Cannot access facebook.com using opnsense.

Started by Siarap, March 07, 2025, 11:46:42 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
March 08, 2025, 03:48:30 PM #15
Quote from: meyergru on March 08, 2025, 03:07:25 PM
Quote from: Siarap on March 08, 2025, 01:51:49 PMI have no problems with dns when i disable unbound blocklists like i said it not helping at all with facebook. Domains are resolved properly you just not read properly. Path mtu may not work properly when icmp is not allowet on wan address (i allowed it already). On mikrotik there is no path mtu discovery but you can clamp mss like this: https://davidstein.cz/2024/10/17/fixing-website-access-issues-with-mikrotik-mss-clamping/ You can test pmtud on this site: http://pmtud.enslaves.us/ Pmtu on opnsense is enabled by default.

1. And as I wrote, your DNS answer from your previous test with DNS blocking on (namely 0.0.0.0) will have been cached locally, so that host and nslookup may work after disabling it, but your browser does not neccessarily have to.

2. Just for the record and if you did not catch my drift: By using that PMTUD test site, you are testing exactly one specific path through the internet, namely the one between you and that site. And as I also wrote, that says nothing about your path to other sites, expressly to Facebook, which is known to have problems in that area, which I told you in my first answer. To quote that site:

Quotewhich is hopefully indicative of your experience with PMTUD in general.

You can see what MSS your setup can handle by looking at the maximum mss size reported by the test site. If it is below 1460, you will either have to make your LAN MTU size smaller or tune your WAN MTU.


It was no dns. Because when i disabled unbound blocklists i rebooted my pc an opnsense for sure there is no dns cache anywhere. After that checked do the pages are resolved properly and it was resolved. And still facebokk dosent work. Even tried default opnsense setinngs.

Now i think this is realtek hardware/driver related. Facebook dont works on opnsense installed Firebat T8 Plus mini pc with dual realtek nic. Now installed opnsense in HP Elite Desk 800 G2 SFF with intel i350-T2 nic, and everything works fine. Both machines SAME setting DIFFERENT hardware.

NEVER AGAIN realtek.
March 08, 2025, 04:07:18 PM #16
There is a plugin called os-realtek-re with a vendor driver that help in some cases. What is your actual maximum MSS as diagnosed by http://pmtud.enslaves.us/, then?
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 770 up, Bufferbloat A
March 08, 2025, 04:13:02 PM #17
Quote from: meyergru on March 08, 2025, 04:07:18 PMThere is a plugin called os-realtek-re with a vendor driver that help in some cases. What is your actual maximum MSS as diagnosed by http://pmtud.enslaves.us/, then?

Tests was made with realtek vendor driver. My current max mss is 1460 at download and 9000 at upload with stock opnsense settings.
Print
Go Up Pages 1 2
User actions