Unable to access some https websites.

  • I'm trying out pfSense as an alternative to an OpenBSD based setup, I have a PPPoE WAN configuration.

    Some sites such as https://twitter.com fail to load and I thought it might be to do with the WAN MTU, I've tried changing this to 1492 and 1452 but it makes no difference, I've also followed the suggestions here https://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites to no avail.

    The pf configuration seems to be the same as my OpenBSD box as does PPPoE.
    Any suggestions?

  • Could you post a WAN packet capture for ports 443, and 53 TCP & UDP when trying to browse to https://twitter.com/ .  That may give some clues as to why?  My first guess is DNS name resolution failure.

    Able to ping twitter.com ?

  • It's definitely not a DNS issue, twitter.com resolves fine and I can ping it.
    Packet capture here https://dl.dropboxusercontent.com/u/249827/packetcapture.cap

  • Have you verified that is a correct Twitter address?  I doesn't resolve back to Twitter for me.  In fact it doesn't resolve back to anything for me.

    Server:  pfSense.localdomain

    *** pfSense.localdomain can't find Non-existent domain


    Here Twitter resolves to these addresses using DNS Resolver and root servers.
    C:>nslookup twitter.com
    Server:  pfSense.localdomain

    Non-authoritative answer:
    Name:    twitter.com


  • It looks good to me and I'm also using the same resolver on my OpenBSD router where twitter.com displays fine:

    leiter% drill -T twitter.com
    com.	172800	IN	NS	h.gtld-servers.net.
    com.	172800	IN	NS	i.gtld-servers.net.
    com.	172800	IN	NS	l.gtld-servers.net.
    com.	172800	IN	NS	e.gtld-servers.net.
    com.	172800	IN	NS	m.gtld-servers.net.
    com.	172800	IN	NS	g.gtld-servers.net.
    com.	172800	IN	NS	c.gtld-servers.net.
    com.	172800	IN	NS	j.gtld-servers.net.
    com.	172800	IN	NS	d.gtld-servers.net.
    com.	172800	IN	NS	b.gtld-servers.net.
    com.	172800	IN	NS	a.gtld-servers.net.
    com.	172800	IN	NS	f.gtld-servers.net.
    com.	172800	IN	NS	k.gtld-servers.net.
    twitter.com.	172800	IN	NS	ns1.p34.dynect.net.
    twitter.com.	172800	IN	NS	ns2.p34.dynect.net.
    twitter.com.	172800	IN	NS	ns3.p34.dynect.net.
    twitter.com.	172800	IN	NS	ns4.p34.dynect.net.
    twitter.com.	30	IN	A
    twitter.com.	30	IN	A
    twitter.com.	86400	IN	NS	ns1.p34.dynect.net.
    twitter.com.	86400	IN	NS	ns3.p34.dynect.net.
    twitter.com.	86400	IN	NS	ns2.p34.dynect.net.
    twitter.com.	86400	IN	NS	ns4.p34.dynect.net.

Log in to reply