OPNsense Forum
Archive => 19.1 Legacy Series => Topic started by: fiterzs on March 13, 2019, 07:42:12 am
-
Why are some websites especially slow to open, and sometimes can not open the site (such as Google,facebook, Google drive,Gmail) etc
But some time is normal, I used two ISP links, I think this is probably the problem of DNS, but I do not know how to troubleshoot, please help me, thank you very much!thank you very much!
-
Interfaces : LAN ... set MSS to 1300
-
Thank you for your reply, but it doesn't seem to work. Are there any other possibilities?
-
Then your first DNS server is not responding
-
Yes, I think it is the DNS problem. I did not add DNS rules into the firewall rules.
(feeling added doesn't help)?
-
My first DNS is 8.8.8.8 using Gateway line 1
The second DNS 8.8.4.4 using gateway line 2
-
Your clients have 8.8.8.8 as DNS or the Firewall?
-
yes my computer us 8.8.8.8
-
Ok, then just use 8.8.4.4 and see if it's faster.
-
HI mimugmail
Thank you for your help. I have tried to use 9.9.9.9 in both the client and the server, but there is still no improvement, especially the Google service access is very slow
-
After research, I think it may be the problem of HTTPS. I only use NAT strategy. Why does this happen?
-
try turning IPV6 off on the LAN side and see if that helps? I had this exact same problem and had to Disable IPV6 on LAN and it resolved my issue, I haven't spent time trying to troubleshoot it beyond that.
-
I've turned off IPV6 and it's the same thing
-
I noticed this same issue on my Hyper-V setup. I have since swapped back to 18.7
One other thing that oddly stood out is that after upgrading to any 19.1.x version, which may be directly related to this exact issue you mentioned. I noticed the default deny rule going crazy on the firewall. I saw way more red traffic on my firewall logs live view than on 18.7 without changing a single thing other than upgrading. Something is blocking traffic that shouldn't be. A lot of it was regular LAN to WAN outbound when there is specifically a allow LAN to any default rule on the LAN network in the firewall rules. I was confused and didn't want to waste time troubleshooting, so I just swapped back the VHDX backup I made of the virtual hard disk before I did the 19.1.x upgrade. Note: this is my second time trying... saw same issue on 19.1.0 and on 19.1.3. Haven't tried .4 yet.
On a side note: I also noticed an issue with my Private Internet Access VPN client being assigned to a secondary LAN network (own IP scope different from primary LAN, a DMZ if you will). The default gateway was not working for that VPN connection. It would show VPN up, but dpinger would show the gateway as down 100% on the dashboard, and no clients in that subnet had any internet access. So I am sure something is going on with the firewall somewhere someway.
-
I also feel confused, do not know what reason is caused
-
Fixed in 19.1.4:
o firewall: fix validation regression in outbound NAT introduced in 19.1.3
-
I UP TO 19.1.4.
The problem feels like it's still there, and I only have one NAT policy that allows all of those
-
21/5000
The reason was found. Is the superior router configuration problem, thanks All
-
Glad you have it sorted but just wonted to say that i had issues with HTTPS websites like google and duckduckgo but it turns out that unticking block bogon networks worked for me however i have no idea if is because i have a ISP VDSL2 router within 192.168.50.0/24 subnet what is behind the opnsense box and it seems that my VDSL2 ISP router is broadcasting multicast on LAN for IPTV.