Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Specific website access.

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 3 Posters 202 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • W
      wc2l
      last edited by wc2l

      Hi Folks,
      I'm trying to get to n1kdo.com from my home network. When I try to go there, i get the message that "Hmmm… can't reach this page. Check if there is a typo in n1dko.com."
      If I go to the router and use ping I get the three responses.
      PING n1kdo.com (98.252.179.34): 56 data bytes
      64 bytes from 98.252.179.34: icmp_seq=0 ttl=54 time=46.056 ms
      64 bytes from 98.252.179.34: icmp_seq=1 ttl=54 time=41.205 ms
      64 bytes from 98.252.179.34: icmp_seq=2 ttl=54 time=40.320 ms

      --- n1kdo.com ping statistics ---
      3 packets transmitted, 3 packets received, 0.0% packet loss
      round-trip min/avg/max/stddev = 40.320/42.527/46.056/2.522 ms

      If I do traceriute from the router with ICMP:
      1 lo0-100.ALBYNY-VFTTP-302.verizon-gni.net (74.109.180.1) 3.436 ms 0.537 ms 1.097 ms
      2 G4-0-3.PITBPA-VFTTP-39.verizon-gni.net (100.41.211.144) 9.322 ms 7.754 ms 10.711 ms
      3 * * *
      4 customer.alter.net (208.214.98.158) 8.361 ms 8.099 ms 8.980 ms
      5 be-1213-cs02.doraville.ga.ibone.comcast.net (96.110.34.197) 32.343 ms 30.014 ms 31.900 ms
      6 be-33021-ar-sp02.d1stonemtn.ga.atlanta.comcast.net (96.110.42.214) 32.930 ms 32.265 ms 30.543 ms
      7 be-1202-ar-in02.d1stonemtn.ga.atlanta.comcast.net (96.108.175.122) 32.184 ms 32.533 ms 32.508 ms
      8 po-1-xar02.b0atlanta.ga.atlanta.comcast.net (162.151.29.242) 31.920 ms 30.088 ms 32.383 ms
      9 96.217.6.70 (96.217.6.70) 30.043 ms 31.831 ms 32.015 ms
      10 68.85.232.242 (68.85.232.242) 33.893 ms 31.421 ms 30.881 ms
      11 c-98-252-179-34.hsd1.ga.comcast.net (98.252.179.34) 40.755 ms 39.343 ms 39.967 ms

      If I don't, I get this:
      1 74.109.180.1 3.458 ms 6.109 ms 7.732 ms
      2 100.41.211.144 9.236 ms
      100.41.211.142 7.883 ms
      100.41.211.144 8.579 ms
      3 * * *
      4 208.214.98.158 7.960 ms 9.195 ms 8.714 ms
      5 96.110.34.201 31.511 ms 34.338 ms 31.259 ms
      6 96.110.42.210 32.364 ms 33.175 ms
      96.110.42.214 34.045 ms
      7 96.108.175.122 33.434 ms
      96.108.1.34 31.546 ms 33.828 ms
      8 162.151.29.242 31.800 ms 32.611 ms 32.587 ms
      9 96.217.6.70 32.836 ms 33.125 ms 31.252 ms
      10 68.85.232.242 34.596 ms 31.258 ms 32.859 ms
      11 * * *
      12 * * *
      13 * * *
      14 * * *
      15 * * *
      16 * * *
      17 * * *
      18 * * *

      If I do tracert from a Windows box, I get the response.
      Tracing route to n1kdo.com [98.252.179.34]
      over a maximum of 30 hops:

      1 <1 ms <1 ms <1 ms WC2L-pfSense.WC2L [172.25.25.1]
      2 2 ms 2 ms 2 ms lo0-100.ALBYNY-VFTTP-302.verizon-gni.net [74.109.180.1]
      3 8 ms 8 ms 8 ms G4-0-3.PITBPA-VFTTP-39.verizon-gni.net [100.41.211.144]
      4 * * * Request timed out.
      5 6 ms 9 ms 7 ms customer.alter.net [208.214.98.158]
      6 32 ms 32 ms 32 ms be-1213-cs02.doraville.ga.ibone.comcast.net [96.110.34.197]
      7 30 ms 32 ms 32 ms be-33021-ar-sp02.d1stonemtn.ga.atlanta.comcast.net [96.110.42.214]
      8 32 ms 32 ms 31 ms be-1202-ar-in02.d1stonemtn.ga.atlanta.comcast.net [96.108.175.122]
      9 30 ms 32 ms 32 ms po-1-xar02.b0atlanta.ga.atlanta.comcast.net [162.151.29.242]
      10 31 ms 32 ms 31 ms 96.217.6.70
      11 32 ms 32 ms 33 ms 68.85.232.242
      12 36 ms 39 ms 38 ms c-98-252-179-34.hsd1.ga.comcast.net [98.252.179.34]

      Interestingly,
      The graph showed down last night
      Today this:
      3b6347e5-41cb-4976-8ffe-101f1d28334c-image.png
      Then after a refresh:
      f2555294-97e6-4135-896d-e84cdab38342-image.png

      Suggestions, ideas? I will reach out to the owner to see what is happening. I'm at a loss as to the changing access and ability to get there.

      johnpozJ 1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator @wc2l
        last edited by johnpoz

        @wc2l said in Specific website access.:

        n1kdo.com

        from a quick look - they are presenting wrong cert that is for sure.

        cert.jpg

        But https://www.n1kdo.com/

        Seems to be working fine.

        site.jpg

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        W 1 Reply Last reply Reply Quote 0
        • W
          wc2l @johnpoz
          last edited by

          @johnpoz
          THANK YOU. I guess he is doing a lot of blocking. I will see what his fix is. If it does not work, I will send him more information.
          Is there a way for me to see the cert since I can't get there?
          Have to see how to do more trouble shooting.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @wc2l
            last edited by

            @wc2l said in Specific website access.:

            way for me to see the cert

            https://www.ssllabs.com/ssltest/ specifically https://www.ssllabs.com/ssltest/analyze.html?d=www.n1kdo.com&hideResults=on&latest is a good external/third party test.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            johnpozJ 1 Reply Last reply Reply Quote 0
            • johnpozJ
              johnpoz LAYER 8 Global Moderator @SteveITS
              last edited by

              The cert for www. is correct its when you leave off the www. is when wrong cert is presented.

              rightcert.jpg

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              S 1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire @johnpoz
                last edited by

                @johnpoz said in Specific website access.:

                when you leave off the www. is when wrong cert is presented

                Could be worse...we recently got referred to a new small client having (among other things) email problems. Their email provider AFAICT deleted two email accounts on them, the webmail link on the provider's web site uses HTTP and displays a different client's home page (including a button to request restroom access...??), their actual webmail URL has a mismatched cert, there is no encryption available on the POP/IMAP email connections, etc., etc. Also the same email provider was "out of town on a job" so took a week to respond to emails and voicemails. But, ya know, they are not quite sure about moving email elsewhere.

                Also the same client has been paying a different IT provider "for four years" for Microsoft 365 Apps, yet has Office 2021 (perpetual) installed on his PCs.

                Just venting. Carry on.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote 👍 helpful posts!

                1 Reply Last reply Reply Quote 2
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.