PfBlocker NG DEV pages slow to load.

Chopi · Apr 19, 2023, 1:07 AM

PFblockerNG DEV issues with loading web pages taking several min. This problem does not happen to new devices that are just connected to the network but only for ones that went to sleep while connected and are woken to use most users are on Chrome Books. a work around is to disconnect the computer and reconnect.
Normal Settings with floating firewall rule and Python unbound resolver enabled. Wi-Fi network is Vlan and included in the rules. AD blocker enabled along with 2 Block list. I do have Safe search enabled along, TLD wildcard is enabled and I wonder if this should be disabled? DHCP Leasing is enabled on the PF sense. I have not been able to duplicate the issue with my windows pc as I do not leave the computer on the network.
If anyone has any suggestions or would like me to take screen shots of my settings I can but feel like this might be a obvious issue that other have seen. Thanks.

rcoleman-netgate · Apr 19, 2023, 1:09 AM

@chopi said in PfBlocker NG DEV pages slow to load.:

PFblockerNG DEV issues with loading web pages taking several min.

The issue you're having is with loading the pfBlockerNG configuration pages or the loading of general websites?

Slow-loading websites are usually related to DNS issues. What do you see in Diagnostics->DNS Lookup when you attempt to look up a new/fresh domain?

Chopi · Apr 19, 2023, 1:19 AM

@rcoleman-netgate said in PfBlocker NG DEV pages slow to load.:

@chopi said in PfBlocker NG DEV pages slow to load.:

PFblockerNG DEV issues with loading web pages taking several min.

The issue you're having is with loading the pfBlockerNG configuration pages or the loading of general websites?

Slow-loading websites are usually related to DNS issues. What do you see in Diagnostics->DNS Lookup when you attempt to look up a new/fresh domain?

this is only when loading web page not the config pages and only seems to effect computers (chrome Books) that have been on the network for a extended period of time. Typing some Urls in the browser will cause the page to spin for almost a 2 min and then it will pop and load every time.

DNS lookup works every time 30ms or so and i have tried a few different pages and had the same result using Command on the Computer NSlooksup returns nearly immediately. I have a feeling it maybe something with registering the users ip or that the chrome book is getting looped till finally it gets sent through.
Pf sense is set as the DNS for the devices as believe a 172.1.1 IP. the PFsense dns is set for 1.1.1.1 and 8.8.8.8.

rcoleman-netgate · Apr 19, 2023, 1:23 AM

@chopi I would run a PCAP on the interface the chrome book comes through and see what it shows. Limit it to the IP of the chromebook. You might find it is trying to load a DNS server on it's own (like Google) but being denied by a firewall rule.

As I understand it it is not uncommon for chromeOS to ignore the DNS set by DHCP and do the Google DNS.

Chopi · Apr 19, 2023, 1:31 AM

@rcoleman-netgate ill try a PCAP on the Chrome Book IP and see if this might be the case this would make since. another user informed me that it does happen to her Surface if she leaves chrome open on a webpage and returns hours later and wakes the computer it will not reload they have to close the browser and reopen and it loads every time.

Thank You for Giving me your time and input.

Chopi · Apr 19, 2023, 11:27 PM

@rcoleman-netgate here is a PCAP. I believe the delay to be the Request By the Computer asking who 130.140.1.1 is and the Computer IP is 130.140.1.78 I believe this hand shake when 20 Chrome books are opened at the same time may be the delay. please let me know what you think.

18:17:12.757414 IP 130.140.1.78.45893 > 130.140.1.1.53: UDP, length 33
18:17:12.800455 ARP, Request who-has 130.140.1.1 tell 130.140.1.78, length 46
18:17:12.800459 ARP, Reply 130.140.1.1 is-at 90:ec:77:2e:23:66, length 28
18:17:12.894371 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 117
18:17:13.145360 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 117
18:17:13.216904 IP 130.140.1.78.50345 > 130.140.1.1.53: UDP, length 34
18:17:13.223810 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 33
18:17:13.224656 IP 130.140.1.78.39310 > 239.255.255.250.1900: UDP, length 176
18:17:13.264188 IP 103.41.69.203.443 > 130.140.1.21.56272: tcp 31
18:17:13.369452 IP 130.140.1.21.56272 > 103.41.69.203.443: tcp 0
18:17:13.396245 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 117
18:17:13.464245 IP6 :: > ff02::1:ff44:b751: ICMP6, neighbor solicitation, who has fe80::98f3:cdff:fe44:b751, length 32
18:17:13.504526 IP 130.140.1.78.39790 > 130.140.1.1.53: UDP, length 32
18:17:13.568218 IP6 :: > ff02::1:ff82:f129: ICMP6, neighbor solicitation, who has fe80::681e:6ff:fe82:f129, length 32
18:17:13.597080 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 105
18:17:13.636389 34:60:f9:3e:4c:09 > ff:ff:ff:ff:ff:ff, RRCP-0x25 reply
18:17:13.725156 IP 130.140.1.78.41801 > 130.140.1.1.53: UDP, length 33
18:17:13.772959 IP 130.140.1.78.8735 > 130.140.1.1.53: UDP, length 33
18:17:14.227125 IP 130.140.1.78.39310 > 239.255.255.250.1900: UDP, length 176
18:17:14.228747 IP 130.140.1.78.55421 > 130.140.1.1.53: UDP, length 34
18:17:14.516916 IP 130.140.1.78.26674 > 130.140.1.1.53: UDP, length 32
18:17:14.735840 IP 130.140.1.78.20216 > 130.140.1.1.53: UDP, length 33
18:17:14.815218 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 105
18:17:15.228837 IP 130.140.1.78.39310 > 239.255.255.250.1900: UDP, length 176
18:17:15.406804 IP 192.168.2.15.5060 > 69.84.152.140.5060: UDP, length 496
18:17:15.496426 IP 142.250.190.42.443 > 130.140.1.41.34848: UDP, length 157
18:17:15.496446 IP 69.84.152.140.5060 > 192.168.2.15.5060: UDP, length 601
18:17:15.590042 IP 130.140.1.41.34848 > 142.250.190.42.443: UDP, length 33
18:17:15.636337 34:60:f9:3e:4c:09 > ff:ff:ff:ff:ff:ff, RRCP-0x25 reply
18:17:15.648896 IP 142.250.190.42.443 > 130.140.1.41.34848: UDP, length 157
18:17:15.652443 IP 130.140.1.41.34848 > 142.250.190.42.443: UDP, length 34
18:17:15.781370 IP 130.140.1.41.34848 > 142.250.190.42.443: UDP, length 33
18:17:15.795484 IP 130.140.1.78.12841 > 130.140.1.1.53: UDP, length 33
18:17:15.840301 IP 142.250.190.42.443 > 130.140.1.41.34848: UDP, length 25
18:17:15.937358 IP 130.140.1.78.44996 > 142.250.111.188.5228: tcp 26
18:17:16.023659 IP 130.140.1.78.56339 > 130.140.1.1.53: UDP, length 53
18:17:16.037245 IP 130.140.1.78.55934 > 130.140.1.1.53: UDP, length 43
18:17:16.039043 IP 130.140.1.78.5619 > 130.140.1.1.53: UDP, length 34
18:17:16.045365 IP 130.140.1.41.34848 > 142.250.190.42.443: UDP, length 33
18:17:16.066272 IP 130.140.1.78.39005 > 130.140.1.1.53: UDP, length 35
18:17:16.066488 IP 130.140.1.78.20031 > 130.140.1.1.53: UDP, length 47
18:17:16.112145 IP 142.250.190.42.443 > 130.140.1.41.34848: UDP, length 25
18:17:16.201394 IP 130.140.1.78.44996 > 142.250.111.188.5228: tcp 26
18:17:16.222290 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 40
18:17:16.223315 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 40
18:17:16.223971 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 46
18:17:16.224550 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 45
18:17:16.225050 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 34
18:17:16.225395 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 33
18:17:16.225744 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 44
18:17:16.229370 IP 130.140.1.78.39310 > 239.255.255.250.1900: UDP, length 176
18:17:16.251355 IP 130.140.1.78.14830 > 130.140.1.1.53: UDP, length 34
18:17:16.271198 IP 130.140.1.39.5353 > 224.0.0.251.5353: UDP, length 1436
18:17:16.271623 IP6 fe80::217:c8ff:fe84:30.5353 > ff02::fb.5353: UDP, length 1436
18:17:16.276728 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 60
18:17:16.277288 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 61
18:17:16.278096 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 71
18:17:16.278943 IP 130.140.1.78.5353 > 224.0.0.251.5353: UDP, length 71
18:17:16.317286 IP 130.140.1.41.34848 > 142.250.190.42.443: UDP, length 3