OPNsense Forum
Archive => 21.7 Legacy Series => Topic started by: shade73 on November 23, 2021, 12:19:28 pm
-
Hello,
I am not sure it because of OPNsense but i have a specific website I can not open. I have 2 site both running OPNsense and both sites can not open this website.
I think it is related to the fiber connection, but to be sure other OPNsense users do not have the same issue will some of you try and se if you can open www.hesk.com through a OPNsense controlled internet.
Thanks in advance.
-
This issue may be related to the DNS server or a system like pihole that's configured to block various types of sites such as remote desktop support.
-
One site has google dns and the other cloudflare dns, so no blocks.
Do you have OPNsense, and can you open the mentioned website?
-
A default OPN installation does not have any blocks to any sites. It is just a router/firewall. The ability to allow/deny traffic to a site is done with optional setups i.e. blocklists, rules, etc.
It is something particular to your setup or your service provider. Try using a packet capture perhaps.
-
I'll add further, you can try using any of the below global DNS servers to validate.
Cloudflare:
1.1.1.1
1.0.0.1
Google:
8.8.8.8
8.8.4.4
Quad 9:
9.9.9.9
OpenDNS:
208.67.222.222
208.67.220.220
-
Maybe you use blocking like ids or something because works for me.
-
had something similar when I switched provider. I went from a PPoE vdsl system to a straight DHCP/DHCP6 fibre connection. Turned out in my case it was down to MTU. Couple of checks, can you ping the website from Opnsense, does the name resolve. If the name does resolve but ping doesn't work, use traceroute to see where it gets stuck. Do a ping MTU test to check the MTU as well, instructions here: https://kb.netgear.com/19863/Ping-Test-to-determine-Optimal-MTU-Size-on-Router (https://kb.netgear.com/19863/Ping-Test-to-determine-Optimal-MTU-Size-on-Router)
-
I don't know what the site is and I'm on a work machine, so not a chance of me following an unknown link.
However a traceroute from OPN shell stops at 173.192.118.143
-
The site is in the first message, www.hesk.com, that resolves to ipv4 108.168.192.2, doesn't resolve when using ipv6.
-
The site is in the first message, www.hesk.com, that resolves to ipv4 108.168.192.2, doesn't resolve when using ipv6.
If this is for me marjohn56, I did see it. I'm saying that I won't click on an unknown (to me) link on a work browser.
And yes it resolves to that ipv4 ip address but my traceroute doesn't get to it, stops on that hop I mentioned.
-
Strange thing for me is that sometimes I can load the site and other times I cant so its like the site works sometimes. I noticed because on checking again after it worked first time I suddenly couldnt access it. now its working again.
-
Replying to the OP, not you in particular. ;)
-
Strange thing for me is that sometimes I can load the site and other times I cant so its like the site works sometimes. I noticed because on checking again after it worked first time I suddenly couldnt access it. now its working again.
Can confirm, first time I tried to ping it, nada, second time OK, so it may be flakey routing somewhere out there.
-
Thank you all for good input :)
I have tried it all, and then contacted my internet provider that also did not find anything wrong so next step was to contact the site owner. It turns out that my IP (and the other IP tested from) was part of a large network block that his provider had set up.
So now it works again.