Jump to content
Not connected, Your IP: 3.144.99.39

Recommended Posts

I am using AirVPN's DNS for a while already on my pfsense router but I find that some websites do not get resolved, for example ipleak.net.

Can anybody confirm this?

Share this post


Link to post

Yes I did the basic setup according to the instructions there. But if I simply exchange Air's DNS with a free one like 8.8.8.8 it works flawless - without any other changes to pfsense!

So I am really not sure if it is related to pfsense...

Share this post


Link to post

I've also seen this behavior.  In the past, ipleak.net worked normally for me, but it recently started resolving very, very slowly.  Tracert showed many timeouts.  It always loaded eventually, but took a long time.  Today ipleak.net is loading normally for me, so hopefully the issue has been resolved.

 

The other website that I have problems with is www.airvpn.org.  I've been able to work around it by using the alternate www.airvpn.info. 

Share this post


Link to post

Yes what the problems you both described is exactly what I get with the new pfsense 2.3 guide, web page loading erratic, ipleak is the biggest culprit.

Other air servers appear to be better or more reliable but it appears it catches up and can become unstable.

 

I have tried different dns(even googles 8.8.8.8 one and not airdns, different servers and even unchecked the 4 dnssec options at the bottom of the dns resolver section on the new guide

(which is meant to stop dns sec) and fix website issues, but not really any joy, its a bit better but still unstable after a few hours or 2 days.

 

You can also try this tweek

 

https://192.168.1.1/system_advanced_sysctl.php

 

create four new tunables:

 

dev.igb.0.eee_disabled

dev.igb.1.eee_disabled

dev.igb.2.eee_disabled

dev.igb.3.eee_disabled

 

Change the value on each to 1

 

Let me know if this helps your ability to access air site, ipleak site or improve other sites not loading fully ?

 

Have you both also tried to redo the guide going tick by tick again ? I have done it at least 12 times..... with exact similar instability website results, ipleak being a main culprit, even with dnssec off and iptables tweak. Will keep trying and playing around with stuff when I get a chance.

Share this post


Link to post

The "EEE" or Energy Efficient Ethernet tweak has nothing to do with DNS. It can cause issues with DHCP though.

 

I too have had intermittent access to ipleak.net. I have chalked it down to using DNSSEC in combination with Air's DNS servers.

 

Turning DNSSEC completely off and letting the system DNS cache enough time to clear fixes it, as does using another DNS Server.


Have my guides helped you? Help me keep helping you, use my referral: userbar.png

How to set up pfSense 2.3 for AirVPN

Friends don't let friends use consumer networking equipment!

Share this post


Link to post

How did you disable DNS sec ?

 

I have mine disabled via DNS resolver section here:

 

DNSSEC = [ ] (CHECKED)

 

I just unticked mine, saved and rebooted also flushed my dns but ipleak does not load correctly all the time and getting that 2nd dns to show never really does. Even google DNS 8.8.8.8 under general setup makes no difference to myself or ipeak site, also tried several air servers with similar results.

 

So its am curious as to how people got ipleak working fine with just a simple dns change, or disabling dnssec since I think that is the key to getting better stability with the new 2.3, or at least I think.

 

I have been told there are more DNS SEC options to switch off so will update if I get more info.

Share this post


Link to post

Yes that is where it can be disabled. So did I. But I checked now and still DNS problems.

Next I will try different Servers to check if that might be related to it.

 

PS: The DNS problems occured also in earlier versions of pfsense. I even opened a support ticket more than a year ago but the issue still remain.

Share this post


Link to post

yesterday I twice saw a temporary glitch with DNS while connected to Auva.  For a few minutes DNS lookup just didn't work.  Then, suddenly it worked.

 

I don't know about the problems in this thread but I don't think mine has anything to do with my setup.  Also of concern is that I noticed it twice all day but it could have happened more times and I didn't happen to notice.

 

pfsense 2.3.1 and using DNSSEC as setup from the guide.

Share this post


Link to post

The symptoms you are described pretty much sounds similar to mine, I too can get erratic performance across the board with websites not loading.

 

But ipleak is the one that gives the most trouble, sometimes will load or not, but I believe disabling that one DNSsec option is not the only option there maybe more options to disable will hopefully find out soon.

 

Trying other servers has been hit and miss for me some servers had ipleak working and others not so much but from what I can tell once dns sec is fully switched off properly it should hopefully fully work. I never had these type of dns errors on the previous guide though that was very rock solid but this was with 2.2.2 build and the original 2.1 guide.

Share this post


Link to post

Been tinkering it a bit more and unchecked "Experimental Bit 0x20 Support" under DNS resolver here:

https://192.168.1.1/services_unbound_advanced.php

 

I now have ipleak loading successfully with detected dns working fine, also dnsleak site works fine with both standard and extended test working ok. All websites appear to load nice and fast especially ipleak, but I will see if its stable and reliable that I have to test over the next day or 2.

 

This is with ;

 

DNS set to 10.4.0.1-under general settings

DNSSEC -unchecked under resolver settings

Experimental bit 0x20- unchecked under resolver settings

 

Doubt its a fix for you guys but not sure maybe give it a try and disable Experimental Bit 0x20 Support ?

Share this post


Link to post

I disabled DNSSEC on the DNS Resolver and it fixed the problem getting airvpn.org to resolve.  Unfortunately, it still has problems with ipleak.net.  Sometimes it works, sometimes it doesn't.  I'm using two VPN_WAN connections in a multi-wan configuration (right now connected to Metallah and Dschubba).  I wonder if the variable success I see is related to which server it happens to connect through each time?  I'll watch that and see if I can identify a trend of it working with one server, but not the other.

 

I have the following settings:

DNS set to 10.4.0.1 and 10.6.0.1 under general settings (I'm using two VPN_WAN connections in a multi-wan configuration).

DNSSEC - unchecked under resolver settings

DNS Query Forwarding - unchecked under resolver settings

Harden DNSSEC data - unchecked under advanced settings

Experimental bit 0x20 - unchecked (I've never had this one checked)

Share this post


Link to post

IPleak was acting sluggish and slow to load in the late evening for me, but its nice and fast again this morning so I seem to be on the same page as most.

 

Diver: DNS Query Forwarding - unchecked under resolver settings, have you tried to leave this switched on ? I think its important and maybe not related to dnssec, try ticking it, save and reboot pfsense. Also flush your DNS and retry ipleak site ?

 

Not sure about the 2 VPN wan connections but given your issues are sounding similar to a few of us you may not be doing anything wrong, you could save your config, and redo it tick for tick with the new 2.3 guide and retry with a single vpn wan just to make sure.

Share this post


Link to post

I had the same behavior with ipleak.net.  Slow to load last night, but acting normally this morning.  I'm just about convinced this isn't related to a pfSense, but is actually caused by something external to us.  I saw the same slow/sluggish loading on both VPN servers I'm connected to so I don't think it is server specific.

 

I've gone back and forth several times with the DNS Query Forwarding setting and honestly can't tell a difference either way.  I'll likely go back to having it unchecked.

Share this post


Link to post

Seems most of us are getting similar issues, so far with using 10.4.0.1, dnssec 'off' and Experimental bit 0x20 'off' so far so good, ipleak can get sluggish but for the most part its fine and displays the detected dns, grc and dnsleak pass all test with no leaks, and more importantly after 2 days websites are working more stable and reliable then before.

 

Port forwarding is however not working even using the old 2.1 guide does not work, but one problem at a time.

 

For me it was that Experimental bit 0x20 bit, anyhow I am told there are other settings that are required to switch off DNSSEC fully and that is the main culprit for the website loading issues like ipleak and others, we just have to have patience since the new 2.3 guide is very new.

Share this post


Link to post

Well after some more days of testing and with the various options mentioned here in this thread disabled, it still not works reliable.

What most people here seeing as a temoirary success caused by the fact that unbound was restarted. Then things work for a while but later DNS problems show up again. As I said before: no problems with other DNS servers running for weeks without any error.

Share this post


Link to post

I have a working pfSense 2.3.1 unit. I have 3 subnets, 2 clear, 1 AirVPN. I excluded unbound from listening queries from VPN clients. I simply put on DHCP (interface using AirVPN) settings AirVPN DNS (10.4.0.1) and set firewall rules accordingly.

This means that each VPN client will ask 10.4.0.1 to resolve, query goes through VPN, it is crypted and I trust on AirVPN....

The other clients surfing clearnet will use unbound with all the security measures, like DNSSEC etc etc.

 

 

Sent from my iPad using Tapatalk


- Router/Firewall pfSense 23.01 (11th Gen Intel(R) Core(TM) i5-11320H @ 3.20GHz)

- Switch Cisco SG350-10

- AP Netgear RAX200 (Stock FW)

- NAS Synology DS1621+ (5 x 5TB WD Red)

- ISP: Fiber 1000/300 (PPPoE)

 

Share this post


Link to post

If the LAN clients only have 10.4.0.1 as DNS server set then they are unable to resolve local hostname - not a good practice.

Even when DNSSEC and Experimental bit 0x20 are disabled I not get pfsense to work properly with Air's DNS in a reliable way.

Some websites like ipleak not get resolved at all, others resolved very slow or need you to hammer the reload button in your browser. Majority works tho.

But if I simply replace the IP of the DNS with a different one everythign works flawless.

Maybe I will switch back https://dns.watch/index

Share this post


Link to post

pfsense_fan did mention using another dns server can fix some of the issues us guys were getting.

 

I have been fine with 10.4.0.1 as my only dns as per the 2.3 new guide, I actually found out I can now leave enabled DNSSEC support under resolver and hardened dnssec data option advanced both ticked and switched ok after 2 days use, it was Experimental bit 0x20 that was causing me to get web sites not resolving and loading correctly and also ipleak and dnsleak test from not working correctly.

 

Can others perhaps try switching off just Experimental bit 0x20 under here:

 

https://192.168.1.1/services_unbound_advanced.php

 

Its at the bottom and leave dnssec under here:

 

https://192.168.1.1/services_unbound.php

 

ticked to on and retry ipleak, dnsleak standard test, let me know if it works or not ?

Share this post


Link to post

Ok well after 2 days of enabling dnssec, 2 sites just stopped loading for me, disabeled both dnssec options and it works fine.

 

Think ill just stick with both dnssec options switched off and experimental code also off at least its working stable and fast then with no ip or dns leaks

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...