[SOLVED]"No Internet connection" message on windows (but can browse the web)



  • Hi all!
    First, I want to thank the comunity for their help, I've read many post that helped me a lot, so Thank you all.
    I have this scenario:
    I've set pfsense 2.2.2 with a static IP on the WAN interface, a DHCP server on LAN interface, the default rules of the firewall, squid3+Squidguard instaled and enabled, enabled http & https proxy (man in the middle) on squid, set a blacklist from shallalist.de and a pair of target categories with some domains on Squidguard (so it runs with no issues even after a reboot).
    Also, I've installed the "backup" package to do backups of my config (did one after that) just in case of some trouble could bring in the future.
    My trouble lies in that I've left the "server" (installed on an "HP Pavillion TV PC a6000la") on for 24+ hours, the last 16 of them with no devices conected to the LAN interface (I've unplugged the network cable from the "server"PC). Now, when I plug in a PC with a crossover cable, a message balloon appears over the network icon saying: "Aditional log on information may be required" And the network icon has a yellow triangle, when I put the cursor over it "no internet connection" is displayed.
    It sounds to me like if a captive portal were active, but the elements on "captive portal:zones" are 0 (so i guess captive portal is disabled). I don't need captive portal, so I didn't configured any of it.
    The effects when this happens where (having in mind that I'm using a crossover cable):
    1st time.- I cannot browse the web, DHCP assigned a valid IP address(192.168.1.100), Ping didn't respond from PC to LAN interface, ping ok from server to LAN interface, WAN interface and internet. I restored the backup file. Problem solved until I left it on 24 hours, then the problem came back.
    2nd time.- I can browse the web, DHCP assigned a valid IP Address, ping ok from all devices to all interfaces and internet, but the balloon, icon and message persists, I tried disabling DNS resolver and enabling DNS forwarder. The result: The network icon went back to its normal state, the "no internet connection" message dissapeared, the balloon was still there, but, when I tried to navigate… an error screen shows on every site, no matter if its allowed, denied or Whithelisted on SquidGuard (screenshot attached). I disabled DNS forwarder and enabled dns resolver, the icon became yellow again with all their messages... the error screen came to stay :c, now I cannot browse, again, but I can do a succesfull PING to any ip address from both, the "server" and the PC connected to it.
    Now I'm going to keep looking for the answer, but if someone of you can help me, I would be very gratefull.

    Regards and Thanks in advance!



  • Hi,

    Redo the setup - activate the Captive portal, but, this time, do not 'pollute' your pfSEnse with this:

    squid3+Squidguard instaled and enabled, enabled http & https proxy (man in the middle) on squid, set a blacklist from shallalist.de and a pair of target categories with some domains on Squidguard (so it runs with no issues even after a reboot).

    I bet your conclusion will be : "hey, all is well now."

    Just ONE question:
    How does 'Windows' test if it has a 'valid' Internet connection ?
    and
    How do you know that Squid & Company isn't dropping these tests ??

    You get my point ?



  • Hi, thank you for your fast response.
    There is some points that aren't clear enough to me, maybe I didn't express myself well, or maybe this are necessary steps but I don't get how them works… yet

    I was thinking on redoing the setup anyways but, why do I need to activate Captive portal?
    @chidgear:

    I don't need captive portal, so I didn't configured any of it.

    Second, I agree that Squid3 and Squidguard (and al their configurations) could be doing some mess but, without them (or some similar modules/functions) then the need of installing pfSense becomes null, because what I need is a firewall, yes, but also a gateway able to filter websites in order to only certain domains can be accessed so, I need a method to filter http and https requests. If you have a better suggestion or method of how to accomplish this, I'll be happy to hear read it.

    About your Questions
    1.- I really don't know how windows test if it has a valid internet connection, but I guess that it has to be with a couple of tests on their interfaces (ip and ports)
    2.- Really, I'm not sure, I've read something about the logs, but this my first experience with FreeBSD and pfSense as well, so I'm no used to read them and understand the info (yet).

    3.- Well, after writing all of this, I think I got your point (but to be clear I'll write it here). my problem resides not in a captive portal missconfiguration, as I thought on the beggining, It is more factible that my problem rests on the functions of Squid3+Squidguard meaning that, maybe, they are dropping packages.

    If that's so… then I was looking under the wrong rock XD. I will start to do some research about Squid3 and its behavior.

    Thank you Gertjan, again. If you have some time (and this topic was not closed/moved by then) please, answer my questions, as a begginner I want to know what lead you to give me that answer. Regards!

    Edit:----------------------------------------

    I've found th trouble (not the solution, but the trouble). If I disable the Squidguard, then the connecion comes back to its normal state, so... the problem is, indeed, Squid/squidguard.

    Sorry for the trouble, if any admin reads this, could you please move this topic to where it belongs?
    Thanks



  • @chidgear:

    1.- I really don't know how windows test if it has a valid internet connection, but I guess that it has to be with a couple of tests on their interfaces (ip and ports)

    Read this: http://blog.superuser.com/2011/05/16/windows-7-network-awareness/

    However, I turned it off, and removed the red cross on the network icon in the systray. It never worked for me. And I don't need windows to tell me I have no internet connection. It still does try to tell me, but everything works.
    It's just one of those things windows is very stubborn with.



  • Hi!
    Thank you for your response SisterOfMercy. Today I've read your reply and the post, and tried the following:
    On Proxy Filter (Squidguard) -> Target Categories
    I've created a new category called "white_list" (I didn't used "whitelist" to avoid future mistakes) and added the following domains:

    msftncsi.com
    131.107.255.255
    

    also added to the regular expression box the following:

    msftncsi
    

    saved the changes, applyed the config on General Settings and tried (disconnect the cable and reconnect)

    The result?

    The network icon displayed a yellow triangle for an instant, but then the triangle dissapeared and now all is completely all right!

    So thank you all for your help, I've added the text "[SOLVED]" at the topic's tittle so it can be helpful to others.

    Greetings and thank you again!  ;D