Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Unable to access some https websites.

    General pfSense Questions
    2
    5
    1.2k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      giannidoe
      last edited by

      I'm trying out pfSense as an alternative to an OpenBSD based setup, I have a PPPoE WAN configuration.

      Some sites such as https://twitter.com fail to load and I thought it might be to do with the WAN MTU, I've tried changing this to 1492 and 1452 but it makes no difference, I've also followed the suggestions here https://doc.pfsense.org/index.php/Unable_to_Access_Some_Websites to no avail.

      The pf configuration seems to be the same as my OpenBSD box as does PPPoE.
      Any suggestions?

      1 Reply Last reply Reply Quote 0
      • N
        NOYB
        last edited by

        Could you post a WAN packet capture for ports 443, and 53 TCP & UDP when trying to browse to https://twitter.com/ .  That may give some clues as to why?  My first guess is DNS name resolution failure.

        Able to ping twitter.com ?

        1 Reply Last reply Reply Quote 0
        • G
          giannidoe
          last edited by

          It's definitely not a DNS issue, twitter.com resolves fine and I can ping it.
          Packet capture here https://dl.dropboxusercontent.com/u/249827/packetcapture.cap

          1 Reply Last reply Reply Quote 0
          • N
            NOYB
            last edited by

            Have you verified that 185.45.5.43 is a correct Twitter address?  I doesn't resolve back to Twitter for me.  In fact it doesn't resolve back to anything for me.

            C:>nslookup 185.45.5.43
            Server:  pfSense.localdomain
            Address:  192.168.2.1

            *** pfSense.localdomain can't find 185.45.5.43: Non-existent domain

            C:>

            Here Twitter resolves to these addresses using DNS Resolver and root servers.
            C:>nslookup twitter.com
            Server:  pfSense.localdomain
            Address:  192.168.2.1

            Non-authoritative answer:
            Name:    twitter.com
            Addresses:  199.59.148.82
                      199.59.148.10
                      199.59.150.7
                      199.59.149.230

            C:>

            1 Reply Last reply Reply Quote 0
            • G
              giannidoe
              last edited by

              It looks good to me and I'm also using the same resolver on my OpenBSD router where twitter.com displays fine:

              leiter% drill -T twitter.com
com.	172800	IN	NS	h.gtld-servers.net.
com.	172800	IN	NS	i.gtld-servers.net.
com.	172800	IN	NS	l.gtld-servers.net.
com.	172800	IN	NS	e.gtld-servers.net.
com.	172800	IN	NS	m.gtld-servers.net.
com.	172800	IN	NS	g.gtld-servers.net.
com.	172800	IN	NS	c.gtld-servers.net.
com.	172800	IN	NS	j.gtld-servers.net.
com.	172800	IN	NS	d.gtld-servers.net.
com.	172800	IN	NS	b.gtld-servers.net.
com.	172800	IN	NS	a.gtld-servers.net.
com.	172800	IN	NS	f.gtld-servers.net.
com.	172800	IN	NS	k.gtld-servers.net.
twitter.com.	172800	IN	NS	ns1.p34.dynect.net.
twitter.com.	172800	IN	NS	ns2.p34.dynect.net.
twitter.com.	172800	IN	NS	ns3.p34.dynect.net.
twitter.com.	172800	IN	NS	ns4.p34.dynect.net.
twitter.com.	30	IN	A	185.45.5.32
twitter.com.	30	IN	A	185.45.5.43
twitter.com.	86400	IN	NS	ns1.p34.dynect.net.
twitter.com.	86400	IN	NS	ns3.p34.dynect.net.
twitter.com.	86400	IN	NS	ns2.p34.dynect.net.
twitter.com.	86400	IN	NS	ns4.p34.dynect.net.
              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.