Hi,
I’m having some strange issues with my PFsense install.
I get issues trying to access some websites.
Chiefly Amazon.co.uk and the BBC.
I almost always get a “Error connection timed out” message.
Other times it will work just fine. I’m sure the problem affects other sites but just seems to be less of an issue. Things like Youtube / Facebook / Outlook etc all work just fine.
I’ve tried setting the MTU on the router but this didn’t see to have any effect.
I have however attached that files to see if it helps diagnose the issue.
This is effecting any device that goes through my home network so isn’t isolated to just one PC.
Any ideas that I can try?
I’d like to avoid resetting my router install as I had to do some setting up to get the VPN and port forwarding working.
Pinging www.amazon.co.uk [192.0.0.2] with 32 bytes of data:
192.0.0.2 is not a valid IP for Amazon so it appears you have a DNS issue. Does it also resolved to this IP if you use Diagnostics > DNS Lookup in the pfSense UI?
Can you open a command prompt and run the following commands? Want to verify that the incorrect name resolution is coming from your pfSense DNS and the issue still exists before digging in deeper.
Pinging amazon.co.uk [54.239.34.171] with 32 bytes of data:
Reply from 54.239.34.171: bytes=32 time=23ms TTL=234
Reply from 54.239.34.171: bytes=32 time=19ms TTL=234
Reply from 54.239.34.171: bytes=32 time=19ms TTL=234
Reply from 54.239.34.171: bytes=32 time=19ms TTL=234
Ping statistics for 54.239.34.171:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 19ms, Maximum = 23ms, Average = 20ms
Hmmm… everything is resolving correctly. You’re not having the same issue I saw in your log file. And if you browse to Amazon right now do you still get a timed out error?
The only other simple suggestion I have would be to remove the 103.86.9x.100 DNS servers and then restart your DNS resolver service.
Then my next suggestion gets a bit technical. If it were me I’d do a packet capture on your Windows machine using Wireshark (capture filter port 53) and see if your queries are timing out.
And do the same in pfSense under Diagnostics > Packet Capture to see if you’re having issues talking to your upstream DNS servers. Interface WAN, Any IP, and Port 53.
Sorry, wish I had something simpler to suggest. Maybe someone else can chime in with an easier way to diagnose your DNS issues.
I appreciate the help.
My only concern is that the 103 DNS Servers are linked to the VPN so “shouldn’t” affect the WAN or so my limited knowledge would tell me.
It’s just if I turn those off then I won’t be able to use my VPN. Which is fine for the short term but not long.
Typically I just tried the packet capture on bbc.co.uk and then it started loading correctly.