-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Devices Unable to Access certain sites on WiFi Guest or WiFi IoT #48
Comments
Sounds like your devices are not accessing DNS. I assume you have port 53 enabled in your GUEST-LOCAL ruleset. Might be best to post a sanitised configuration so we can see how your DNS and firewall are configured. |
Typically, if some sites work, and some sites don't work, that is because of a PPPOE connection. Look at section 5 and check out the links about changing the MSS and/or MTU settings. Might try them even if you don't have a PPPOE connection. One of those links may have a debugging method, don't remember at the moment. First make a config backup. Good Luck. |
Thank you Mike. I don't have a PPPOE, but I tried the combinations. No luck. I will post what GeoffWy suggested. |
GeoffWy, firewall { /* Warning: Do not remove the following line. / |
Not got time to look in detail at the moment but in you DNS rule you seem to have source group enabled but with no group set. Not sure if this would cause the rule to fail or not. group {} |
Thanks GeoffWy. I added OpenDNS servers group to that rule and it did not work. Basically Wired IoT, WiFi IoT, WiFi Guest or WiFi Spare do not allow many sites, amongst them Microsoft.com, amazon.com. My Wired IoT and Wifi IoT are coalesced per the guide. In the case of amazon I get a Firefox error "www.amazon.com has a security policy called HTTP Strict Transport Security (HSTS), which means that Firefox can only connect to it securely. You can’t add an exception to visit this site." For Microsoft.com I get a Cisco OpenDNS screen saying site block due to content filtering. I just discovered GitHub.com does not work either, because it cannot establish a secure connection. |
I compared my reference config file against the GitHub published config file, no difference. Your config file has an inserted "?" on the following line "dns-server 208.67.220.220". That is inside the section "shared-network-name WifiGuestDHCP". You might want to re-config that section. |
I configured my system some time ago based on a much earlier version of Mike's guide (thanks Mike), but and I have modified it a lot, so I don't do some things quite the same way as Mike. There some things that puzzle me about the firewall rules in your config.
Not sure if any of this will solve your problem though! Another further thought - is the device you are using to test holding on to a previous dhcp configuration? Can you check which dns servers it is actually trying to use? |
Thank you very much, Mike for the amazing guide. You have made low cost, secure and flexible networking for those with minimal networking skills - like me.
Knowing you have spent a lot of time on the Guide and fielding questions from users, I tried for hours and hours to see if I could figure out the solution to the problem, but I give up. I do not believe this is an "issue" but ignorance on my part. Background, I have an EdgeX router, loaded with your latest configuration and a UniFi AP.
The problem is certain sites do not load using a computer or IoT devices cannot communicate with a website. Google.com and yahoo.com load fine. When trying to reach microsoft.com I receive a cannot communicate with server error; amazon.com I receive an invalid security certificate.
Thank you or others in advance for any help.
bestcea
The text was updated successfully, but these errors were encountered: