wrong... but after a while problems.. i setup my sisters pfsense and she has same setup as mine.. and hers been up 5 days and not a problem vpn is setup the same with those crappy dns servers i was told.. and she doesnt have the webservers but has the game consoles what i setup so virtually exact same setup... thats why i mentioned its like a car stalled and you crank it but doesnt start unless you shut it off(power off) then restart then fires up... and i confused why does my entire network have internet.. doing ipleak.net or dnsleaktest.com shows vpn working... and internet works fine.. but the pfsense itself internally stalls out and looses internet itself..
and is this being caused by the vpn this issue? and this is how i setup nordvpn on the pfsense
https://nordvpn.com/tutorials/pfsense/pfsense-openvpn/and i have tried the static route thing but i must buggered it up where i figured i could static route all game consoles to the wan_ppoe but in end it killed all internet to all computers so i deleted that.. as i tried to also setup a kill switch if vpn server goes down my downloading computer cant bypass and just use regular internet.. but i didnt mind if vpn went down the rest of the network could use the regular internet... probably more complicated... and sorry if i make it confusing dislixeia and learning disability makes it hard at times to express what i know in my head...
which of the setups be the best.. and is it just a simple check box that buggered this up? only difference between my sister and mine too is our ISP are different companies..
and how would i setup static routes for update servers..i appreciate you helping and no getting mad for me not knowing stuff like i been in trouble before.. very kind i appreciate it