I am unable to open some websites.
Background:
- Have a PPPOE from a local ISP that hands out pvt IP addresses for WAN (they use CGNAT)
- Some websites: jbl.com retail.onlinesbi.com pioneer-india.in atlassian.com and MANY MORE Do not open.
browser says "ERR_TIMED_OUT"
However, if I directly plug the ISP into my laptop (via ethernet) and dial PPPoE all websites work!
This leads me to believe the problem is with OPNsense. This problem began about 10days ago I guess.
Things i've tried so far / diagnostics
- Reset to factory default
- Updated to the latest OPNSense version
- Made sure "block private/bogon networks" is NOT checked.
- No rules that block any of these things. Infact no rules at all except the default allow rules
- running a traceroute from both scenarios (via opensense and directly on the laptop using PPPoE) yield the same results, so its not a routing issue from the ISP or whatever.
- IPv6 configuration type is set to "None" in both LAN/WAN interfaces
- Disabled the ipv6 gateway WAN_GW that is automatically created when PPPoE is connected.
- Ensured the only ipv4 gateway is set as default
- no static route entries or any entires that show anything out of the norm.
- Also noticed, if I use a VPN program on my phone/pc, I am able to open all those websites.
So why would it work via VPN (via opnsense)
and why would it work when ISP is directly plugged in to my laptop with PPPoE
but NOT work via a factory default opnsense?
Thanks! Spent hours on this but to no avail.
Could you try entering a value of 1492 into
Interfaces --> LAN --> MSS Field?
HTH,
Patrick
Quote from: pmhausen on October 12, 2020, 01:11:25 PM
Could you try entering a value of 1492 into
Interfaces --> LAN --> MSS Field?
HTH,
Patrick
I did. No change. :(
As you are doing double NAT here try 1472 for MTU on the LAN side
Quote from: Gauss23 on October 12, 2020, 02:39:40 PM
As you are doing double NAT here try 1472 for MTU on the LAN side
1) NO. There's no double nat. its a simple pppoe connection.
Doesn't work.
IT WORKS ON THE WAN SIDE!!
I PUT MTU 1472 ON WAN and it works!
Can someone explain the why behind this?
@Gauss23 Thanks A LOT!
As I said, it´s double NAT. The OPNsense is doing NAT and your carrier is doing NAT, too. Something about the MTU sizes may have changed in the last days on the carrier side.
When UDP packets exceed this size the problems start. Mostly DNS queries will fail, if the answer is too big.
Quote from: Gauss23 on October 12, 2020, 02:52:01 PM
As I said, it´s double NAT. The OPNsense is doing NAT and your carrier is doing NAT, too. Something about the MTU sizes may have changed in the last days on the carrier side.
When UDP packets exceed this size the problems start. Mostly DNS queries will fail, if the answer is too big.
I didn't take into consideration the CGNAT that the ISP is doing + My NAT
The weird part is that for over 2 years this was working perfectly with no custom settings like the one you mentioned. ???
Maybe they changed some hardware over at the ISP end?