Unable to access some https websites.



  • I'm trying out pfSense as an alternative to an OpenBSD based setup, I have a PPPoE WAN configuration.

    Some sites such as https://twitter.com fail to load and I thought it might be to do with the WAN MTU, I've tried changing this to 1492 and 1452 but it makes no difference, I've also followed the suggestions here https://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites to no avail.

    The pf configuration seems to be the same as my OpenBSD box as does PPPoE.
    Any suggestions?



  • Could you post a WAN packet capture for ports 443, and 53 TCP & UDP when trying to browse to https://twitter.com/ .  That may give some clues as to why?  My first guess is DNS name resolution failure.

    Able to ping twitter.com ?



  • It's definitely not a DNS issue, twitter.com resolves fine and I can ping it.
    Packet capture here https://dl.dropboxusercontent.com/u/249827/packetcapture.cap



  • Have you verified that 185.45.5.43 is a correct Twitter address?  I doesn't resolve back to Twitter for me.  In fact it doesn't resolve back to anything for me.

    C:>nslookup 185.45.5.43
    Server:  pfSense.localdomain
    Address:  192.168.2.1

    *** pfSense.localdomain can't find 185.45.5.43: Non-existent domain

    C:>

    Here Twitter resolves to these addresses using DNS Resolver and root servers.
    C:>nslookup twitter.com
    Server:  pfSense.localdomain
    Address:  192.168.2.1

    Non-authoritative answer:
    Name:    twitter.com
    Addresses:  199.59.148.82
              199.59.148.10
              199.59.150.7
              199.59.149.230

    C:>



  • It looks good to me and I'm also using the same resolver on my OpenBSD router where twitter.com displays fine:

    leiter% drill -T twitter.com
    com.	172800	IN	NS	h.gtld-servers.net.
    com.	172800	IN	NS	i.gtld-servers.net.
    com.	172800	IN	NS	l.gtld-servers.net.
    com.	172800	IN	NS	e.gtld-servers.net.
    com.	172800	IN	NS	m.gtld-servers.net.
    com.	172800	IN	NS	g.gtld-servers.net.
    com.	172800	IN	NS	c.gtld-servers.net.
    com.	172800	IN	NS	j.gtld-servers.net.
    com.	172800	IN	NS	d.gtld-servers.net.
    com.	172800	IN	NS	b.gtld-servers.net.
    com.	172800	IN	NS	a.gtld-servers.net.
    com.	172800	IN	NS	f.gtld-servers.net.
    com.	172800	IN	NS	k.gtld-servers.net.
    twitter.com.	172800	IN	NS	ns1.p34.dynect.net.
    twitter.com.	172800	IN	NS	ns2.p34.dynect.net.
    twitter.com.	172800	IN	NS	ns3.p34.dynect.net.
    twitter.com.	172800	IN	NS	ns4.p34.dynect.net.
    twitter.com.	30	IN	A	185.45.5.32
    twitter.com.	30	IN	A	185.45.5.43
    twitter.com.	86400	IN	NS	ns1.p34.dynect.net.
    twitter.com.	86400	IN	NS	ns3.p34.dynect.net.
    twitter.com.	86400	IN	NS	ns2.p34.dynect.net.
    twitter.com.	86400	IN	NS	ns4.p34.dynect.net.
    

Log in to reply