Cannot access single web page on pfsense 2.7.2

gocman100 · Apr 24, 2024, 2:47 PM

Dear all,

There is a single website that does not work on my pfsense 2.7.2 firewall:

https://uk-24-25.brightpay.com/

It works on my other workstations that go out onto the internet via different firewalls.

Any suggestions? I've tried a few things already to no avail. I'm pretty sure it is not a DNS issue.

thanks in advance.

gm

stephenw10 · Apr 24, 2024, 1:18 PM

@gocman100 said in Cannot access single web page on pfsense 2.7.2:

https://uk-24-25.brightpay.com/

That works fine here through two pfSense boxes.

Do you have IPv6?

How does it fail when you try to connect?

Steve

gocman100 · Apr 24, 2024, 1:18 PM

@stephenw10

yeah interesting it works on my home pfsense also......(I rememberd I had one after I posted)

No IPv6, it basically just spins round in the middle that circle style icon.

Also seems to work fine from my vmware hosts, but on my hyper-v hosts no joy - so I dont believe my IP addresses are blocked by cloudflare or whatever they might have.

stephenw10 · Apr 24, 2024, 2:08 PM

That page just redirects to a different page, does it hit that?

Do you see states open to it? With two way traffic?

gocman100 · Apr 24, 2024, 2:30 PM

it doesnt hit the redirect, thats the thing its struggling with.

I think I've discounted pfsense now, my windows vm on vmware esxi works fine going through the pfsense, my hyper-v windows vm does not! Obviously both hypervisors have their own vswitches etc so will need to drill down into that to find the answer I think. may try mtu settings on the network card inside the vm.

johnpoz · Apr 24, 2024, 2:37 PM

@gocman100 I show it resolving to this

;; QUESTION SECTION:
;uk-24-25.brightpay.com.                IN      A

;; ANSWER SECTION:
uk-24-25.brightpay.com. 3600    IN      A       104.21.9.192
uk-24-25.brightpay.com. 3600    IN      A       172.67.189.135

Your not using any networks locally that would overlap with these are you? Seen users say they can't get to xyz, well no since you think the network xyz is on local network of yours.

Are you policy routing any traffic out a vpn?

gocman100 · Apr 24, 2024, 2:41 PM

no local networks for those addresses and no vpn

Gertjan · Apr 24, 2024, 2:47 PM

@gocman100

Can you visit https://www.test-domaine.fr/ ?

gocman100 · Apr 24, 2024, 2:49 PM

yes works fine

Gertjan · Apr 24, 2024, 2:59 PM

@gocman100

Then you have no DNSSEC issues, and the site is using IPv6 and IPv4, so a good working choice was made on your side.
Hummmm, probably not your pfSense.

Your IP ? Can you connect another device behind this pfSense, and test again ? Then fire up a VPN on this device, and test again ?

johnpoz · Apr 24, 2024, 3:03 PM

@gocman100 you sure all these devices are using the same dns? Devices using different dns could be resolving different IPs for the same site.. Browsers being used could be using doh or something.

Are you running anything through a proxy on your end?

I would just sniff on your wan, do you see the syn go out? What is the difference between traffic you sniff on wan for client that works, and for one that doesn't work?

gocman100 · Apr 24, 2024, 3:14 PM

just firing up a vpn on a test hyper-v vm now! will update you soon!

gocman100 · Apr 24, 2024, 3:22 PM

no difference when using winscribe vpn.......strange but I guess its still ultimately using a hyper-v vm network card/vswitch etc.